[jose] Proposal about the SPI proposal

Brian Campbell <bcampbell@pingidentity.com> Fri, 08 February 2013 23:01 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A0A521F8BE8 for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:01:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.9
X-Spam-Level:
X-Spam-Status: No, score=-5.9 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EggG1F+SY5GC for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 15:01:47 -0800 (PST)
Received: from na3sys009aog111.obsmtp.com (na3sys009aog111.obsmtp.com [74.125.149.205]) by ietfa.amsl.com (Postfix) with ESMTP id 69D7621F8BE2 for <jose@ietf.org>; Fri, 8 Feb 2013 15:01:47 -0800 (PST)
Received: from mail-ie0-f198.google.com ([209.85.223.198]) (using TLSv1) by na3sys009aob111.postini.com ([74.125.148.12]) with SMTP ID DSNKURWD241rgGrZ93lvpV6abG8msZD9xGra@postini.com; Fri, 08 Feb 2013 15:01:47 PST
Received: by mail-ie0-f198.google.com with SMTP id 17so18631158iea.1 for <jose@ietf.org>; Fri, 08 Feb 2013 15:01:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=tRoBLPGqChn8oMhlIYlJNd3IYGMaN8ag6Yia6796QI8=; b=HhqD8HGIl/0bkTG2IWSH+hG//A6e7id+vzPnK8fqAlgHm2lVQTvgAGDilmLmo53Kyj xochUMThago0f51jbOtydIFb1Oer6eco5saCNvyXcLuzDtpOWMKNZqy/0FkaTmc55Y/O 2OoBYNo+AomKwZwxlvrxS/ovqeZJJgKV11781G0QjFIKM9NE1wnqodOddXcvvi3MHWiy AiDwdsshHSdyMsE0AgLNo87WqSwHHoab0z6xDtnoL+i8WHvtkFnGeS1Oey2dESQAYlje mdrukDeM+YfSJIR+imOhQEDyjaHJv9qpj+xqaKcvWLRmalHdVlzYIS7LLJSjmYDUTn2D 6zOA==
X-Received: by 10.50.180.197 with SMTP id dq5mr5959131igc.22.1360364506932; Fri, 08 Feb 2013 15:01:46 -0800 (PST)
X-Received: by 10.50.180.197 with SMTP id dq5mr5959119igc.22.1360364506808; Fri, 08 Feb 2013 15:01:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.139.8 with HTTP; Fri, 8 Feb 2013 15:01:15 -0800 (PST)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 8 Feb 2013 16:01:15 -0700
Message-ID: <CA+k3eCTo_=P_SQCG_ypiksVb-bfjuJ4Q9vt4r10wpuKPbFUWBg@mail.gmail.com>
To: "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary=14dae9340b7331837e04d53e8b04
X-Gm-Message-State: ALoCoQmdQG/togEsmR3S95xGfEZl1UYWHXy/bJPdc3ZkGYzkVvjV+v3dySqBOdXr5EjO92e4VzPJbh76x1TSFiBJXzQfPMYAfmXkrDj7JSv/xr9v9laL1j8kAc0TnNw5hjMkkNDyPzjI
Subject: [jose] Proposal about the SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 23:01:48 -0000

Maybe this was apparent from my comments/questions on the SPI proposal over
the last couple days[1] but I have concerns that run the gamut from
operational complexity and fragility to security problems. I believe
strongly that, without considerably more analysis and specification detail,
the current SPI work is much too risky to consider go in the current base
JOSE WG drafts.

As an alternative I'd like to request/propose that the SPI stuff be
submitted as new I-D to help facilitate that additional discussion and
analysis that I think it needs.

Thanks,
Brian

[1] http://www.ietf.org/mail-archive/web/jose/current/msg01500.html