[jose] Proposed resolution of header criticality issue
Karen O'Donoghue <odonoghue@isoc.org> Tue, 12 March 2013 00:31 UTC
Return-Path: <odonoghue@isoc.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4079521F8D10 for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 17:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.82
X-Spam-Level:
X-Spam-Status: No, score=-103.82 tagged_above=-999 required=5 tests=[AWL=-0.556, BAYES_00=-2.599, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m-zb7LA-v1Jd for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 17:31:10 -0700 (PDT)
Received: from smtp176.dfw.emailsrvr.com (smtp176.dfw.emailsrvr.com [67.192.241.176]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6A321F8D09 for <jose@ietf.org>; Mon, 11 Mar 2013 17:31:10 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp7.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id CF2A32583B0 for <jose@ietf.org>; Mon, 11 Mar 2013 20:31:09 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp7.relay.dfw1a.emailsrvr.com (Authenticated sender: odonoghue-AT-isoc.org) with ESMTPSA id 9E4B3258311 for <jose@ietf.org>; Mon, 11 Mar 2013 20:31:09 -0400 (EDT)
Message-ID: <513E774C.6090605@isoc.org>
Date: Mon, 11 Mar 2013 20:31:08 -0400
From: Karen O'Donoghue <odonoghue@isoc.org>
Organization: ISOC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: jose@ietf.org
References: <513E6A73.1090403@isoc.org>
In-Reply-To: <513E6A73.1090403@isoc.org>
X-Forwarded-Message-Id: <513E6A73.1090403@isoc.org>
Content-Type: multipart/alternative; boundary="------------070907060503010507020100"
Subject: [jose] Proposed resolution of header criticality issue
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: odonoghue@isoc.org
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 00:31:12 -0000
Folks, A side meeting was held Sunday with a number of jose working group participants to try to resolve the open issue related to header criticality. The following are the proposed resolutions from the meeting. Point 5 of the proposed resolution below is actually independent of the other 4 points, and could be considered separately. This will all be discussed in Wednesday's meeting. In addition to the text below, there was some agreement to replace the "understand" text with something a bit more explicit like "must process". However, that text has not been rolled into the summary text below yet. Thank you to Jim Schaad, Mike Jones, John Bradley, Nat Sakimura, Martin Thomas, Eric Rescorla, Matt Miller, and Richard Barnes for your efforts (and my apologies if I missed someone). Regards, Karen 1: Change the language "Additional members MAY be present in the JWK. If present, they MUST be understood by implementations using them." to "Additional members MAY be present in the JWK. If not understood by implementations encountering them, they MUST be ignored." (And make the same change for JWK Set as well.) 2: Characterize all existing JWS and JWE header fields as either must be understood or may be ignored. "alg", "enc", and "zip" must be understood. "kid", "x5u", "x5c", "x5t", "jwk", "jku", "typ", and "cty" can be ignored because while not using them may result in the inability to process some signatures or encrypted content, this will not result in a security violation -- just degraded functionality. Other fields such as "epk", "apu", "apv", "epu", and "epv" must be understood and used when "alg" or "enc" values requiring them are used, and otherwise they may be ignored. 3. Define a new header field that lists which additional fields not defined in the base specifications must be understood and acted upon when present. For instance, an expiration-time extension field could be marked as must-be-understood-and-acted-upon. One possible name for this would be "crit" (critical). An example use, along with a hypothetical "exp" (expiration-time) field is: {"alg":"ES256", "crit":["exp"], "exp":1363284000 } 4. All additional header fields not defined in the base specifications and not contained in the "crit" list MUST be ignored if not understood. 5. Define a new header field "asd" (application-specific data) whose value is a JSON structure whose contents are opaque to and ignored by JWS and JWE implementations but for which its contents MUST be provided to applications using JWS or JWE, provided that the signature/MAC validation or decryption operation succeeds. The intended use of this field is to have a standard place to provide application-specific metadata about the payload or plaintext.
- [jose] Proposed resolution of header criticality … Karen O'Donoghue
- Re: [jose] Proposed resolution of header critical… Tim Bray
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Dirkjan Ochtman
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Matt Miller (mamille2)
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- [jose] "crit" strings don't have to be field names Manger, James H
- Re: [jose] "crit" strings don't have to be field … Richard Barnes
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… John Bradley