Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-encryption-33: (with DISCUSS and COMMENT)
"Jim Schaad" <ietf@augustcellars.com> Mon, 06 October 2014 19:06 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F68A1A8897; Mon, 6 Oct 2014 12:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZ0taCZIQeot; Mon, 6 Oct 2014 12:06:28 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9CE11A1A64; Mon, 6 Oct 2014 12:06:28 -0700 (PDT)
Received: from Philemon (173-12-183-193-oregon.hfc.comcastbusiness.net [173.12.183.193]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 7CCA22CA4E; Mon, 6 Oct 2014 12:06:26 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Pete Resnick' <presnick@qti.qualcomm.com>, 'The IESG' <iesg@ietf.org>
References: <20141002142349.17594.90714.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAF0C01@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAF0C01@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Mon, 06 Oct 2014 12:03:49 -0700
Message-ID: <00be01cfe198$481ca870$d855f950$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGCz0WjAdbCQdMP+eApu19XKvW3LwGPbQAVnLDLaoA=
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/ZdEn6Cl1VmHrAyQ3-Xp_FXcpuBg
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, jose-chairs@tools.ietf.org, jose@ietf.org
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-encryption-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 19:06:32 -0000
> -----Original Message----- > From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones > Sent: Monday, October 06, 2014 12:54 AM > To: Pete Resnick; The IESG > Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose- > chairs@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-encryption- > 33: (with DISCUSS and COMMENT) > > Thanks for your review, Pete. I've added the working group so they're aware of > your comments. > > > -----Original Message----- > > From: Pete Resnick [mailto:presnick@qti.qualcomm.com] > > Sent: Thursday, October 02, 2014 7:24 AM > > To: The IESG > > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web- > > encryption@tools.ietf.org > > Subject: Pete Resnick's Discuss on > > draft-ietf-jose-json-web-encryption-33: (with DISCUSS and COMMENT) > > > > Pete Resnick has entered the following ballot position for > > draft-ietf-jose-json-web-encryption-33: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > http://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-encryption/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > There are a bunch of comments here that also apply to JWS. It's a real > > shame you did not factor out what's common between these documents and > > not repeat everything in a slightly different way. I'm sure that there > > will be a change in one document that won't get changed in the other. > > Such is life. > > Where text was previously actually the same, we editorially left in in JWS and > referenced it from JWE some time ago. If there are examples remaining of > duplicated text that you believe should be removed from JWE, please let us > know what they are. > > > 1: Lose the last paragraph. It's not a core goal. Certainly not in the charter. > > Producing a compact URL-safe serialization has always been a core goal. I'm > writing this in an airplane without network access (yes, such places still exist :-) > ) and don't have the actual charter text in front me but I know that Karen > O'Donoghue sent proposed charter text to the IESG a while back that included > the language "using a compact URL-safe representation" because I have a local > copy of the e-mail. Current text is just " The second will be a smaller serialization that can be used in URLs." It is not clear that the paragraph adds value. I am indifferent as to it staying or going. > > 4.1.2: So I want to understand the "MUST reject" as used here. What > > happens if the implementation doesn't reject? Is the decrypt simply > > going to fail (in which case the MUST reject is not helpful), or is there some > attack vector here? > > This was discussed on the telechat and several people were in favor leaving this > language as-is, citing precedents from other RFCs. I believe you said that you > would identify any particular uses that you thought would be problematic. It would be more accurate to say that the decryption would never be able to start than it would fail. This is one of those cases of - I don't support this - should I not "reject" it? > > 5.2: If these things are steps, start with the verb. See 2 below as an > > example, but look at the other steps as well. > > Fair enough. I agree that these should either start with a verb or a condition, > followed by a verb. I'll plan to revise accordingly. > > > 1 - Say what to parse out and refer to section 7. Again, don't > > privilege compact. > > Same answer as for the parallel comment on the JWS spec. > > > 4 could be significantly shortened if you didn't separate the > > serializations. Just make it the union. If some of the members are > > absent (for whatever reason), that's fine. > > I disagree with combining them, as the explanation would be far less clear to > developers. > > > 9-12 seem like they could be combined/refactored in some useful way. > > Same answer as to your comment on 5.1. > > > (I'll also note here that the "recipient" construct is still weird > > to me. It's just a "key owner" or something like that, right?) > > This was the terminology that was chosen by the working group. I'm offline at > the moment so can't check immediately, but I believe that it was also > terminology used by CMS. I *know* that it was terminology used by ekr and > Joe Hildebrand in their submission to the working group, parts of which > (including language in the steps) are part of this specification. > > > 9: It took me a bit to figure out why this section is here. This is > > only a problem for the Compact Serialization. The second bullet makes > > this > > clear: For the JSON Serialization, the answer is, "They're different > > if they're different." I suggest rewriting this section to make it > > clear that you're trying to help folks who need to distinguish between > compact serializations. > > It's also needed for the JSON Serializations, hence bullet 2. Bullets 3 and 4 also > apply to both serializations. Only bullet 1 is specific to the compact > serializations. Presumably it could be simplified as bullet one only refers to compact serialization. And the other bullets only refer to JSON serialization. The parsing on period characters should be determinate for compact serialization. Perhaps if it was divided this way it would be clearer. > > > Appendix A: Leaving the JSON Serialization until the end and putting a > > compact serialization in every example stinks. Let's not make it > > harder for implementers to figure out how to use the JSON Serialization. > > Other than the last example, the examples are there to describe properties of > algorithms, not of serializations, so both serializations aren't needed to > illustrate those points. The simpler compact serialization does just fine for that > purpose. That being said, draft-ietf-jose-cookbook is chock full of examples of > both serializations. It should be coming to the IESG pretty soon as well. > > Thanks again, > -- Mike > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose