Re: [jose] POLL(s): header criticality

Eric Rescorla <ekr@rtfm.com> Wed, 06 February 2013 19:09 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 560C221F8A55 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 11:09:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.31
X-Spam-Level:
X-Spam-Status: No, score=-101.31 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dAzqEENocVEs for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 11:09:25 -0800 (PST)
Received: from mail-qa0-f53.google.com (mail-qa0-f53.google.com [209.85.216.53]) by ietfa.amsl.com (Postfix) with ESMTP id 5111921F89B9 for <jose@ietf.org>; Wed, 6 Feb 2013 11:09:25 -0800 (PST)
Received: by mail-qa0-f53.google.com with SMTP id z4so815676qan.19 for <jose@ietf.org>; Wed, 06 Feb 2013 11:09:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-originating-ip:in-reply-to:references :from:date:message-id:subject:to:cc:content-type:x-gm-message-state; bh=jvL2xKR7604A647tpqZfmLPMc/lCjSQdlSg95pbAylo=; b=VTxLtPKDfi73+i+E5bYzAZrzv7CtCl1H3MZNGYsWQB5DXm6ktFvQXlCylWQtZ5yFaO Od3vymANWREVnM9qvhcqLbv9dFH4ImsZtNMjUAHxG+UInHVvicy2Ksd0WVZ6fltxgyXt yOrbVI92cqA/qTufYkWi7SXTtIbqfSrE6n1qRjXacATbQZDH0RFVgbSlhrAR+xlNV2rL 8tiU0RpD73FKLHnQw6CUWagn3dO1t+xXf+NM8k4S2TjSVlwdsEphGApZJZG+tmw7fjeV YPTYZBpJyi/6CP76N6cTdPmTtmbO1xsA4ayKI0J6W5KtRkPkd3daTyTdbA0HGRl6Obto g4iQ==
X-Received: by 10.49.128.37 with SMTP id nl5mr25581241qeb.59.1360177764400; Wed, 06 Feb 2013 11:09:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.49.82.130 with HTTP; Wed, 6 Feb 2013 11:08:44 -0800 (PST)
X-Originating-IP: [155.212.214.60]
In-Reply-To: <510FCA42.5000704@isoc.org>
References: <510FCA42.5000704@isoc.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 06 Feb 2013 11:08:44 -0800
Message-ID: <CABcZeBNBa9Ri9t+T0ijKeSLzK_PD5cX6640OxZdJ+vmaEKweXA@mail.gmail.com>
To: odonoghue@isoc.org
Content-Type: multipart/alternative; boundary="047d7b676e6e7a7cd304d5131077"
X-Gm-Message-State: ALoCoQl9p7YJPTFPrpHpGLi6L8EcOxYRQ2DUrqM6UO2rnVbzQF4YjjzfOC0chbGgMwYWIz/9i0xc
Cc: jose@ietf.org
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 19:09:26 -0000

1. NO
2. NO
3, B

-Ekr


On Mon, Feb 4, 2013 at 6:48 AM, Karen O'Donoghue <odonoghue@isoc.org> wrote:

> Folks,
>
> I am wrestling with how to help drive consensus on the topic of
> criticality of headers. For background, please review the current
> specification text, the minutes to the Atlanta meeting (IETF85), and the
> mailing list (especially the discussion in December with (Subj: Whether
> implementations must understand all JOSE header fields)). We need to come
> to closure on this issue in order to progress the specifications.
>
> As a tool to gather further information on determining a way forward, the
> following polls have been created. Please respond before 11 February 2013.
>
> Thanks,
> Karen
>
> *******************
> FIRST POLL: Should all header fields be critical for implementations to
> understand?
>
> YES – All header fields must continue to be understood by implementations
> or the input must be rejected.
>
> NO – A means of listing that specific header fields may be safely ignored
> should be defined.
>
> ********************
> SECOND POLL: Should the result of the first poll be "YES", should text
> like the following be added? “Implementation Note: The requirement to
> understand all header fields is a requirement on the system as a whole –
> not on any particular level of library software. For instance, a JOSE
> library could process the headers that it understands and then leave the
> processing of the rest of them up to the application. For those headers
> that the JOSE library didn’t understand, the responsibility for fulfilling
> the ‘MUST understand’ requirement for the remaining headers would then fall
> to the application.”
>
> YES – Add the text clarifying that the “MUST understand” requirement is a
> requirement on the system as a whole – not specifically on JOSE libraries.
>
> NO – Don’t add the clarifying text.
>
> ************************
> THIRD POLL: Should the result of the first poll be "NO", which syntax
> would you prefer for designating the header fields that may be ignored if
> not understood?
>
> A – Define a header field that explicitly lists the fields that may be
> safely ignored if not understood.
>
> B – Introduce a second header, where implementations must understand all
> fields in the first but they may ignore not-understood fields in the second.
>
> C - Other??? (Please specify in detail.)
> ______________________________**_________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/**listinfo/jose<https://www.ietf.org/mailman/listinfo/jose>
>