IETF Logo Mail Archive

Re: [jose] #15: Broken examples in JWE / JWS

Richard Barnes <rlb@ipv.sx> Sat, 23 March 2013 00:47 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67AD921F8E2C for <jose@ietfa.amsl.com>; Fri, 22 Mar 2013 17:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.349
X-Spam-Level:
X-Spam-Status: No, score=0.349 tagged_above=-999 required=5 tests=[AWL=-1.008, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ke3Ma47+UIjm for <jose@ietfa.amsl.com>; Fri, 22 Mar 2013 17:47:53 -0700 (PDT)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id B3CCE21F862D for <jose@ietf.org>; Fri, 22 Mar 2013 17:47:53 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id tb18so4574884obb.31 for <jose@ietf.org>; Fri, 22 Mar 2013 17:47:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=jM7XuIG1V8OUQQFLXCMABGX4veH7zkq9BZHstuAT074=; b=iIQaKh6X0IK13Ikj6fqlnIB2/Md8n5PiwChbRHeZewKF7G8XPu9QOa2e1iUz4ztN2F Rv/Uhf+6TRoR2PuxmA3nPSbql26kD+/b8o3XUSKDP19uVqRmeh1Qtk9eVyyp9CKRwQ9+ 5YWVD1hqJcHkUbAJroC+Fm0k/LjgPZbjYYea7XWalDPNBz4fM3JDDEIcXlUiW0irZDYw 3QSqifRVLswIbwBjPY/RzrFbCAZ8CRwzQfggN3EtTgcXcwSDuhWlNoaqmP0ZtpK3a8bB 2ID+/zlCjoA6rm1xx1xV80yLryGDxNtwYcJNT6gxOD9vWwcOhoPpyZsqmt7bEpmw1cNg ti4g==
MIME-Version: 1.0
X-Received: by 10.60.172.18 with SMTP id ay18mr3751548oec.126.1363999673225; Fri, 22 Mar 2013 17:47:53 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Fri, 22 Mar 2013 17:47:53 -0700 (PDT)
X-Originating-IP: [108.18.40.68]
In-Reply-To: <064.4c409ba17ad2c33695d941d0b7398e4f@trac.tools.ietf.org>
References: <049.dec2e6a11006261f47529bfcdfa8c51d@trac.tools.ietf.org> <064.4c409ba17ad2c33695d941d0b7398e4f@trac.tools.ietf.org>
Date: Fri, 22 Mar 2013 20:47:53 -0400
Message-ID: <CAL02cgQ_ib+9zKf2ygy5C7YpE-C9_vdeKYm2JAM24hMX74fnnQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: jose issue tracker <trac+jose@trac.tools.ietf.org>
Content-Type: multipart/alternative; boundary="bcaec54fae48ff7d3304d88ceb86"
X-Gm-Message-State: ALoCoQmwIHkqfbNHh0Dmg179aOVQ84i7E29PcctCT+s2zyOChOAiddzIUzb5KrvpK0gn/E1pWyFR
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org, ignisvulpis@gmail.com
Subject: Re: [jose] #15: Broken examples in JWE / JWS
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2013 00:47:54 -0000

The question isn't whether the semantic of "kid" is sufficiently defined.
 The question is when it should be required.  I'm not even saying that
"kid" should be required in all cases -- just that the recipient should
have clear instructions about what to do in all cases.

--Richard



On Fri, Mar 22, 2013 at 7:20 PM, jose issue tracker <
trac+jose@trac.tools.ietf.org> wrote:

> #15: Broken examples in JWE / JWS
>
>
> Comment (by michael.jones@microsoft.com):
>
>  Speaking as an individual, I'm not adverse to adding the use of the "kid"
>  parameter to one or more of the examples, but it shouldn't be in all of
>  them, as in many use cases, the key to be used is communicated by other
>  means than the "kid" (including by using some of the other header
>  parameters also defined by the specifications).
>
>  I'll also point out that the working group has already determined that the
>  "kid" parameter is adequately defined, so that aspect of this issue has
>  already been considered and is closed.  See "CLOSED: Is KID sufficently
>  defined" at http://www.ietf.org/mail-
>  archive/web/jose/current/msg01218.html.
>
> --
> -------------------------+-------------------------------------------------
>  Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
>      Type:  defect       |  encryption@tools.ietf.org
>  Priority:  minor        |      Status:  new
> Component:  json-web-    |   Milestone:
>   encryption             |     Version:
>  Severity:  -            |  Resolution:
>  Keywords:               |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/15#comment:2>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email