Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
"Jim Schaad" <ietf@augustcellars.com> Thu, 04 April 2013 23:42 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2133221F8F0E for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 16:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8698H3w29ek for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 16:42:01 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id 4D17B21F8F08 for <jose@ietf.org>; Thu, 4 Apr 2013 16:42:00 -0700 (PDT)
Received: from Philemon (mail.augustcellars.com [50.34.17.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id EBCE52CA07; Thu, 4 Apr 2013 16:41:57 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Dick Hardt' <dick.hardt@gmail.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.0ab64512938724c4d95e33c537c743e4@trac.tools.ietf.org> <56E2D113-F689-4C41-93AF-3C0DB8E70A6C@gmail.com> <4E1F6AAD24975D4BA5B1680429673943675B4F18@TK5EX14MBXC283.redmond.corp.microsoft.com> <E82CBC0D-F2C6-4860-BF2B-686C73BAACFF@gmail.com> <4E1F6AAD24975D4BA5B1680429673943675B568E@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943675B568E@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Thu, 04 Apr 2013 16:41:20 -0700
Message-ID: <016901ce318d$ea623ee0$bf26bca0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQEzXhH2pSU7uxMrGauMbrRnhFTZDAJsycXiAmvRN/gBt3K1ywJkbK2YAWJr2oaZqadQAA==
Content-Language: en-us
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, jose@ietf.org
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 23:42:02 -0000
Mike, I want to make sure that I understand how the registry is going to work. After I get an answer I will go back and review the document to make sure that it is both clear and consistent with your response. It is clear that any document (not just an IETF document) can create a new entry in the header registry. Once this has been done there are two possible results: 1. The resulting registration is for a specific protocol - thus if the JWT document registers iss and aud they would be specific for to the JWT documents or 2. The resulting registration is permitted for any protocol - thus the JWT document would be required to provide clear documentation about how the iss and aud header fields would operate for any potential new protocol that wanted to use these header fields. I think that both you and the WG believe that the second statement is correct. This is just a verification for me personally. Jim > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Mike Jones > Sent: Thursday, April 04, 2013 4:04 PM > To: Dick Hardt > Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter > Names > > I think it's better for three reasons. First, I think it's better to reserve the > names and define the new processing rules in the document where they're > defined - the JWT spec. > > Second, the "iss" and "aud" header values aren't meaningful in JWEs in the > general case - only in JWEs whose message is a JWT Claims Set. That's a > scoping argument that they shouldn't be defined in the JWE spec. > > Third, as is normal for IETF specs, the "one place to look for reserved JWE > header names" is the IANA registry for those names. Yes, the JWE spec > reserves an initial set of names, but it won't be the only spec to reserve > header parameter names, and so to see the full list, developers have to > consult the registry. > > -- Mike > > P.S. There's already an example of the JWT spec reserving names in a registry > defined by the JWS spec. See http://tools.ietf.org/html/draft-ietf-oauth-json- > web-token-06#section-9.3.1. Reserving header parameter names in the JSON > Web Signature and Encryption Header Parameters Registry established in JWS > (see http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section- > 7.1.1) would be done in an analogous manner. > > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Dick Hardt > Sent: Thursday, April 04, 2013 1:10 PM > To: Mike Jones > Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter > Names > > > On Apr 4, 2013, at 9:27 AM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > > JWT defines "aud" and "iss" and reserves them as claim names but not as > JWE header parameter names, nor does it currently specify their usage in that > location. My point is that I think the best way to accomplish what you're > asking for is to have the JWT spec also reserve these as JWE header > parameter names and define the semantics and processing rules associated > with using them in that location. > > Repeating that you think it is "best" is not educating me on *why* you think it > is "best"! > > The other reserved JWE header parameter names are not reserved in JWT. > The current list of reserved JWE header parameter names are in the JWE > document. Having another place to look for what names are reserved looks > inefficient and error prone unless ALL reserved JWE header parameter > names are listed in JWT. > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] #17: add 'aud' and 'iss' to 4.1 Reserved H… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… John Bradley
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Jim Schaad
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Matt Miller (mamille2)
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker