IETF Logo Mail Archive

Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:54 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 037A31A87BB; Tue, 14 Oct 2014 05:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9ddNKIdf0N3; Tue, 14 Oct 2014 05:54:37 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0705.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:705]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9F7F1A87CC; Tue, 14 Oct 2014 05:54:29 -0700 (PDT)
Received: from BN3PR0301CA0008.namprd03.prod.outlook.com (25.160.180.146) by BN3PR0301MB1204.namprd03.prod.outlook.com (25.161.207.16) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:54:08 +0000
Received: from BN1AFFO11FD024.protection.gbl (2a01:111:f400:7c10::132) by BN3PR0301CA0008.outlook.office365.com (2a01:111:e400:4000::18) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:54:08 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD024.mail.protection.outlook.com (10.58.52.84) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:54:07 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:53:19 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
Thread-Index: Ac/nrc5XX8kQ+ITGSkiN1OoewVnCZQ==
Date: Tue, 14 Oct 2014 12:53:19 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D597@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(189002)(52044002)(13464003)(51704005)(43784003)(199003)(377454003)(77096002)(19580405001)(19580395003)(6806004)(44976005)(21056001)(120916001)(80022003)(46102003)(46406003)(50986999)(15202345003)(104016003)(2656002)(85306004)(87936001)(85806002)(33656002)(55846006)(230783001)(31966008)(85852003)(4396001)(26826002)(76482002)(84676001)(68736004)(69596002)(15975445006)(47776003)(20776003)(64706001)(66066001)(50466002)(97736003)(86612001)(92726001)(92566001)(86362001)(23726002)(106466001)(54356999)(97756001)(99396003)(95666004)(107046002)(81156004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1204; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1204;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/cES1VDnv3m2sE-RhHQ6BbvkH640
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:54:46 -0000

The proposed resolutions below have been incorporated in the -34 draft.  The actual text addressing the "kid" string comparison issue is in an expanded JWS Section 5.3.  Hopefully you can clear your DISCUSS on that basis.

"makes sense" in the designated expert instructions was changed to "description is clear" in all drafts.

				Thanks again,
				-- Mike

> -----Original Message-----
> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
> Sent: Monday, October 06, 2014 12:54 AM
> To: Stephen Farrell; The IESG
> Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-key@tools.ietf.org;
> jose@ietf.org
> Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33:
> (with DISCUSS and COMMENT)
> 
> Thanks for your review, Stephen.  I'm adding the working group to the thread so
> they're aware of your comments.
> 
> > -----Original Message-----
> > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> > Sent: Thursday, October 02, 2014 4:15 AM
> > To: The IESG
> > Cc: jose-chairs@tools.ietf.org;
> > draft-ietf-jose-json-web-key@tools.ietf.org
> > Subject: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33:
> > (with DISCUSS and COMMENT)
> >
> > Stephen Farrell has entered the following ballot position for
> > draft-ietf-jose-json-web-key-33: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > http://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-key/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> >
> > nearly a nit, but would impact code so a discuss to make sure we get it right...
> >
> > 4.5: saying kid is case sensitive precludes use of DNS names there or
> > introduces bugs if those are used.  Since DNS names are the primary
> > way we distinguish things on the Internet, that seems odd. I don't
> > think that you need to say case- insensitive here but that you might
> > want to say that DNS names SHOULD be [lower|upper]cased before being
> used in kid parameters.
> 
> OK
> 
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> >
> > 4.8: I'd prefer if sha-256 had been the default/shorter of these. But whatever.
> 
> The SHA-1 is the one that's actually in widely deployed crypto libraries, including
> Windows and OpenSSL, and has been in the spec pretty much the whole time.
> Kathleen had us add the S256 version based on its usage in SSH during her AD
> review.
> 
> > 4.8/4.9: the disconnect with DANE and other specs that use
> > HASH(SPKI) as a thumbprint is a pity (but can be fixed later). How'd that
> happen?
> 
> The current thumbprint calculation is the one used by OpenSSL and Windows,
> among others.
> 
> The first that this issue was raised was during Tero Kivinen's secdir review.  In
> that discussion, I pointed out that other specs are free to define header
> parameter(s) to represent the HASH(SPKI) thumbprint and register them.  (I even
> pointed him to draft-jones-jose-jwk-thumbprint-01 as an example of a spec
> making a similar registration that he could use as an example if he wanted to
> write it up.)  He thought that that definition would be useful to the IoT
> community, so I expect that someone will do that when the need arises.
> 
> > 8: "make sense" still isn't useful;-) I've noted that on the algs
> > draft though so won't repeat more.
> 
> Noted
> 
> > C.9: Huh? Needs a ref to compact rep which isn't defined here.
> 
> Agreed - thanks
> 
> > As with other JOSE drafts, there was a substantial thread on the
> > secdir review that I didn't have time to follow but I'm ok that Kathleen's been
> on top of that.
> 
> Yes, she has.
> 
> 				Thanks again,
> 				-- Mike
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.29.0 | Report a Bug | By Email | System Status