IETF Logo Mail Archive

Re: [jose] [secdir] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

Tim Bray <tbray@textuality.com> Tue, 16 September 2014 15:51 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB9E1A0B78 for <jose@ietfa.amsl.com>; Tue, 16 Sep 2014 08:51:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCP23ZEhGl51 for <jose@ietfa.amsl.com>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com [209.85.220.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B05171A0AD1 for <jose@ietf.org>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
Received: by mail-vc0-f181.google.com with SMTP id ij19so38262vcb.40 for <jose@ietf.org>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=gslieT6tTLvcHNakFHipgrCWkZQveUhgR34rET5cmD8=; b=fFJIqubAMmVUTKVq8ftPsirkIeHf7yA3Yb54f9nsjdYhUgAJS4cPzfT/RGw6KiqwTm 9yX0/W0uFXYGyhkRRu2jwlppC+wRVE8j773c0lUlClo7efahAuQpFn/gbl2xoR3kbdzg 8wwMuzysVA9fLR1OySh+829S//bYPDmNM2LipwCrK1V+HK9lAaLobHl13zMyv74Tkg4J XkH+iAB76lFYiX6CD2X+ifQmZpgDMZFJO86749ZEDzTghYjRbH+l6n4xpmCY1qBsTS1x EfCQhPeTdCzjW3AVjzZQnOwBgLLBMK+XpP3Dsqx8vr21LArTGJBwXpGzA45ozrUZlT78 98Kg==
X-Gm-Message-State: ALoCoQmBguVXdJ6VPAlG7VP/LmP4gAW/w5zZjgReQQXzVu2fJ3PvfKAb1Bm4wQHFggUso8ts20Ye
X-Received: by 10.52.239.108 with SMTP id vr12mr25167392vdc.30.1410882707963; Tue, 16 Sep 2014 08:51:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.214.4 with HTTP; Tue, 16 Sep 2014 08:51:27 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <848240CC-F68C-4559-91B4-82174E732888@ve7jtb.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com> <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com> <EB1515F8-95D4-4F9F-B2EC-F6B0D54C1CC2@ve7jtb.com> <21527.61076.59689.574833@fireball.kivinen.iki.fi> <848240CC-F68C-4559-91B4-82174E732888@ve7jtb.com>
From: Tim Bray <tbray@textuality.com>
Date: Tue, 16 Sep 2014 08:51:27 -0700
Message-ID: <CAHBU6itbooGqNhRXC7F0zU25Q8gvJwbxhaC-RHK1RooYutOQEg@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="001a1135f066a0f62f050330bae1"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/cXheIxunNnIJPYimU5gRAbVZhIk
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Michael Jones <Michael.Jones@microsoft.com>, Tero Kivinen <kivinen@iki.fi>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] [secdir] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 15:51:55 -0000

On Tue, Sep 16, 2014 at 8:35 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> ​​
>
> ​​
> As Tim stated in a later message most of them don't reject or report
> duplicate keys.
> ​​
> He is proposing a new JSON profile I-JSON that changes that.
>

​Actually, the JSON working group is under no illusion that shipping I-JSON
as an RFC is going to magically cause existing JSON software to fix this
issue (although I’m optimistic that implementations will pop up pretty
quickly, because it’s not hard).

The value of I-JSON is that it takes all the things that we’ve observed to
cause interop problems in practical JSON, that in some cases have had to be
explicitly argued-over in other contexts (like we’re doing here), and in a
short simple document says “don’t do any of these things”.​  So it’ll be
handy as a spec-writer’s tool even before the software catches up.
​​

v2.23.0 | Report a Bug | By Email