Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:53 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF3D31A87C1; Tue, 14 Oct 2014 05:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUBZCvUpDMG3; Tue, 14 Oct 2014 05:53:17 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0702.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::702]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F051A87A1; Tue, 14 Oct 2014 05:53:17 -0700 (PDT)
Received: from CO2PR03CA0018.namprd03.prod.outlook.com (10.141.194.145) by DM2PR0301MB1216.namprd03.prod.outlook.com (25.160.219.17) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:52:54 +0000
Received: from BN1AFFO11FD025.protection.gbl (2a01:111:f400:7c10::158) by CO2PR03CA0018.outlook.office365.com (2a01:111:e400:1414::17) with Microsoft SMTP Server (TLS) id 15.0.1054.13 via Frontend Transport; Tue, 14 Oct 2014 12:52:53 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD025.mail.protection.outlook.com (10.58.52.85) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:52:52 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:52:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
Thread-Index: Ac/nrar1kfzpco5wSH+Rq/XV0zFpiA==
Date: Tue, 14 Oct 2014 12:52:16 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D4E6@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB0D4E6TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(189002)(199003)(164054003)(24454002)(377454003)(479174003)(19300405004)(31966008)(85306004)(512874002)(54356999)(50986999)(230783001)(46102003)(87936001)(84326002)(85806002)(2656002)(120916001)(80022003)(104016003)(20776003)(64706001)(66066001)(15202345003)(71186001)(4396001)(97736003)(99396003)(107046002)(95666004)(92566001)(6806004)(106466001)(84676001)(81156004)(92726001)(15975445006)(44976005)(19580395003)(19580405001)(21056001)(16236675004)(86362001)(86612001)(55846006)(76482002)(77096002)(85852003)(69596002)(68736004)(19625215002)(33656002)(26826002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1216; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1216;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/cFki817hZtFIp2-AknuR_lb9EMo
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:53:25 -0000

A slight wording change from “recipients” to “parsers” to clarify the intent has been made in the -34 drafts as a result of Pete Resnick’s comments on the JWK draft.  Otherwise, this language as been left as-is.

                                                            -- Mike

From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: Monday, October 06, 2014 12:54 AM
To: Kathleen Moriarty; Stephen Farrell
Cc: The IESG; jose-chairs@tools.ietf.org<mailto:jose-chairs@tools.ietf.org>; draft-ietf-jose-json-web-key@tools.ietf.org<mailto:draft-ietf-jose-json-web-key@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org>
Subject: RE: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

[Adding the working group to this thread so they’re aware of the discussion between our Security Area Directors on this]

From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
Sent: Thursday, October 02, 2014 5:30 AM
To: Stephen Farrell
Cc: The IESG; jose-chairs@tools.ietf.org<mailto:jose-chairs@tools.ietf.org>; draft-ietf-jose-json-web-key@tools.ietf.org<mailto:draft-ietf-jose-json-web-key@tools.ietf.org>
Subject: Re: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)



On Thu, Oct 2, 2014 at 8:20 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:

sorry forgot about that...

On 02/10/14 13:04, Kathleen Moriarty wrote:
> Yes, I mentioned the duplicate member name discussion in a couple of
> the draft's ballot text.  There isn't really a great answer at this
> time unfortunately.  This particular item came up in my AD review as
> well as in a SecDir review.  It took some digging, but the problem is
> at least better understood now.  There may be a way to fix it with a
> draft that updates if I-JSON turns out to be a good way to handle
> this.  The problem is deployed code.  I flagged it in case anyone in
> the IESG had an opinion.  I'd love to see the right thing get done,
> but it may have to wait for a draft that updates these.  Opinions are
> welcome.

At a comment level, I'd say leave things as they are. Adding the
I-JSON requirement would be premature I think as its not clear if
libraries etc will or won't adopt that. If they don't then it'd
be a meaningless requirement. If however, I-JSON does take off then
JOSE code will be fine anyway without changing.

Thanks, Stephen.  I'm leaning the same way for now.  It looks like Pete hit this in a discuss, but just requesting a wording change as opposed the the more extensive changes discussed on list.  I'll follow up to his message.

S.



--

Best regards,
Kathleen