Re: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Mike Jones <> Sat, 11 October 2014 20:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BEAE01A879C; Sat, 11 Oct 2014 13:04:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oG0BDLlzrUuF; Sat, 11 Oct 2014 13:04:28 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::1:774]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 772CE1A8798; Sat, 11 Oct 2014 13:04:28 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1049.19; Sat, 11 Oct 2014 20:04:05 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Sat, 11 Oct 2014 20:04:05 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Sat, 11 Oct 2014 20:04:04 +0000
Received: from ([]) by ([]) with mapi id 14.03.0210.003; Sat, 11 Oct 2014 20:03:54 +0000
From: Mike Jones <>
To: Richard Barnes <>, Barry Leiba <>
Thread-Topic: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
Thread-Index: AQHP3elXQ+Mfvt7lnk639WnZnLXqO5wcKOgAgAAB8gCAAAW8gIAA5rkAgAAIy4CADMl7gIABdQAA
Date: Sat, 11 Oct 2014 20:03:53 +0000
Message-ID: <>
References: <> <0fb901cfddf2$5e21c7d0$1a655770$> <> <> <10d001cfde69$9181f7e0$b485e7a0$> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(189002)(377454003)(24454002)(199003)(51704005)(106466001)(55846006)(81156004)(31966008)(230783001)(95666004)(23676002)(66066001)(4396001)(97736003)(107046002)(20776003)(120916001)(47776003)(76176999)(54356999)(99396003)(77096002)(85306004)(106116001)(93886004)(50986999)(64706001)(85806002)(69596002)(87936001)(19580395003)(84676001)(68736004)(33656002)(50466002)(6806004)(44976005)(26826002)(19580405001)(86612001)(92566001)(92726001)(76482002)(21056001)(86362001)(2656002)(85852003)(80022003)(46102003)(104016003); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB273;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB273;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Forefront-PRVS: 0361212EA8
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: Jim Schaad <>, "" <>, "" <>, The IESG <>, "" <>
Subject: Re: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 11 Oct 2014 20:04:32 -0000

> From: jose [] On Behalf Of Richard Barnes
> Sent: Friday, October 10, 2014 2:40 PM
> To: Barry Leiba
> Cc: Jim Schaad;;; The IESG;
> Subject: Re: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
> On Thu, Oct 2, 2014 at 2:23 PM, Barry Leiba <> wrote:
> > [JLS] I don't have any objections to using  However the
> > original discussions for this was it would be some type of "expert review"
> > list similar to the mime-types list.  I don't know that the jose list would
> > provide the same semantics.
> Right, that's why I said that it depends.
> The media-types list is rather a special case, as it's *extremely*
> active.  There are others like that, such as uri-review.
> If you're not expecting many registrations very soon, and the working
> group will close after the documents are done, then it makes sense to
> use the jose list because by the time you start getting registrations
> that list won't be active for the working group.
> I expect that this is the more likely case.  Mike, Jim, do you agree?  To Mike's point, just because the WG closes down doesn't mean the mailing list does.  

I know that JOSE registrations will come in from the WebCrypto and JWT specs and I expect header parameter registrations to come in reasonably often, as well as occasional algorithm registrations.

Some will happen while the working group is active.  Some will continue to happen after it's not.

> One other possibility: Just re-use the oauth-ext-review@ list.  It's probably going to be pretty much the same people anyway.

I disagree that the people will be the same, as the designated experts should likely be different.  OAuth registrations require expertise in REST-based authorization semantics.  JOSE registrations require expertise in cryptography.  I frankly expect that the designated experts for JOSE will be Jim Schaad and one or more of the editors.  None of those are among the set of OAuth designated experts.  That argues for having a separate list.

> --Richard
> If you're expecting the jose list to have active discussion of
> documents while registration requests are coming in, then it makes
> sense to create a new list.
> Use your judgment.

Yes, I think this is the case, therefore the current suggestion in the draft of using a distinct list still looks like the right one to me.

				-- Mike