Re: [jose] Header criticality -- hidden consensus?
"Manger, James H" <James.H.Manger@team.telstra.com> Sun, 10 February 2013 22:14 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A63621F883C for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 14:14:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuX1iERvtsQr for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 14:14:55 -0800 (PST)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id A640121F86D6 for <jose@ietf.org>; Sun, 10 Feb 2013 14:14:53 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.84,640,1355058000"; d="scan'208";a="117220842"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipoavi.tcif.telstra.com.au with ESMTP; 11 Feb 2013 09:14:50 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,6982"; a="111482463"
Received: from wsmsg3702.srv.dir.telstra.com ([172.49.40.170]) by ipcdvi.tcif.telstra.com.au with ESMTP; 11 Feb 2013 09:14:49 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3702.srv.dir.telstra.com ([172.49.40.170]) with mapi; Mon, 11 Feb 2013 09:14:50 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>, "jose@ietf.org" <jose@ietf.org>
Date: Mon, 11 Feb 2013 09:14:49 +1100
Thread-Topic: [jose] Header criticality -- hidden consensus?
Thread-Index: Ac4Gj6Fjbu8D6kXpTe+9hVMG+ltQlgADITpw
Message-ID: <255B9BB34FB7D647A506DC292726F6E115070831C1@WSMSG3153V.srv.dir.telstra.com>
References: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
In-Reply-To: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2013 22:14:56 -0000
Vladimir, It is useful to see actual APIs and code trying to implement this MUST-understand-everything rule. I can't quite see how your API allows a caller to indicate that is understands a new header parameter. Your HeaderFilter lets the caller *see* which field names the library "understands". JWSHeaderFilter goes further and allows the caller to *set* the accepted algorithms. I couldn't find, say, setAcceptedParameters(...). Perhaps you are supposed to extend, say, MACVerifier with your own class that lists an extra field? -- James Manger > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Vladimir Dzhuvinov / NimbusDS > Sent: Saturday, 9 February 2013 5:35 PM > To: Richard Barnes; jose@ietf.org > Subject: Re: [jose] Header criticality -- hidden consensus? > > Hi Richard, > > I understand your concern. With some bit of interface engineering we > managed to have this requirement covered at library level, by allowing > client apps to specify additional accepted parameters. If the JOSE > library encounters a header with an unexpected name, it will mark the > message as bad on the spot, so it won't be passed on to the app code at > all. > > You can take a look at the interface Javadocs here: > > http://nimbusds.com/files/jose- > jwt/javadoc/com/nimbusds/jose/HeaderFilter.html > > And the actual code at the Git repo: > > https://bitbucket.org/nimbusds/nimbus-jose- > jwt/src/bef49c225aae194b6c40a376aee36b9af37a5da6/src/main/java/com/nimb > usds/jose/HeaderFilter.java?at=master > > > > What's more, this interface allows even certain standard headers from > the JWS/JWE spec to not be denied (say if the client app doesn't want > to > accept X509 cert URLs, etc). > > > I hope this helps, > > Vladimir > > > -- > Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com > > > > > -------- Original Message -------- > Subject: [jose] Header criticality -- hidden consensus? > From: Richard Barnes <rlb@ipv.sx> > Date: Fri, February 08, 2013 11:11 pm > To: "jose@ietf.org" <jose@ietf.org> > > We're 24 votes into the header criticality poll, so I thought I would > go > ahead and take a look at how the results are shaping up. My initial > tabulation is below. The result on the FIRST POLL (the main one) is as > follows: > > No: 10 > Yes: 14 > > > What I find striking, however, is that every single person that voted > "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody > who thinks that all headers should be critical thinks that a JOSE > library should actually be required to enforce this constraint. And > that means that enforcing that all headers are supported cannot be a > MUST according to RFC 2119. > > > So I wonder if there's consensus to remove the following text from JWE > and JWS: > -----BEGIN-JWE----- > 4. The resulting JWE Header MUST be validated to only include > parameters and values whose syntax and semantics are both > understood and supported. > > -----END-JWE----- > -----BEGIN-JWS----- > 4. The resulting JWS Header MUST be validated to only include > parameters and values whose syntax and semantics are both > understood and supported. > > -----END-JWS----- > > > Otherewise, a JOSE library conforming to these specifications would be > REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains > an unknown header, contradicting all those "Yes" votes on the SECOND > POLL. > > > --Richard > > > > > > > -----BEGIN-Tabulation----- > 1 2 3 Name: > N - - Bradley > N - - Ito > N N A Yee > N N B Barnes > N N B Rescorla > N N C Manger > N N C Octman > N Y A Fletcher > N Y A Miller > N Y A Sakimura > Y Y - D'Agostino > Y Y A Biering > Y Y A Brault > Y Y A Hedberg > Y Y A Jay > Y Y A Jones > Y Y A Marais > Y Y A Nadalin > Y Y A Nara > Y Y A Nennker > Y Y A Solberg > Y Y B Hardt > Y Y B Medeiros > Y Y C Matake > Y Y C Mishra > > -----END-Tabulation----- > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Header criticality -- hidden consensus? Hannes Tschofenig
- Re: [jose] Header criticality -- hidden consensus? Manger, James H
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS