IETF Logo Mail Archive

Re: [jose] Should we delete the "typ" header field

Mike Jones <Michael.Jones@microsoft.com> Thu, 30 May 2013 22:23 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CC521F8657 for <jose@ietfa.amsl.com>; Thu, 30 May 2013 15:23:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.377
X-Spam-Level:
X-Spam-Status: No, score=-2.377 tagged_above=-999 required=5 tests=[AWL=0.221, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xDtVNNaHYF+T for <jose@ietfa.amsl.com>; Thu, 30 May 2013 15:23:27 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0236.outbound.protection.outlook.com [207.46.163.236]) by ietfa.amsl.com (Postfix) with ESMTP id 7E10121F86CE for <jose@ietf.org>; Thu, 30 May 2013 15:23:27 -0700 (PDT)
Received: from BN1AFFO11FD004.protection.gbl (10.58.52.200) by BN1BFFO11HUB025.protection.gbl (10.58.53.135) with Microsoft SMTP Server (TLS) id 15.0.707.0; Thu, 30 May 2013 22:19:10 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BN1AFFO11FD004.mail.protection.outlook.com (10.58.52.178) with Microsoft SMTP Server (TLS) id 15.0.707.0 via Frontend Transport; Thu, 30 May 2013 22:19:09 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.134]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.03.0136.001; Thu, 30 May 2013 22:19:01 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, Anthony Nadalin <tonynad@microsoft.com>
Thread-Topic: [jose] Should we delete the "typ" header field
Thread-Index: Ac5ct7bsKO37MhFARcu9P04lU2GoQQACcb7gAAE0cIAAACa/UAAg82YAAAcJBvAABbv+AAABVhPA
Date: Thu, 30 May 2013 22:19:01 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943677CC05D@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <02b701ce5cb8$46ae77e0$d40b67a0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5499@TK5EX14MBXC285.redmond.corp.microsoft.com> <030801ce5cc6$5064daf0$f12e90d0$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943677C5787@TK5EX14MBXC285.redmond.corp.microsoft.com> <427D27E7-04B7-43F6-87A1-0ACB20AAFB93@mitre.org> <49dc8abc726a4acd86283caf833c9751@BY2PR03MB189.namprd03.prod.outlook.com> <CAL02cgT4LLnohQhuUjNBOvGATFkJxH83vtQFtcdsK2eOettG4Q@mail.gmail.com>
In-Reply-To: <CAL02cgT4LLnohQhuUjNBOvGATFkJxH83vtQFtcdsK2eOettG4Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.21]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943677CC05DTK5EX14MBXC285r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(24454002)(51444003)(377454002)(199002)(189002)(47736001)(4396001)(47446002)(56816002)(49866001)(47976001)(69226001)(50986001)(76796001)(76786001)(20776003)(80022001)(1511001)(63696002)(31966008)(79102001)(65816001)(46102001)(54316002)(76482001)(53806001)(51856001)(74662001)(74502001)(54356001)(74876001)(6806003)(16236675002)(15202345002)(74366001)(16601075002)(33656001)(81542001)(77982001)(55846006)(71186001)(59766001)(56776001)(16406001)(66066001)(512954002)(81342001)(74706001)(9078065002); DIR:OUT; SFP:; SCL:1; SRVR:BN1BFFO11HUB025; H:TK5EX14HUBC104.redmond.corp.microsoft.com; CLIP:131.107.125.37; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08626BE3A5
Cc: Jim Schaad <ietf@augustcellars.com>, "Richer, Justin P." <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 22:23:33 -0000

It's not that they affect the JOSE processing rules - it's that they make it easier for JOSE applications to have more consistent processing rules.

This brings us back full circle.  I believe that Jim's original reasoning from the 2011-2012 discussion of this still applies:

[JLS] If it is believe that a parameter this list is going to be "commonly" used by many different profilers, then I believe that the core items needs to be done the in the base specification.  I would therefore not be in favor of punting it out to somebody else.  The only exception would be if we are going to have a very light core and a "real" core specs.  In this case the very light core spec could punt to the "real" core spec.  Having said that I think that a registry would be a good idea.

                                                                Cheers,
                                                                -- Mike

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Thursday, May 30, 2013 2:37 PM
To: Anthony Nadalin
Cc: Mike Jones; Richer, Justin P.; jose@ietf.org; Jim Schaad
Subject: Re: [jose] Should we delete the "typ" header field

If they don't affect JOSE, then they shouldn't be in the base spec.
--Richard



On Thursday, May 30, 2013, Anthony Nadalin wrote:
I agree that they are fine as-is. We can and should be clearer that these fields don't effect the JOSE processing but are application fields.

From: jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');> [mailto:jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');>] On Behalf Of Richer, Justin P.
Sent: Thursday, May 30, 2013 8:31 AM
To: Mike Jones
Cc: Jim Schaad; jose@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose@ietf.org');>
Subject: Re: [jose] Should we delete the "typ" header field



I think that the two fields are fine as they're currently defined, as Mike describes below. They're hanging points for information that other applications of the JOSE stack can use to switch functionality out, and as such they should be well-defined and optional to allow general libraries and applications to do their jobs.



 -- Justin





On May 29, 2013, at 7:51 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:



"typ" declares what the type of THIS OBJECT is.

"cty" declares what the type of THE PAYLOAD or THE PLAINTEXT is.



They're different.



In the JWT case, a JWT Claims Set (the normal JWT Payload), which is a JSON Object containing Claims, is a completely different data structure from a JWT, which is a dot-separated list of base64url encoded fields.  The "cty" represents the former; the "typ" represents the latter.



                                                                -- Mike



From: Jim Schaad [mailto:ietf@augustcellars.com<http://augustcellars.com>]
Sent: Wednesday, May 29, 2013 4:43 PM
To: Mike Jones; jose@ietf.org<mailto:jose@ietf.org>
Subject: RE: [jose] Should we delete the "typ" header field



Can you justify why the JWT spec shou

v2.23.0 | Report a Bug | By Email