Re: [jose] Should we delete the "typ" header field

If this is the level of "type" you're referring to, I think we should drop
it from the spec.  It's an application-layer thing that the app can add or
not according to its wishes.

I'm with Dick on this.  I think we should either have a mandatory indicator
of what type of JOSE object this, or nothing at all.   If the former, the
allowable values are "JWE" and "JWS".  The "+JSON" options are non-sensical
-- the app needs to know what it's parsing before it gets this header.
 While I have a preference for the former (for clarity), the latter
approach is also OK with me, since the MIME types are specific to JWE/JWS.

Another approach here would be to address the JSON and compact forms
separately.  The JSON form has no need of "typ" at all, since the type of
the object is completely clear from what fields are there, e.g.,
"recipients" vs. "signatures".  For the compact form, we could do something
like James's "E."/"S." prefix idea, which you need because the
dot-separated components have different meanings and no field names to
indicate this.

--Richard

On Wed, May 29, 2013 at 8:30 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  A standard library is unlikely to know the meanings of all possible
> “typ” values – and more to the point, *it doesn’t have to*.  It’s the
> application’s job to determine that “this blob is a JOSE object” and then
> pass it to a standard library, which will then ignore the “typ” value.****
>
> ** **
>
> A standard JOSE library won’t know what “typ”: “JWT” means.  It won’t know
> what “typ”: “BCGovToken” is, should the BC Government want to declare that
> it’s using a token with particular characteristics.  It won’t know what
> “typ”: “XMPP” is, should XMPP want to declare that it’s using a JOSE data
> structure with particular characteristics.  Etc.****
>
> ** **
>
> All these values can be registered in the registry and used by
> applications that understand them.  That’s the application’s job – not the
> library’s job.  The “typ” field is just there so that applications have a
> standard place to make any such declarations that they may need.****
>
> ** **
>
>                                                                 -- Mike***
> *
>
> ** **
>
> *From:* Dick Hardt [mailto:dick.hardt@gmail.com]
> *Sent:* Wednesday, May 29, 2013 5:18 PM
> *To:* Mike Jones
> *Cc:* Jim Schaad; jose@ietf.org
>
> *Subject:* Re: [jose] Should we delete the "typ" header field****
>
> ** **
>
> I'd prefer to be able to use standard libraries for creating and parsing
> tokens, and not specialized libraries dependent on the use case.****
>
> ** **
>
> I strongly think we either drop "typ" or make it required.****
>
> ** **
>
> On Wed, May 29, 2013 at 5:03 PM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:****
>
> It’s fine for your application to specify that it’s required for your use
> case.  Not applications need it, so they shouldn’t be forced to pay the
> space penalty of an unnecessary field.****
>
>  ****
>
>                                                                 -- Mike***
> *
>
>  ****
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Dick Hardt
> *Sent:* Wednesday, May 29, 2013 4:56 PM****
>
>
> *To:* Jim Schaad
> *Cc:* jose@ietf.org
> *Subject:* Re: [jose] Should we delete the "typ" header field****
>
>  ****
>
> I use it all the time and my code would barf if it was not there.****
>
>  ****
>
> I think it should be required rather than be a hint if it is going ot be
> there.****
>
>  ****
>
> On Wed, May 29, 2013 at 4:40 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:****
>
> I think the values just changed****
>
>  ****
>
> However the way you are using it would be an argument to say that it
> should be a required field.  Are you just using it as a hint if it exists
> and then looking at the rest of the fields if it is not present?****
>
>  ****
>
> Jim****
>
>  ****
>
>  ****
>
> *From:* Dick Hardt [mailto:dick.hardt@gmail.com]
> *Sent:* Wednesday, May 29, 2013 3:49 PM
> *To:* Jim Schaad
> *Cc:* jose@ietf.org
> *Subject:* Re: [jose] Should we delete the "typ" header field****
>
>  ****
>
> Well, I have been using, but now realize the spec changed or I was
> confused.****
>
>  ****
>
> I had been setting "typ" to be either "JWE" or "JWS" depending on the type
> of token I was creating or parsing as it was easier than looking at "alg"*
> ***
>
>  ****
>
> As currently defined, I don't see value in "typ".****
>
>  ****
>
> -- Dick****
>
>  ****
>
>  ****
>
> On Wed, May 29, 2013 at 3:02 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:****
>
> In reading the documents, I am trying to understand the justification for
> having the “typ” header parameter in the JOSE documents.****
>
>  ****
>
> The purpose of the field is to hold the type of the object.  In the past,
> I believe that values which should now be placed in the cty field (such as
> “JWT”) were placed in this field as well.  However the parameter is
> optional and an implementation cannot rely on its being present.  This
> means that for all practical purposes all of the code to determine the
> value of the type field from the values of the alg and enc fields.  If the
> field was mandatory then this code would disappear at a fairly small space
> cost and I can understand why the parameter would be present.****
>
>  ****
>
> Can anybody justify why this field should be present in the document – or
> should it just disappear?****
>
>  ****
>
> Jim****
>
>  ****
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
>
>
> ****
>
>  ****
>
> --
> -- Dick ****
>
>
>
> ****
>
>  ****
>
> --
> -- Dick ****
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
>
>
> ****
>
> ** **
>
> --
> -- Dick ****
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>