IETF Logo Mail Archive

Re: [jose] Header criticality -- hidden consensus?

"Manger, James H" <James.H.Manger@team.telstra.com> Sun, 10 February 2013 22:14 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A63621F883C for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 14:14:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuX1iERvtsQr for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 14:14:55 -0800 (PST)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id A640121F86D6 for <jose@ietf.org>; Sun, 10 Feb 2013 14:14:53 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.84,640,1355058000"; d="scan'208";a="117220842"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipoavi.tcif.telstra.com.au with ESMTP; 11 Feb 2013 09:14:50 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,6982"; a="111482463"
Received: from wsmsg3702.srv.dir.telstra.com ([172.49.40.170]) by ipcdvi.tcif.telstra.com.au with ESMTP; 11 Feb 2013 09:14:49 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3702.srv.dir.telstra.com ([172.49.40.170]) with mapi; Mon, 11 Feb 2013 09:14:50 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>, "jose@ietf.org" <jose@ietf.org>
Date: Mon, 11 Feb 2013 09:14:49 +1100
Thread-Topic: [jose] Header criticality -- hidden consensus?
Thread-Index: Ac4Gj6Fjbu8D6kXpTe+9hVMG+ltQlgADITpw
Message-ID: <255B9BB34FB7D647A506DC292726F6E115070831C1@WSMSG3153V.srv.dir.telstra.com>
References: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
In-Reply-To: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2013 22:14:56 -0000

Vladimir,

It is useful to see actual APIs and code trying to implement this MUST-understand-everything rule.

I can't quite see how your API allows a caller to indicate that is understands a new header parameter. Your HeaderFilter lets the caller *see* which field names the library "understands". JWSHeaderFilter goes further and allows the caller to *set* the accepted algorithms. I couldn't find, say, setAcceptedParameters(...).

Perhaps you are supposed to extend, say, MACVerifier with your own class that lists an extra field?


--
James Manger

> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
> Vladimir Dzhuvinov / NimbusDS
> Sent: Saturday, 9 February 2013 5:35 PM
> To: Richard Barnes; jose@ietf.org
> Subject: Re: [jose] Header criticality -- hidden consensus?
> 
> Hi Richard,
> 
> I understand your concern. With some bit of interface engineering we
> managed to have this requirement covered at library level, by allowing
> client apps to specify additional accepted parameters. If the JOSE
> library encounters a header with an unexpected name, it will mark the
> message as bad on the spot, so it won't be passed on to the app code at
> all.
> 
> You can take a look at the interface Javadocs here:
> 
> http://nimbusds.com/files/jose-
> jwt/javadoc/com/nimbusds/jose/HeaderFilter.html
> 
> And the actual code at the Git repo:
> 
> https://bitbucket.org/nimbusds/nimbus-jose-
> jwt/src/bef49c225aae194b6c40a376aee36b9af37a5da6/src/main/java/com/nimb
> usds/jose/HeaderFilter.java?at=master
> 
> 
> 
> What's more, this interface allows even certain standard headers from
> the JWS/JWE spec to not be denied (say if the client app doesn't want
> to
> accept X509 cert URLs, etc).
> 
> 
> I hope this helps,
> 
> Vladimir
> 
> 
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com
> 
> 
> 
> 
> -------- Original Message --------
> Subject: [jose] Header criticality -- hidden consensus?
> From: Richard Barnes <rlb@ipv.sx>
> Date: Fri, February 08, 2013 11:11 pm
> To: "jose@ietf.org" <jose@ietf.org>
> 
> We're 24 votes into the header criticality poll, so I thought I would
> go
> ahead and take a look at how the results are shaping up.  My initial
> tabulation is below.  The result on the FIRST POLL (the main one) is as
> follows:
> 
> No: 10
> Yes: 14
> 
> 
> What I find striking, however, is that every single person that voted
> "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL.  So nobody
> who thinks that all headers should be critical thinks that a JOSE
> library should actually be required to enforce this constraint.  And
> that means that enforcing that all headers are supported cannot be a
> MUST according to RFC 2119.
> 
> 
> So I wonder if there's consensus to remove the following text from JWE
> and JWS:
> -----BEGIN-JWE-----
>    4.   The resulting JWE Header MUST be validated to only include
>         parameters and values whose syntax and semantics are both
>         understood and supported.
> 
> -----END-JWE-----
> -----BEGIN-JWS-----
>    4.  The resulting JWS Header MUST be validated to only include
>        parameters and values whose syntax and semantics are both
>        understood and supported.
> 
> -----END-JWS-----
> 
> 
> Otherewise, a JOSE library conforming to these specifications would be
> REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains
> an unknown header, contradicting all those "Yes" votes on the SECOND
> POLL.
> 
> 
> --Richard
> 
> 
> 
> 
> 
> 
> -----BEGIN-Tabulation-----
> 1       2       3    Name:
> N       -       -    Bradley
> N       -       -    Ito
> N       N       A    Yee
> N       N       B    Barnes
> N       N       B    Rescorla
> N       N       C    Manger
> N       N       C    Octman
> N       Y       A    Fletcher
> N       Y       A    Miller
> N       Y       A    Sakimura
> Y       Y       -    D'Agostino
> Y       Y       A    Biering
> Y       Y       A    Brault
> Y       Y       A    Hedberg
> Y       Y       A    Jay
> Y       Y       A    Jones
> Y       Y       A    Marais
> Y       Y       A    Nadalin
> Y       Y       A    Nara
> Y       Y       A    Nennker
> Y       Y       A    Solberg
> Y       Y       B    Hardt
> Y       Y       B    Medeiros
> Y       Y       C    Matake
> Y       Y       C    Mishra
> 
> -----END-Tabulation-----
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email