[jose] Comments on draft-ietf-jose-json-web-encryption-10
"Jim Schaad" <ietf@augustcellars.com> Thu, 02 May 2013 21:10 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948E521F8DBB for <jose@ietfa.amsl.com>; Thu, 2 May 2013 14:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DO-2Ak7EcSwp for <jose@ietfa.amsl.com>; Thu, 2 May 2013 14:10:07 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id AA6DB21F88D8 for <jose@ietf.org>; Thu, 2 May 2013 14:10:07 -0700 (PDT)
Received: from Philemon (unknown [67.137.20.166]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id E4BE538EFF; Thu, 2 May 2013 14:10:04 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-jose-json-web-encryption@tools.ietf.org
Date: Thu, 02 May 2013 14:09:17 -0700
Message-ID: <023b01ce4779$4f48d070$edda7150$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac5HcpTF+I0IMCdbR5Ws7PoJ4pPWOw==
Content-Language: en-us
Cc: jose@ietf.org
Subject: [jose] Comments on draft-ietf-jose-json-web-encryption-10
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2013 21:10:13 -0000
Here are a set of comments on the latest draft. 1. Introduction - The first paragraph should not focus so much on the compact serialization given that both serializations are merged into this document. I would suggest a paragraph on the encryption portion of the problem followed by a paragraph on the two serialization formats used with their purposes 2. After the movement on the CBC_HMAC algorithm, I am not sure that section 3.2 is providing sufficient value for it to be present. Given that the full details on it are in an appendix you should consider its removal from here. You might move a comment on looking in appendix a for completed examples into section 3 from here 3. In section 4.1.3 - I would suggest changing the text to "This parameter MUST be omitted unless required by the algorithm in the "alg" member. This header parameter MUST be understood if an algorithm is supported that requires it." I have skipped over a number of sections that I knew would be affected by the outcomes of the interim meeting. Jim