IETF Logo Mail Archive

Re: [jose] Should we keep or remove the JOSE JWS and JWE MIME types?

John Bradley <ve7jtb@ve7jtb.com> Mon, 24 June 2013 23:50 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FAF521F9F2A for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 16:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4f-KH3LihW9L for <jose@ietfa.amsl.com>; Mon, 24 Jun 2013 16:50:18 -0700 (PDT)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id A480821F9F03 for <jose@ietf.org>; Mon, 24 Jun 2013 16:50:18 -0700 (PDT)
Received: by mail-ie0-f170.google.com with SMTP id e11so27003531iej.29 for <jose@ietf.org>; Mon, 24 Jun 2013 16:50:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=2OFjEHG/xHBYyZhE8leZx6xo6SNHxqghAl2cRixfZfQ=; b=QHYwJaibypLqgiObDi4j9i5ynOjvRbbQ7AewlEBNDIRHVUSjAAcm6h7lRtkG705Cw2 oZVkgAve6eARHlckfX3u7dJNGcxljraiQtXTo1Eb0cRYjxofX/zTzrvI31W0xhxn/Had loaC/ENG5G5S/aerVrCoz61qO7oAOY2YCt3+0mfIa0XMUafVfpIFgjxEmP39pNGrnHx3 6N+v4//5H5kl944zBg8Fxotr7ob+nDjKq3RNaFfK2W+vfkkIhHbJcQxV5+s9GAZOWNqw odqjtae/jstZ6Uv7aBOaMIGDCgn7F/S2Wwa5bSbxKVIZ/kZutr/8Sd1692NJ1whcwKRK z8PA==
X-Received: by 10.50.110.100 with SMTP id hz4mr6983660igb.46.1372117811536; Mon, 24 Jun 2013 16:50:11 -0700 (PDT)
Received: from [192.168.1.35] (190-20-31-145.baf.movistar.cl. [190.20.31.145]) by mx.google.com with ESMTPSA id z6sm664731igw.8.2013.06.24.16.50.07 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 24 Jun 2013 16:50:10 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_C736AA10-E1B7-48E5-9DF8-24E9FE11C55F"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+k3eCRS1Fri_fW310UKdvwBMXA1+wdxtdBBc2cnUPypQs7zBQ@mail.gmail.com>
Date: Mon, 24 Jun 2013 19:49:41 -0400
Message-Id: <6C8CCB64-095A-42A2-A986-D38D86A37E34@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B1680429673943678735D4@TK5EX14MBXC283.redmond.corp.microsoft.com> <1371760769.7926.YahooMailRC@web184402.mail.bf1.yahoo.com> <CA+k3eCRS1Fri_fW310UKdvwBMXA1+wdxtdBBc2cnUPypQs7zBQ@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQkJE+LW7OicgjY5bRNZuS+SuE1QLK40X+rgrdRCvX34TChIGcxTYIg1a6zhdTPmohHB9wiT
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, Edmund Jay <ejay@mgi1.com>
Subject: Re: [jose] Should we keep or remove the JOSE JWS and JWE MIME types?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 23:50:20 -0000

+1 I am OK with dropping those 4 Mime types. 

I think a single generic media type for JOSE is the correct thing. 

John B.

On 2013-06-20, at 4:47 PM, Brian Campbell <bcampbell@pingidentity.com> wrote:

> I'm okay dropping them.
> 
> 
> On Thu, Jun 20, 2013 at 2:39 PM, Edmund Jay <ejay@mgi1.com> wrote:
> +1 in favor of dropping
> 
> From: Mike Jones <Michael.Jones@microsoft.com>
> To: "jose@ietf.org" <jose@ietf.org>
> Sent: Tue, June 18, 2013 6:42:15 PM
> Subject: [jose] Should we keep or remove the JOSE JWS and JWE MIME types?
> 
> The JWS and JWE documents currently define these MIME types for the convenience of applications that may want to use them:
> 
>                 application/jws
> 
>                 application/jws+json
> 
>                 application/jwe
> 
>                 application/jwe+json
> 
>  
> That being said, I’m not aware of any uses of these by applications at present.  Thus, I think that makes it fair game to ask whether we want to keep them or remove them – in which case, if applications ever needed them, they could define them later.
> 
>  
> Another dimension of this question for JWS and JWE is that it’s not clear that the four types application/jws, application/jws+json, application/jwe, and application/jwe+json are even the right ones.  It might be more useful to have generic application/jose and application/jose+json types, which could hold either JWS or JWE objects respectively using the compact or JSON serializations (although I’m not advocating adding them at this time).
> 
>  
> Having different JWS versus JWE MIME types apparently did contribute to at least Dick’s confusion about the purpose of the “typ” field, so deleting them could help eliminate this possibility of confusion in the future.  Thus, I’m increasingly convinced we should get rid of the JWS and JWE types and leave it up to applications to define the types they need, when they need them.
> 
>  
> Do people have use cases for these four MIME types now or should we leave them to future specs to define, if needed?
> 
>  
>                                                                 -- Mike
> 
>  
> P.S.  For completeness, I’ll add that the JWK document also defines these MIME types:
> 
>                 application/jwk+json
> 
>                 application/jwk-set+json
> 
>  
> There are already clear use cases for these types, so I’m not advocating deleting them, but wanted to call that out explicitly.  For instance, when retrieving a JWK Set document referenced by a “jku” header parameter, I believe that the result should use the application/jwk-set+json type.  (In fact, I’ll add this to the specs, unless there are any objections.)  Likewise, draft-miller-jose-jwe-protected-jwk-02 already uses application/jwk+json.  Both could also be as “cty” values when encrypting JWKs and JWK Sets, in contexts where that that would be useful.
> 
>  
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email