Re: [jose] Proposed Agenda for Interim Working Group Meeting

Thanks for putting together this initial proposal, Mike.  I might propose
to organize things a little differently, as I think there are a few major
issues that will drive resolutions to the individual issues in the tracker,
and get us much closer to WGLC.  My list of critical issues right now is:

1. What should be covered by header integrity protection?
2. What should the wrapped key formats be (JWE and stand-alone)?
3. Which fields are required under which circumstances (pre-negotiated /
stand-alone modes)?

I think we could probably spend 2-4 hours on each of those questions, but
if we come to some resolution, then by my count, we would be very close to
resolving issues 4, 5, 6, 9, 2, 13, 14, 15, 16, 17, and 18.  All of those
issues are decided, at least at a high level, by the answers to the above
questions.

Another 4 issues fall under what I'll call "crypto usage issues", namely 3,
8, 11, and 19.

So maybe we could divide the agenda roughly in 4, and have one large
discussion on each of the above topics, with the goal of getting consensus
on some answers to the above questions.

--Richard

On Sat, Apr 13, 2013 at 2:47 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  Knowing that we need to publish an agenda for the interim meeting soon,
> I thought I’d propose a starting point to kick off the agenda discussions.
> My goal is to have us make the most progress possible towards resolving
> open issues.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> MONDAY, APRIL 29****
>
> ===============****
>
> ** **
>
> 9:00-9:30:  Note Well, Introductions, Logistics, Goals, Day 1 Agenda
> Overview – Jim Schaad and Karen O’Donoghue****
>
> 9:30-9:50:  Overview of Recent changes to JWS, JWE, JWK, and JWA documents
> – Mike Jones****
>
>                The goal of this brief session is for attendees to
> understand the changes made and issues addressed by those changes****
>
> 9:50-10:05:  Break****
>
> 10:05-12:00:  Existing Open Issues Session 1****
>
>                The goal of this session, and the other open issues
> sessions, is, for each issue to:****
>
>                               - Identify possible resolutions****
>
>                               - Determine support in the room for each of
> the resolutions****
>
>                               - Determine what specific question(s) to ask
> the working group on the list****
>
>                               - Propose closure of the issue with a
> specific resolution if consensus is apparent****
>
>                                  (with actual closure happening after
> confirming the consensus on the mailing list)****
>
>                - Issue #7:  Algorithm identifiers/parameters incompatible
> with WebCrypto****
>
>                - Issue #11:  Should we use RFC 5116 and remove the JWE
> Integrity Value field?****
>
>                - Issue #12:  Should the x5c field be removed from JWE?****
>
>                - Issue #15:  Should at least one key indicator be
> mandatory?****
>
> 12:00-12:45:  Lunch****
>
> 12:45-2:45:  Existing Open Issues Session 2****
>
>                - Presentation by Richard Barnes on
> draft-barnes-jose-key-wrapping (assuming he’s willing!)****
>
>                - Review by Matt Miller of
> draft-miller-jose-jwe-protected-jwk (assuming he’s willing!)****
>
>                - Issue #13:  Enable AEAD key wrapping****
>
>                - Issue #14:  Support longer wrapped keys than OAEP allows*
> ***
>
> 2:45-3:05:  Break****
>
> 3:05-5:00:  Existing Open Issues Session 3****
>
>                - Issue #4:  Remove wrapped keys from integrity check
> (allow separation of keys from data)****
>
>                - Issue #9:  Should we add a "spi" header field?****
>
>                - Issue #16:  URI identifying a specific key in a JWK set**
> **
>
>                - Issue #17:  Add 'aud' and 'iss' to 4.1 Reserved Header
> Parameter Names****
>
>                - Issue #18:  Address MAC key lifetime concerns****
>
>                - Issue #8:  Direct mode for key agreement needs security
> analysis****
>
> ** **
>
> TUESDAY, APRIL 30****
>
> ==============****
>
> ** **
>
> 9:00-9:20:  Note Well, Day 2 Agenda Overview – Jim Schaad and Karen
> O’Donoghue****
>
> 9:20-10:20:  W3C WebCrypto Coordination****
>
>                Discuss touch points between WebCrypto and JOSE and
> determine feedback to give WebCrypto****
>
> 10:20-10:35:  Break****
>
> 10:35-11:15:  Use Cases****
>
>                Discuss issues with the Use Cases specification and
> possible changes needed****
>
> 11:15-12:00:  Next Steps Session 1 – Status of Key Wrapping Drafts****
>
>                Determine next steps for issues covered in
> draft-barnes-jose-key-wrapping and draft-miller-jose-jwe-protected-jwk****
>
>                In particular, should either become WG drafts?****
>
> 12:00-12:45:  Lunch****
>
> 12:45-1:45:  Next Steps Session 2 – Discuss actions needed to bring JWS,
> JWE, JWK, and JWA to Working Group Last Call****
>
>                The goal of this session is to determine specific steps
> needed to achieve WGLC and assign owners and timelines****
>
> 1:45-2:45:  Next Steps Session 3 – Polls and Consensus Calls****
>
>                Determine specific wording for polls and consensus calls
> needed to gather input on remaining open issues****
>
> 2:45-3:00:  Break****
>
> 3:00-3:20:  Next Steps Session 4 – Next Meetings and Phone Calls****
>
>                Decide when our next meetings will be and at what times to
> schedule recurring WG phone calls****
>
> 3:20-4:00:  Summarize of Next Steps****
>
>                Review next steps, owners, and timelines for those steps to
> occur****
>
> 4:00-5:00:  Other Topics****
>
>                This time is reserved to consider other issues or topics
> that may arise****
>
> ** **
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>