[jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-encryption-33: (with DISCUSS and COMMENT)

"Richard Barnes" <rlb@ipv.sx> Thu, 02 October 2014 03:37 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Richard Barnes <rlb@ipv.sx>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20141002033659.31345.52942.idtracker@ietfa.amsl.com>
Date: Wed, 01 Oct 2014 20:36:59 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/kBXH-duLNboW9jOIg3nNCaaCc6U
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, jose-chairs@tools.ietf.org, jose@ietf.org
Subject: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-encryption-33: (with DISCUSS and COMMENT)

Richard Barnes has entered the following ballot position for
draft-ietf-jose-json-web-encryption-33: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-encryption/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Overall, this document is in much more solid shape than when it began. 
Thanks to the WG for a lot of hard work.  I only have one remaining
concern, that should hopefully be easy to address.

Section 7.2.
I've had several implementors trying to use JWE in the JSON serialization
ask why it was necessary to include a "recipients" array in cases where
there's only one recipient.  It seems like this is going to be a major
barrier to deployment and re-use, so I would propose including the
following text:
"""
In cases where the JWE is encrypted for only one recipient, the
"recipients" array will contain a single object.  In such cases, the
elements of the "recipients" array MAY be included at the top level of
the JWE object.  If the generator of a JWE chooses to use this
representation then all unprotected header parameters MUST be carried in
the "header" field, and the "unprotected" field MUST be absent.  A
JSON-formatted JWE that contains a "recipients" field MUST NOT contain a
"header" or "encrypted_key" field, and vice versa. 
"""
This may also require some other changes where "recipients" is relied on,
e.g., in Section 9.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 3.3.
Why doesn't this example include the JSON encoding?

Section 4.1.3.
"This Header Parameter MUST be integrity protected"
Why is this the case?  There is no security reason that "zip" must be
integrity-protected, and this requirement isn't made for any other
parameter.

Section 7.2.
The requirement that the "recipients" field MUST be present seems odd. 
What's the justification for this?

Appendix A seems kind of unnecessary given draft-ietf-jose-cookbook.

[jose] Richard Barnes' Discuss on draft-ietf-jose… Richard Barnes
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
Re: [jose] Richard Barnes' Discuss on draft-ietf-… ⌘ Matt Miller
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Martin Thomson
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Kathleen Moriarty
Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes