IETF Logo Mail Archive

Re: [jose] #161 Password Considerations - Proposed Text

Mike Jones <Michael.Jones@microsoft.com> Mon, 11 November 2013 05:01 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3258611E820A for <jose@ietfa.amsl.com>; Sun, 10 Nov 2013 21:01:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.451
X-Spam-Level:
X-Spam-Status: No, score=-3.451 tagged_above=-999 required=5 tests=[AWL=0.148, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y+8gFxjFU4Pr for <jose@ietfa.amsl.com>; Sun, 10 Nov 2013 21:01:34 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0155.outbound.protection.outlook.com [207.46.163.155]) by ietfa.amsl.com (Postfix) with ESMTP id DC12C11E810E for <jose@ietf.org>; Sun, 10 Nov 2013 21:01:33 -0800 (PST)
Received: from DM2PR03CA010.namprd03.prod.outlook.com (10.141.52.158) by BL2PR03MB228.namprd03.prod.outlook.com (10.255.231.21) with Microsoft SMTP Server (TLS) id 15.0.815.6; Mon, 11 Nov 2013 05:01:32 +0000
Received: from BY2FFO11FD011.protection.gbl (2a01:111:f400:7c0c::196) by DM2PR03CA010.outlook.office365.com (2a01:111:e400:2414::30) with Microsoft SMTP Server (TLS) id 15.0.815.6 via Frontend Transport; Mon, 11 Nov 2013 05:01:32 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD011.mail.protection.outlook.com (10.1.14.129) with Microsoft SMTP Server (TLS) id 15.0.815.5 via Frontend Transport; Mon, 11 Nov 2013 05:01:31 +0000
Received: from TK5EX14MBXC287.redmond.corp.microsoft.com ([169.254.2.85]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.03.0158.002; Mon, 11 Nov 2013 05:00:59 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "'Manger, James H'" <James.H.Manger@team.telstra.com>, "'Matt Miller (mamille2)'" <mamille2@cisco.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] #161 Password Considerations - Proposed Text
Thread-Index: AQHO29kIuC8a6g8Ca0y/o7d69v5ORZoaZcIAgAGng5CAAyXIoIAAJgIAgAAkjnA=
Date: Mon, 11 Nov 2013 05:00:58 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394377E751AD@TK5EX14MBXC287.redmond.corp.microsoft.com>
References: <4E5336EC-417E-45A8-9F58-952BBA668C25@cisco.com> <255B9BB34FB7D647A506DC292726F6E11536158D20@WSMSG3153V.srv.dir.telstra.com> <4E1F6AAD24975D4BA5B168042967394377E734AE@TK5EX14MBXC287.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E115362B7ADA@WSMSG3153V.srv.dir.telstra.com> <0a1001cede88$62aff3e0$280fdba0$@augustcellars.com>
In-Reply-To: <0a1001cede88$62aff3e0$280fdba0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(164054003)(13464003)(51704005)(377454003)(199002)(189002)(23726002)(33656001)(4396001)(49866001)(74706001)(551544002)(2656002)(55846006)(81342001)(77982001)(59766001)(47976001)(50986001)(50466002)(83072001)(74366001)(15975445006)(47736001)(87936001)(74876001)(47446002)(80022001)(66066001)(87266001)(6806004)(74502001)(65816001)(76482001)(19580405001)(51856001)(44976005)(53806001)(54356001)(80976001)(83322001)(85306002)(79102001)(46102001)(46406003)(77096001)(56816003)(81542001)(54316002)(19580395003)(81686001)(63696002)(47776003)(81816001)(20776003)(74662001)(69226001)(56776001)(31966008)(76796001)(76786001); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB228; H:mail.microsoft.com; CLIP:131.107.125.37; FPR:; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0027ED21E7
X-OriginatorOrg: microsoft.com
Subject: Re: [jose] #161 Password Considerations - Proposed Text
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2013 05:01:39 -0000

I'm OK with the MUST.  But can anyone give us a status update on draft-ietf-precis-saslprepbis?  It doesn't appear to be in the RFC Editor queue.  I'm worried that if we make a normative reference, JWA will be held up in the RFC editor queue for on reference, just like draft-ietf-appsawg-acct-uri is currently held up in the RFC Editor queue on a reference to draft-ietf-precis-framework, which has not yet been received by the RFC Editor.

				-- Mike

-----Original Message-----
From: Jim Schaad [mailto:ietf@augustcellars.com] 
Sent: Sunday, November 10, 2013 6:48 PM
To: 'Manger, James H'; Mike Jones; 'Matt Miller (mamille2)'; jose@ietf.org
Subject: RE: [jose] #161 Password Considerations - Proposed Text



> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf 
> Of Manger, James H
> Sent: Sunday, November 10, 2013 4:36 PM
> To: Mike Jones; Matt Miller (mamille2); <jose@ietf.org>
> Subject: Re: [jose] #161 Password Considerations - Proposed Text
> 
> > ----------
> > From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> >
> > I believe that the following text addresses the encoding issue that 
> > James raised:
> >
> > 	  The PBES2 password input is an octet sequence;
> > 	  if the password to be used is represented as a text string
> > 	  rather than an octet sequence, the UTF-8 encoding of the text
string
> > 	  SHOULD be used as the octet sequence.
> >
> > If you'd like to see any changes made to it, please propose specific 
> > edits.
> >
> > (The SASLPREP text is already present in the Internationalization 
> > Considerations section.)
> >
> > 				Thanks,
> > 				-- Mike
> 
> 
> At least change SHOULD to MUST.

If it is not changed then there needs to be a lot of description about why this is not a MUST.  If this is the case then it would be logical that two different implementations could do different decisions and never interoperate.

I would say that we should make a normative reference to the draft-melnikov-precis-saslprepbis as well.  If not then we will probably get hit by the ADs.

Jim

> 
> --
> James Manger
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email