Re: [jose] Proposed resolution of header criticality issue
Richard Barnes <rlb@ipv.sx> Tue, 12 March 2013 05:01 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99F621F85B2 for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 22:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.38
X-Spam-Level:
X-Spam-Status: No, score=-2.38 tagged_above=-999 required=5 tests=[AWL=0.596, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aEmGzvwA3eoH for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 22:01:41 -0700 (PDT)
Received: from mail-oa0-f53.google.com (mail-oa0-f53.google.com [209.85.219.53]) by ietfa.amsl.com (Postfix) with ESMTP id D5C8321F8596 for <jose@ietf.org>; Mon, 11 Mar 2013 22:01:37 -0700 (PDT)
Received: by mail-oa0-f53.google.com with SMTP id m1so5381629oag.12 for <jose@ietf.org>; Mon, 11 Mar 2013 22:01:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=+YOdAwQoBr21IK1OP2q3MPidlWlvOccHu8WJ+zfCh1M=; b=R6hVc39o2g0anwe+uqlabrSuu6jC9+MWYoHn53sk0lxi55bg3X2Z1kaCRWyDlQ+AfW ckuwGz+mmPQlYC4D31WVdiF9YwSvXiLOVIp2TlTr0+RHOgVpVble7OnTLNqMsj/jSml+ 5uPZkz1yljrIUVC3YB0CEvl4WFeTvmmKXYp/NNvpzgnYbLi9x39gJXEeAZSc0bQz/5BP CeiRY5qA6DYGM+U+NtwowWytAxcyrGogCtt2cL/lHY1O3k6UuELkX57xb/prV1TS8uyy NjH/FtqcICES4E7ND98rWVg03tgvbNNTFQJWC/JJ2jzgaST5LWsUyLwKJw7iD7hvkf77 eD6g==
MIME-Version: 1.0
X-Received: by 10.60.172.80 with SMTP id ba16mr11182892oec.116.1363064497368; Mon, 11 Mar 2013 22:01:37 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Mon, 11 Mar 2013 22:01:37 -0700 (PDT)
X-Originating-IP: [128.89.253.235]
In-Reply-To: <1D3CF454-0536-4D5D-90DF-938C73EB6BF7@ve7jtb.com>
References: <513E6A73.1090403@isoc.org> <513E774C.6090605@isoc.org> <CAHBU6ivLV+D3g-gLgBNXkkj3cSPLXkh1KXcN83ewR0Hd6a4YtA@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1150B786643@WSMSG3153V.srv.dir.telstra.com> <1D3CF454-0536-4D5D-90DF-938C73EB6BF7@ve7jtb.com>
Date: Tue, 12 Mar 2013 01:01:37 -0400
Message-ID: <CAL02cgRXcpwgnpTP9gT1+dMuL_ZXXixE8D=Qu1BS0JfYmTiPhg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="bcaec5523bb62c06ba04d7b32ff0"
X-Gm-Message-State: ALoCoQl+cBLtd+2+hvN8hXA0Sgddh2dGtg2wS6LPN03fUupp6lRBbgvHbWbOmZmeYwbm9whv6iIZ
Cc: Tim Bray <tbray@textuality.com>, "Manger, James H" <James.H.Manger@team.telstra.com>, Karen ODonoghue <odonoghue@isoc.org>, jose <jose@ietf.org>
Subject: Re: [jose] Proposed resolution of header criticality issue
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 05:01:43 -0000
+1 to cheers. I already high-fived Mike in person. FWIW, my preference would be to get rid of "asd" or "meta" (part 5). I don't think it's relevant to the criticality discussion, and it's just not needed. --Richard On Mon, Mar 11, 2013 at 11:01 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > > On 2013-03-11, at 10:48 PM, "Manger, James H" < > James.H.Manger@team.telstra.com> wrote: > > I’ll add some cheers — this does look like substantial progress.**** > > I assume the fields such as “epk”, “apu” etc that sometimes must be > understood, and at other times must be ignored (depending on “alg” or “enc” > value) would NOT be listed in the “crit” field as they are defined in the > “base specs”.**** > > > Correct > > Being in the “base specs” is the right criteria for whether a field should > be listed in “crit” as long as “base specs” means: “base specifications for > the particular “alg”/”enc” values”. It shouldn’t mean (and doesn’t have to > mean) the base spec for the whole JOSE system.**** > > > > Crit is only for extensions, it is up to the extension definition to > decide if the field needs to be in crit. > > > P.S. “meta” might be a nicer label than “asd”. > > > I don't have any particular attachment to the name. Some places things > like this are called associated data, though not the places normal people > go I grant you. > Meta-data about the payload is what it is, The current practice is to use > three character names. I am fine with met or meta (I suspect that if you > are throwing crap into the envelope the single character won't kill anyone. > > James if you like the solution and want it to be meta I will back you on > it :) > > John B. > > **** > > --**** > James Manger**** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf Of > *Tim Bray > *Sent:* Tuesday, 12 March 2013 12:43 PM > *To:* Karen ODonoghue > *Cc:* jose > *Subject:* Re: [jose] Proposed resolution of header criticality issue**** > ** ** > Cue wild