IETF Logo Mail Archive

Re: [jose] Should we delete the "typ" header field

Richard Barnes <rlb@ipv.sx> Thu, 30 May 2013 21:36 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C2D521F89EB for <jose@ietfa.amsl.com>; Thu, 30 May 2013 14:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.428
X-Spam-Level:
X-Spam-Status: No, score=0.428 tagged_above=-999 required=5 tests=[AWL=-0.928, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mvs1iGum9ZVx for <jose@ietfa.amsl.com>; Thu, 30 May 2013 14:36:52 -0700 (PDT)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id A625B21F88EA for <jose@ietf.org>; Thu, 30 May 2013 14:36:52 -0700 (PDT)
Received: by mail-ob0-f174.google.com with SMTP id wd20so1655976obb.33 for <jose@ietf.org>; Thu, 30 May 2013 14:36:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=RFh71WEJQpgkhzTfFoxaGOgRQQezIAv+xXqNX6swqOQ=; b=k4EsUwrkxsqAVewK2Dt2lPRHHWruGa49XPwEaBkTOfVmoeAAR7oEuDu/kAYe4NRLtd zsKVI57NJjjeWxoEa4OTKF7euGfPK9tmW5BgciR0DfNAEcuftXxAplsfpVM2yw4gyxaE W0Ejx8BsQwRtyPLQMQeAOUsq2HrfoYUdMB6Ha9r58QItbWTnlQX0MD4AeqHQkjU7Lv79 qYD5ebNGyQJ0VzcaMlNBAvKc6OxCVeceNd1EWxV+Kii61lE/gsU36iotOw2l44xmD3cc wGDkuWkpTMQqy+hoGKok26jWy7cfOWZsnJ1CP6vN5qdkFVJMh3vWM1dVgpbj2w1bnHfu R/gg==
MIME-Version: 1.0
X-Received: by 10.60.42.237 with SMTP id r13mr5016897oel.61.1369949812130; Thu, 30 May 2013 14:36:52 -0700 (PDT)
Received: by 10.60.84.8 with HTTP; Thu, 30 May 2013 14:36:51 -0700 (PDT)
X-Originating-IP: [108.18.40.68]
In-Reply-To: <49dc8abc726a4acd86283caf833c9751@BY2PR03MB189.namprd03.prod.outlook.com>
References: <02b701ce5cb8$46ae77e0$d40b67a0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5499@TK5EX14MBXC285.redmond.corp.microsoft.com> <030801ce5cc6$5064daf0$f12e90d0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5787@TK5EX14MBXC285.redmond.corp.microsoft.com> <427D27E7-04B7-43F6-87A1-0ACB20AAFB93@mitre.org> <49dc8abc726a4acd86283caf833c9751@BY2PR03MB189.namprd03.prod.outlook.com>
Date: Thu, 30 May 2013 17:36:52 -0400
Message-ID: <CAL02cgT4LLnohQhuUjNBOvGATFkJxH83vtQFtcdsK2eOettG4Q@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Anthony Nadalin <tonynad@microsoft.com>
Content-Type: multipart/alternative; boundary="001a11c206aae9899804ddf64ba5"
X-Gm-Message-State: ALoCoQlyRKaZXzp7pZVGocg9XYA6pmS1d80k4WQwD/63U4TGfC2xp4ryKEBtJofmipOB3eD4VO9y
Cc: Mike Jones <Michael.Jones@microsoft.com>, "Richer, Justin P." <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>, Jim Schaad <ietf@augustcellars.com>
Subject: Re: [jose] Should we delete the "typ" header field
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 21:36:57 -0000

If they don't affect JOSE, then they shouldn't be in the base spec.
--Richard



On Thursday, May 30, 2013, Anthony Nadalin wrote:

>  I agree that they are fine as-is. We can and should be clearer that
> these fields don’t effect the JOSE processing but are application fields.*
> ***
>
> ** **
>
> *From:* jose-bounces@ietf.org <javascript:_e({}, 'cvml',
> 'jose-bounces@ietf.org');> [mailto:jose-bounces@ietf.org<javascript:_e({}, 'cvml', 'jose-bounces@ietf.org');>]
> *On Behalf Of *Richer, Justin P.
> *Sent:* Thursday, May 30, 2013 8:31 AM
> *To:* Mike Jones
> *Cc:* Jim Schaad; jose@ietf.org <javascript:_e({}, 'cvml',
> 'jose@ietf.org');>
> *Subject:* Re: [jose] Should we delete the "typ" header field****
>
> ** **
>
> I think that the two fields are fine as they're currently defined, as Mike
> describes below. They're hanging points for information that other
> applications of the JOSE stack can use to switch functionality out, and as
> such they should be well-defined and optional to allow general libraries
> and applications to do their jobs. ****
>
> ** **
>
>  -- Justin****
>
> ** **
>
> ** **
>
> On May 29, 2013, at 7:51 PM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:****
>
>
>
> ****
>
>  “typ” declares what the type of THIS OBJECT is.****
>
> “cty” declares what the type of THE PAYLOAD or THE PLAINTEXT is.****
>
>  ****
>
> They’re different.****
>
>  ****
>
> In the JWT case, a JWT Claims Set (the normal JWT Payload), which is a
> JSON Object containing Claims, is a completely different data structure
> from a JWT, which is a dot-separated list of base64url encoded fields.  The
> “cty” represents the former; the “typ” represents the latter.****
>
>  ****
>
>                                                                 -- Mike***
> *
>
>  ****
>
> *From:* Jim Schaad [mailto:ietf@augustcellars.com]
> *Sent:* Wednesday, May 29, 2013 4:43 PM
> *To:* Mike Jones; jose@ietf.org
> *Subject:* RE: [jose] Should we delete the "typ" header field****
>
>  ****
>
> Can you justify why the JWT spec shou
>
>

v2.23.0 | Report a Bug | By Email