Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Mon, 06 October 2014 07:55 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14DA01A1B6D; Mon, 6 Oct 2014 00:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLOVj9W0mf33; Mon, 6 Oct 2014 00:55:10 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0784.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:784]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17C2F1A1B68; Mon, 6 Oct 2014 00:55:10 -0700 (PDT)
Received: from BY1PR0301MB1208.namprd03.prod.outlook.com (25.161.203.16) by BY1PR0301MB1205.namprd03.prod.outlook.com (25.161.203.154) with Microsoft SMTP Server (TLS) id 15.0.1044.10; Mon, 6 Oct 2014 07:54:47 +0000
Received: from BY2PR03CA071.namprd03.prod.outlook.com (10.141.249.44) by BY1PR0301MB1208.namprd03.prod.outlook.com (25.161.203.16) with Microsoft SMTP Server (TLS) id 15.0.1044.10; Mon, 6 Oct 2014 07:54:45 +0000
Received: from BN1AFFO11FD037.protection.gbl (2a01:111:f400:7c10::148) by BY2PR03CA071.outlook.office365.com (2a01:111:e400:2c5d::44) with Microsoft SMTP Server (TLS) id 15.0.1044.10 via Frontend Transport; Mon, 6 Oct 2014 07:54:45 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD037.mail.protection.outlook.com (10.58.52.241) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Mon, 6 Oct 2014 07:54:44 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.03.0210.003; Mon, 6 Oct 2014 07:54:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
Thread-Index: AQHP3jI0y2YQdh1++ku2NamIZ5KlrpwctZGAgAAEjoCAAAKFAIAFfvIQ
Date: Mon, 6 Oct 2014 07:54:11 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BAF0C17@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <20141002111501.6046.52416.idtracker@ietfa.amsl.com> <93C85082-0A0D-4F99-8DC1-91AC761D9950@gmail.com> <542D430F.8000000@cs.tcd.ie> <CAHbuEH7L4PQ8c7dT_FNB2EwjFPfqD3iAnn9=5FSmP+S56Ojc=A@mail.gmail.com>
In-Reply-To: <CAHbuEH7L4PQ8c7dT_FNB2EwjFPfqD3iAnn9=5FSmP+S56Ojc=A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BAF0C17TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(189002)(199003)(164054003)(479174003)(377454003)(24454002)(6806004)(107046002)(87936001)(21056001)(92566001)(26826002)(20776003)(93886004)(19300405004)(64706001)(31966008)(86362001)(512874002)(33656002)(106466001)(92726001)(85806002)(2656002)(97736003)(104016003)(81156004)(19625215002)(66066001)(54356999)(44976005)(86612001)(84326002)(76176999)(50986999)(69596002)(85852003)(84676001)(68736004)(106116001)(230783001)(71186001)(77096002)(99396003)(4396001)(16236675004)(85306004)(15975445006)(55846006)(19580405001)(80022003)(15202345003)(19580395003)(46102003)(10300001)(95666004)(76482002)(120916001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1208; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1208;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03569407CC
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1205;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/gqSXrv7ZON_zHN97SmEsCki__cY
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 07:55:15 -0000

[Adding the working group to this thread so they’re aware of the discussion between our Security Area Directors on this]

From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
Sent: Thursday, October 02, 2014 5:30 AM
To: Stephen Farrell
Cc: The IESG; jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-key@tools.ietf.org
Subject: Re: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)



On Thu, Oct 2, 2014 at 8:20 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:

sorry forgot about that...

On 02/10/14 13:04, Kathleen Moriarty wrote:
> Yes, I mentioned the duplicate member name discussion in a couple of
> the draft's ballot text.  There isn't really a great answer at this
> time unfortunately.  This particular item came up in my AD review as
> well as in a SecDir review.  It took some digging, but the problem is
> at least better understood now.  There may be a way to fix it with a
> draft that updates if I-JSON turns out to be a good way to handle
> this.  The problem is deployed code.  I flagged it in case anyone in
> the IESG had an opinion.  I'd love to see the right thing get done,
> but it may have to wait for a draft that updates these.  Opinions are
> welcome.

At a comment level, I'd say leave things as they are. Adding the
I-JSON requirement would be premature I think as its not clear if
libraries etc will or won't adopt that. If they don't then it'd
be a meaningless requirement. If however, I-JSON does take off then
JOSE code will be fine anyway without changing.

Thanks, Stephen.  I'm leaning the same way for now.  It looks like Pete hit this in a discuss, but just requesting a wording change as opposed the the more extensive changes discussed on list.  I'll follow up to his message.

S.



--

Best regards,
Kathleen