IETF Logo Mail Archive

Re: [jose] Should we delete the "typ" header field

Mike Jones <Michael.Jones@microsoft.com> Thu, 30 May 2013 00:34 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24AE521F8491 for <jose@ietfa.amsl.com>; Wed, 29 May 2013 17:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[AWL=0.216, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iuY7GHLetRck for <jose@ietfa.amsl.com>; Wed, 29 May 2013 17:34:02 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0242.outbound.protection.outlook.com [207.46.163.242]) by ietfa.amsl.com (Postfix) with ESMTP id 91BA321F848E for <jose@ietf.org>; Wed, 29 May 2013 17:34:02 -0700 (PDT)
Received: from BY2FFO11FD021.protection.gbl (10.1.15.203) by BY2FFO11HUB029.protection.gbl (10.1.14.114) with Microsoft SMTP Server (TLS) id 15.0.698.0; Thu, 30 May 2013 00:30:43 +0000
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD021.mail.protection.outlook.com (10.1.15.210) with Microsoft SMTP Server (TLS) id 15.0.698.0 via Frontend Transport; Thu, 30 May 2013 00:30:43 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.134]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.03.0136.001; Thu, 30 May 2013 00:30:37 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>
Thread-Topic: [jose] Should we delete the "typ" header field
Thread-Index: Ac5ct7bsKO37MhFARcu9P04lU2GoQQABwgsAAAHLQQAAAInWgAAAOgLgAACJDAAAAAUH4A==
Date: Thu, 30 May 2013 00:30:36 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943677C5C0A@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <02b701ce5cb8$46ae77e0$d40b67a0$@augustcellars.com> <CAD9ie-vK3gY9b9GQrbUa=TACy5KVA1uPH_u_utucoKzVynjuiA@mail.gmail.com> <02f501ce5cc5$ec9a2200$c5ce6600$@augustcellars.com> <CAD9ie-uV-THE0+oL-dNUB0qXF7sx8jHMZDCz8vGESmUHWV=LMg@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943677C58C4@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAD9ie-sm7q6gdzC-aTKt=+b=A8wB68ExTP1FwiT=zQTN7b69zA@mail.gmail.com>
In-Reply-To: <CAD9ie-sm7q6gdzC-aTKt=+b=A8wB68ExTP1FwiT=zQTN7b69zA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.72]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943677C5C0ATK5EX14MBXC285r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(24454002)(189002)(377454002)(199002)(74366001)(79102001)(80022001)(31966008)(66066001)(69226001)(74662001)(47736001)(81542001)(15202345002)(65816001)(6806003)(16236675002)(76796001)(56776001)(55846006)(74706001)(53806001)(76786001)(63696002)(33656001)(51856001)(4396001)(77982001)(50986001)(512954002)(54356001)(74876001)(76482001)(59766001)(47976001)(20776003)(16406001)(49866001)(44976003)(56816002)(47446002)(46102001)(74502001)(54316002)(81342001)(71186001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB029; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08626BE3A5
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 00:34:11 -0000

A standard library is unlikely to know the meanings of all possible "typ" values - and more to the point, it doesn't have to.  It's the application's job to determine that "this blob is a JOSE object" and then pass it to a standard library, which will then ignore the "typ" value.

A standard JOSE library won't know what "typ": "JWT" means.  It won't know what "typ": "BCGovToken" is, should the BC Government want to declare that it's using a token with particular characteristics.  It won't know what "typ": "XMPP" is, should XMPP want to declare that it's using a JOSE data structure with particular characteristics.  Etc.

All these values can be registered in the registry and used by applications that understand them.  That's the application's job - not the library's job.  The "typ" field is just there so that applications have a standard place to make any such declarations that they may need.

                                                                -- Mike

From: Dick Hardt [mailto:dick.hardt@gmail.com]
Sent: Wednesday, May 29, 2013 5:18 PM
To: Mike Jones
Cc: Jim Schaad; jose@ietf.org
Subject: Re: [jose] Should we delete the "typ" header field

I'd prefer to be able to use standard libraries for creating and parsing tokens, and not specialized libraries dependent on the use case.

I strongly think we either drop "typ" or make it required.

On Wed, May 29, 2013 at 5:03 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:
It's fine for your application to specify that it's required for your use case.  Not applications need it, so they shouldn't be forced to pay the space penalty of an unnecessary field.

                                                                -- Mike

From: jose-bounces@ietf.org<mailto:jose-bounces@ietf.org> [mailto:jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>] On Behalf Of Dick Hardt
Sent: Wednesday, May 29, 2013 4:56 PM

To: Jim Schaad
Cc: jose@ietf.org<mailto:jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field

I use it all the time and my code would barf if it was not there.

I think it should be required rather than be a hint if it is going ot be there.

On Wed, May 29, 2013 at 4:40 PM, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> wrote:
I think the values just changed

However the way you are using it would be an argument to say that it should be a required field.  Are you just using it as a hint if it exists and then looking at the rest of the fields if it is not present?

Jim


From: Dick Hardt [mailto:dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>]
Sent: Wednesday, May 29, 2013 3:49 PM
To: Jim Schaad
Cc: jose@ietf.org<mailto:jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field

Well, I have been using, but now realize the spec changed or I was confused.

I had been setting "typ" to be either "JWE" or "JWS" depending on the type of token I was creating or parsing as it was easier than looking at "alg"

As currently defined, I don't see value in "typ".

-- Dick


On Wed, May 29, 2013 at 3:02 PM, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> wrote:
In reading the documents, I am trying to understand the justification for having the "typ" header parameter in the JOSE documents.

The purpose of the field is to hold the type of the object.  In the past, I believe that values which should now be placed in the cty field (such as "JWT") were placed in this field as well.  However the parameter is optional and an implementation cannot rely on its being present.  This means that for all practical purposes all of the code to determine the value of the type field from the values of the alg and enc fields.  If the field was mandatory then this code would disappear at a fairly small space cost and I can understand why the parameter would be present.

Can anybody justify why this field should be present in the document - or should it just disappear?

Jim


_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose



--
-- Dick



--
-- Dick

_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose



--
-- Dick

v2.23.0 | Report a Bug | By Email