Re: [jose] WGLC for draft-ietf-jose-crfg-curves

"Matt Miller (mamille2)" <mamille2@cisco.com> Tue, 05 July 2016 23:41 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3241B12B032 for <jose@ietfa.amsl.com>; Tue, 5 Jul 2016 16:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJC_EaEx3aQw for <jose@ietfa.amsl.com>; Tue, 5 Jul 2016 16:41:39 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55D2312B02F for <jose@ietf.org>; Tue, 5 Jul 2016 16:41:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3392; q=dns/txt; s=iport; t=1467762099; x=1468971699; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=1dVQKKyGQgMvMnmlrL8RhxlzqjgEDBj5PYdD2Ykm8DI=; b=Gk8tijt2hI6e0zN0u/yXeyH2tyLE6FccKwxQUz6MaQqdUBRcY8zVl9VW ONP3IF5q8cWVI9D0aw80HG99Qps7KXSOMQibZk8oIZsWej62/RezPEDHm aAtPwjnkN/svGRhwmWg44yVOhWKmvMCrGqtHl82Q01JE4aGl8MP7Yu1Bv I=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AjAgC0RHxX/4sNJK1cgz5WfAa5Q4F3IoV2AoEwOBQBAQEBAQEBZRwLhEwBAQQBAQEhSxAHBAIBCBEEAQEBJwMCAicLFAkIAQEEEw6IGggOq2uPfwEBAQEBAQEBAQEBAQEBAQEBAQEBAQ4JBYgfglWHQSuCLwWZEQIBgy6BbIksgWqEVoMuhTyQCQEeNoIIHIFMbodVfwEBAQ
X-IronPort-AV: E=Sophos;i="5.28,316,1464652800"; d="asc'?scan'208";a="292147610"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 05 Jul 2016 23:41:38 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u65Nfcdi026805 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <jose@ietf.org>; Tue, 5 Jul 2016 23:41:38 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 5 Jul 2016 18:41:37 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1210.000; Tue, 5 Jul 2016 18:41:37 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] WGLC for draft-ietf-jose-crfg-curves
Thread-Index: AdG9qTd0cy11MRtqTY+kBtinHwpD+wF9e9uABOhhqwA=
Date: Tue, 05 Jul 2016 23:41:37 +0000
Message-ID: <C9880193-8D67-41D7-A6DD-D76AFAD1241B@cisco.com>
References: <006b01d1bda9$684acbb0$38e06310$@augustcellars.com> <074301d1c375$3ed288f0$bc779ad0$@augustcellars.com>
In-Reply-To: <074301d1c375$3ed288f0$bc779ad0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.129.24.54]
Content-Type: multipart/signed; boundary="Apple-Mail=_5A95EE7C-5748-4229-A320-D18EF88E4A3A"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/l_5u0lCUD6r4MJgIC9gmZBvHDv8>
Subject: Re: [jose] WGLC for draft-ietf-jose-crfg-curves
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 23:41:41 -0000

My apologies for the tardiness of these last call comments.

Overall, I think draft-ietf-jose-cfrg-curves-03 needs a little more
editorial work before it is ready to be published.

* It seems odd that RFC7515 and RFC7516 are not referenced at all.
It seems appropriate to at least informatively reference that the
signature portion of this document relates to RFC7515 and the ECDH
portion relate to RFC7516.  However, I think at least RFC7515 needs
to be a normative reference; I don't think someone can implement
the signing/verifying portions of this document without knowing
what "JWS Signing Input" means (see bullet #N).

* It seems odd that RFC7517, RFC7518, and RFC7638 are informative
references rather than normative.  I'm especially not sure one can
implement the ECDH portion of this document without understanding
at least RFC 7518 § 4.6.

* This document is using terms from RFC7515, RFC7517, and RFC7518,
yet this is not mentioned at all.  It seems to me § 1.1 ought to
state this document is using terms from those documents.


--
- m&m

Matt Miller
Cisco Systems, Inc.

> On Jun 10, 2016, at 18:07, Jim Schaad <ietf@augustcellars.com> wrote:
> 
> I have not seen any reviews yet except mine.  Part of the reason why this
> work is being done in the JOSE working group is because we have a better
> understanding of how it should work in JOSE.  If we get to the end of the
> last call and there are not "a sufficient number" reviews, I will talk with
> the AD about bouncing it to the CURDLE working group for completion.
> 
> Jim
> 
> 
>> -----Original Message-----
>> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
>> Sent: Friday, June 03, 2016 8:06 AM
>> To: jose@ietf.org
>> Subject: [jose] WGLC for draft-ietf-jose-crfg-curves
>> 
>> This starts a (roughly) two-week last call on this document.
>> 
>> Last call will end on 20 June.  Please read the document and give comments
>> even if it is as simple as "I did not see any problems with this draft".
>> 
>> Thanks
>> 
>> Jim
>> 
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose