Re: [jose] Comments on version 11 of draft-ietf-jose-json-web-encryption
Mike Jones <Michael.Jones@microsoft.com> Thu, 27 June 2013 22:51 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F38E11E80F2 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 15:51:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.165
X-Spam-Level:
X-Spam-Status: No, score=-3.165 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NysfeDMqtO6B for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 15:50:51 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0241.outbound.protection.outlook.com [207.46.163.241]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5BC11E80A5 for <jose@ietf.org>; Thu, 27 Jun 2013 15:50:51 -0700 (PDT)
Received: from BY2FFO11FD013.protection.gbl (10.1.15.203) by BY2FFO11HUB012.protection.gbl (10.1.14.83) with Microsoft SMTP Server (TLS) id 15.0.717.3; Thu, 27 Jun 2013 22:50:50 +0000
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD013.mail.protection.outlook.com (10.1.14.75) with Microsoft SMTP Server (TLS) id 15.0.707.0 via Frontend Transport; Thu, 27 Jun 2013 22:50:50 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.25]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.03.0136.001; Thu, 27 Jun 2013 22:50:02 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>
Thread-Topic: Comments on version 11 of draft-ietf-jose-json-web-encryption
Thread-Index: Ac5qBROwQiVllCE1TESnJHctXErySQJdAyhQ
Date: Thu, 27 Jun 2013 22:50:01 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943678A1AFC@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <010601ce6a0c$6cabe700$4603b500$@augustcellars.com>
In-Reply-To: <010601ce6a0c$6cabe700$4603b500$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.72]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943678A1AFCTK5EX14MBXC283r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(43784003)(377454003)(51914003)(189002)(199002)(13464003)(69226001)(46102001)(81542001)(81342001)(77982001)(51856001)(59766001)(74876001)(71186001)(56776001)(55846006)(77096001)(54316002)(74662001)(31966008)(74502001)(54356001)(76482001)(53806001)(47446002)(56816003)(76796001)(76786001)(44976004)(19300405004)(74366001)(79102001)(15202345003)(74706001)(47736001)(49866001)(50986001)(47976001)(16236675002)(512954002)(65816001)(20776003)(63696002)(6806003)(33656001)(16406001)(4396001)(66066001)(80022001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB012; H:TK5EX14HUBC107.redmond.corp.microsoft.com; CLIP:131.107.125.37; RD:InfoDomainNonexistent; MX:1; A:1; LANG:;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 08902E536D
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Comments on version 11 of draft-ietf-jose-json-web-encryption
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 22:51:00 -0000
Thanks for the useful review comments, Jim. Replies inline prefixed by "Mike>"... -----Original Message----- From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Saturday, June 15, 2013 2:08 PM To: draft-ietf-jose-json-web-encryption@tools.ietf.org Cc: jose@ietf.org Subject: Comments on version 11 of draft-ietf-jose-json-web-encryption Gentlemen, Here are a few comments for consideration. Note that some of the comments from the JWS review are also applicable to this document as much of the language in places is the same. 1. In Section 4.1.2 - You probably want to say an AEAD algorithm not an AE algorithm Mike> The problem with the "AEAD" terminology is that it implies both algorithm and encoding properties. We want the algorithm properties but not the encoding properties defined by RFC 5116. Thus, a conscious terminology change was made in -08 to longer use the term "AEAD". 2 In section 4.1.3 - I would suggest changing the text to "This parameter MUST be omitted unless required by the algorithm in the "alg" member. This header parameter MUST be understood if an algorithm is supported that requires it." Mike> OK 3. In section 4.1.4 - Does the group agree that compression is a required feature to implement? Mike> This feature was discussed at IETF 83 and has been in place in the current form ever since -02. I'd be shocked if people didn't believe this feature was necessary. 4. Why not reference sections 4.1.5 - 10 by reference with a comment that these refer to the key that was used to encrypt the content? Is there a benefit of having them listed here? Is there a difference in the way they are interpreted other than the recipient/originator thing? Mike> I assume you mean reference them in JWS? There's a complete list here so that it's clear to JWE implementers what the reserved header parameters are without having to reference other specs. And yes, the JWS and JWE key selection parameters are the same other than the JWS sender/JWE receiver difference. 5. Why not reference sections 4.1.11-12 from the JWS document? Is there a difference in the way they are interpreted? Mike> (Apparently I didn't understand what you were suggesting in 4, having seen this next question.) In any event, in JWS they reference the key that is used to verify the signature. In JWE they reference the key to which the content was encrypted. That's the difference in all these parameters. 6. If we are not going with an alphabetic order of names, the I would suggest that apu should be next to exp as they are used in the same context and therefore having them adjacent makes sense. Mike> Actually, Richard had suggested moving "apu" to the key agreement section in JWA, since its use is algorithm-specific. I think I agree with him. 7. Is there a reason not to reference 4.1.14 from JWS? Is there a difference in interpretation? Mike> Stylistically, it seems easier for implementers of JWE to have a complete list of general-purpose parameter definitions than to have some here and some there. The example is also different, because one is a JWS header and the other is a JWE header. Thanks again, -- Mike Jim
- [jose] Comments on version 11 of draft-ietf-jose-… Jim Schaad
- Re: [jose] Comments on version 11 of draft-ietf-j… Mike Jones
- Re: [jose] Comments on version 11 of draft-ietf-j… Jim Schaad
- Re: [jose] Comments on version 11 of draft-ietf-j… Mike Jones
- Re: [jose] Comments on version 11 of draft-ietf-j… Jim Schaad
- Re: [jose] Comments on version 11 of draft-ietf-j… Mike Jones