cheers from the peanut gallery where non-cryptographers sit. > MustIgnore is infinitely more robust and open-ended than MustUnderstand. -T > **** > > ** ** > On Mon, Mar 11, 2013 at 5:31 PM, Karen O'Donoghue <odonoghue@isoc.org> > wrote:**** > > Folks,**** > > > A side meeting was held Sunday with a number of jose working group > participants to try to resolve the open issue related to header > criticality. The following are the proposed resolutions from the meeting. > Point 5 of the proposed resolution below is actually independent of the > other 4 points, and could be considered separately. This will all be > discussed in Wednesday's meeting. > > In addition to the text below, there was some agreement to replace the > "understand" text with something a bit more explicit like "must process". > However, that text has not been rolled into the summary text below yet. > > Thank you to Jim Schaad, Mike Jones, John Bradley, Nat Sakimura, Martin > Thomas, Eric Rescorla, Matt Miller, and Richard Barnes for your efforts > (and my apologies if I missed someone). > > Regards, > Karen > > 1: Change the language “Additional members MAY be present in the JWK. If > present, they MUST be understood by implementations using them.” to > “Additional members MAY be present in the JWK. If not understood by > implementations encountering them, they MUST be ignored.” (And make the > same change for JWK Set as well.) > > 2: Characterize all existing JWS and JWE header fields as either must be > understood or may be ignored. “alg”, “enc”, and “zip” must be understood. > “kid”, “x5u”, “x5c”, “x5t”, “jwk”, “jku”, “typ”, and “cty” can be ignored > because while not using them may result in the inability to process some > signatures or encrypted content, this will not result in a security > violation – just degraded functionality. Other fields such as “epk”, > “apu”, “apv”, “epu”, and “epv” must be understood and used when “alg” or > “enc” values requiring them are used, and otherwise they may be ignored. > > 3. Define a new header field that lists which additional fields not > defined in the base specifications must be understood and acted upon when > present. For instance, an expiration-time extension field could be marked > as must-be-understood-and-acted-upon. One possible name for this would be > “crit” (critical). An example use, along with a hypothetical “exp” > (expiration-time) field is: > > {"alg":"ES256", > "crit":["exp"], > "exp”:1363284000 > } > > 4. All additional header fields not defined in the base specifications > and not contained in the “crit” list MUST be ignored if not understood. > > 5. Define a new header field “asd” (application-specific data) whose > value is a JSON structure whose contents are opaque to and ignored by JWS > and JWE implementations but for which its contents MUST be provided to > applications using JWS or JWE, provided that the signature/MAC validation > or decryption operation succeeds. The intended use of this field is to > have a standard place to provide application-specific metadata about the > payload or plaintext.**** > ** ** > ** ** > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > ** ** > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] Proposed resolution of header criticality … Karen O'Donoghue
- Re: [jose] Proposed resolution of header critical… Tim Bray
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Dirkjan Ochtman
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Manger, James H
- Re: [jose] Proposed resolution of header critical… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Matt Miller (mamille2)
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Mike Jones
- Re: [jose] Proposed resolution of header critical… Anthony Nadalin
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… John Bradley
- Re: [jose] Proposed resolution of header critical… Dick Hardt
- Re: [jose] Proposed resolution of header critical… Brian Campbell
- [jose] "crit" strings don't have to be field names Manger, James H
- Re: [jose] "crit" strings don't have to be field … Richard Barnes
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] "crit" strings don't have to be field … Manger, James H
- Re: [jose] Proposed resolution of header critical… Jim Schaad
- Re: [jose] Proposed resolution of header critical… Richard Barnes
- Re: [jose] Proposed resolution of header critical… John Bradley