Re: [jose] POLL(s): header criticality

John Bradley <ve7jtb@ve7jtb.com> Wed, 06 February 2013 13:40 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEE7121F875F for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 05:40:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZ7t76TC-BM3 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 05:40:54 -0800 (PST)
Received: from mail-da0-f50.google.com (mail-da0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id 100EA21F871D for <jose@ietf.org>; Wed, 6 Feb 2013 05:40:53 -0800 (PST)
Received: by mail-da0-f50.google.com with SMTP id h15so650470dan.37 for <jose@ietf.org>; Wed, 06 Feb 2013 05:40:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=yMxK7xHPbGdZU9yu7Yue/4bIPcnvCGFLjzBPB0PRPJ4=; b=Cs8Lv5UOEHmtmGTXHqwnSax5gv9RU8HTe7qJOWaxTYM2IUtwcN46G5NetlSJ2cAKdN kxqu736p7V2dv4PsD6FcXfxwavgaXreRDiJARXx7nYQcQkwQp10OTHxnoOMmbnRPCdUV BvvAULXJFWoZ+Duq33rVZiDdvEftRJGuIA0yegORGNps7Vpy71S1DcwQMmz6hmhfV0Nh z4qhVfmnOLx6GJ06FrC/8v1bgByMk0ebB05VwDdmcjaco325WTidWnhDUaK0bpI6Nikf 4ICIvPEk8Cvle0eqaEuxbJjdmKcct416CXqDu2DkHvEr0UXRuvmVSX1TjJb7+dcqWgqT T1CA==
X-Received: by 10.66.83.8 with SMTP id m8mr53799009pay.40.1360158053421; Wed, 06 Feb 2013 05:40:53 -0800 (PST)
Received: from dhcp50-95-212-134.hil-phxpphs.phx.wayport.net (dhcp50-95-212-134.hil-phxpphs.phx.wayport.net. [50.95.212.134]) by mx.google.com with ESMTPS id q4sm37843180paz.20.2013.02.06.05.40.49 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 06 Feb 2013 05:40:51 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_200DBC23-D177-46B7-BDDA-B95396C8149C"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <510FCA42.5000704@isoc.org>
Date: Wed, 6 Feb 2013 06:40:48 -0700
Message-Id: <BFDDF2FE-A445-4B32-AFFF-B005EFAAB7CA@ve7jtb.com>
References: <510FCA42.5000704@isoc.org>
To: odonoghue@isoc.org
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQl9vK9oolrU+xTwtOMEAxI9UsLLdTUb9nHuMn4HfLgCZaoiXU0NV2A38V88tQmHCt0OScrF
Cc: jose@ietf.org
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 13:40:54 -0000

FIRST POLL:  NO
SECOND POLL:  YES
THIRD POLL:  A

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Karen O'Donoghue
Sent: Monday, February 4, 2013 6:49 AM
To: jose@ietf.org
Subject: [jose] POLL(s): header criticality

Folks,

I am wrestling with how to help drive consensus on the topic of criticality of headers. For background, please review the current specification text, the minutes to the Atlanta meeting (IETF85), and the mailing list (especially the discussion in December with (Subj: Whether implementations must understand all JOSE header fields)). We need to come to closure on this issue in order to progress the specifications.

As a tool to gather further information on determining a way forward, the following polls have been created. Please respond before 11 February 2013.

Thanks,
Karen

*******************
FIRST POLL: Should all header fields be critical for implementations to understand?

YES - All header fields must continue to be understood by implementations or the input must be rejected.

NO - A means of listing that specific header fields may be safely ignored should be defined.

********************
SECOND POLL: Should the result of the first poll be "YES", should text like the following be added? "Implementation Note: The requirement to understand all header fields is a requirement on the system as a whole - not on any particular level of library software. For instance, a JOSE library could process the headers that it understands and then leave the processing of the rest of them up to the application. For those headers that the JOSE library didn't understand, the responsibility for fulfilling the 'MUST understand' requirement for the remaining headers would then fall to the application."

YES - Add the text clarifying that the "MUST understand" requirement is a requirement on the system as a whole - not specifically on JOSE libraries.

NO - Don't add the clarifying text.

************************
THIRD POLL: Should the result of the first poll be "NO", which syntax would you prefer for designating the header fields that may be ignored if not understood?

A - Define a header field that explicitly lists the fields that may be safely ignored if not understood.

B - Introduce a second header, where implementations must understand all fields in the first but they may ignore not-understood fields in the second.

C - Other??? (Please specify in detail.) _______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose



On 2013-02-04, at 7:48 AM, Karen O'Donoghue <odonoghue@isoc.org> wrote:

> Folks,
> 
> I am wrestling with how to help drive consensus on the topic of criticality of headers. For background, please review the current specification text, the minutes to the Atlanta meeting (IETF85), and the mailing list (especially the discussion in December with (Subj: Whether implementations must understand all JOSE header fields)). We need to come to closure on this issue in order to progress the specifications.
> 
> As a tool to gather further information on determining a way forward, the following polls have been created. Please respond before 11 February 2013.
> 
> Thanks,
> Karen
> 
> *******************
> FIRST POLL: Should all header fields be critical for implementations to understand?
> 
> YES – All header fields must continue to be understood by implementations or the input must be rejected.
> 
> NO – A means of listing that specific header fields may be safely ignored should be defined.
> 
> ********************
> SECOND POLL: Should the result of the first poll be "YES", should text like the following be added? “Implementation Note: The requirement to understand all header fields is a requirement on the system as a whole – not on any particular level of library software. For instance, a JOSE library could process the headers that it understands and then leave the processing of the rest of them up to the application. For those headers that the JOSE library didn’t understand, the responsibility for fulfilling the ‘MUST understand’ requirement for the remaining headers would then fall to the application.”
> 
> YES – Add the text clarifying that the “MUST understand” requirement is a requirement on the system as a whole – not specifically on JOSE libraries.
> 
> NO – Don’t add the clarifying text.
> 
> ************************
> THIRD POLL: Should the result of the first poll be "NO", which syntax would you prefer for designating the header fields that may be ignored if not understood?
> 
> A – Define a header field that explicitly lists the fields that may be safely ignored if not understood.
> 
> B – Introduce a second header, where implementations must understand all fields in the first but they may ignore not-understood fields in the second.
> 
> C - Other??? (Please specify in detail.)
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose