Re: [jose] Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32: (with COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:40 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 470081A879F; Tue, 14 Oct 2014 05:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ern6CR5ve7AQ; Tue, 14 Oct 2014 05:40:54 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0145.outbound.protection.outlook.com [65.55.169.145]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A754C1A8797; Tue, 14 Oct 2014 05:40:53 -0700 (PDT)
Received: from BY2PR03CA071.namprd03.prod.outlook.com (10.141.249.44) by DM2PR0301MB1216.namprd03.prod.outlook.com (25.160.219.17) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:40:51 +0000
Received: from BL2FFO11FD056.protection.gbl (2a01:111:f400:7c09::105) by BY2PR03CA071.outlook.office365.com (2a01:111:e400:2c5d::44) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:40:51 +0000
Received: from mail.microsoft.com (131.107.125.37) by BL2FFO11FD056.mail.protection.outlook.com (10.173.161.184) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:40:50 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.193]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:40:12 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Barry Leiba <barryleiba@computer.org>, The IESG <iesg@ietf.org>
Thread-Topic: Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32: (with COMMENT)
Thread-Index: Ac/nq/vXCxfx5JH0QESK+WxUcKTrDA==
Date: Tue, 14 Oct 2014 12:40:11 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D0BA@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB0D0BATK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(52044002)(43784003)(13464003)(189002)(199003)(86362001)(16236675004)(15975445006)(92726001)(19580395003)(44976005)(6806004)(106466001)(81156004)(84676001)(21056001)(19580405001)(19625215002)(69596002)(68736004)(26826002)(33656002)(86612001)(77096002)(55846006)(76482002)(85852003)(85806002)(84326002)(2656002)(80022003)(120916001)(46102003)(87936001)(104016003)(31966008)(85306004)(512874002)(19617315012)(19300405004)(230783001)(54356999)(50986999)(97736003)(4396001)(107046002)(99396003)(92566001)(95666004)(64706001)(20776003)(15202345003)(71186001)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1216; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1216;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/s-5WI1fJVJ3Cm1L60st5EOruN88
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "draft-ietf-jose-json-web-algorithms@tools.ietf.org" <draft-ietf-jose-json-web-algorithms@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32: (with COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:40:56 -0000
These review comments have been addressed in the -34 draft. Thanks again, -- Mike From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones Sent: Monday, September 29, 2014 3:18 PM To: Barry Leiba; The IESG Cc: jose-chairs@tools.ietf.org<mailto:jose-chairs@tools.ietf.org>; jose@ietf.org<mailto:jose@ietf.org>; draft-ietf-jose-json-web-algorithms@tools.ietf.org<mailto:draft-ietf-jose-json-web-algorithms@tools.ietf.org> Subject: Re: [jose] Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32: (with COMMENT) I’ve added the working group to this thread so they're aware of your comments. Replies are inline below… -----Original Message----- From: Barry Leiba [mailto:barryleiba@computer.org] Sent: Thursday, September 25, 2014 7:33 AM To: The IESG Cc: jose-chairs@tools.ietf.org<mailto:jose-chairs@tools.ietf.org>; draft-ietf-jose-json-web-algorithms@tools.ietf.org<mailto:draft-ietf-jose-json-web-algorithms@tools.ietf.org> Subject: Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32: (with COMMENT) Barry Leiba has entered the following ballot position for draft-ietf-jose-json-web-algorithms-32: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I have one comment. I'm making it non-blocking, but I think it really does need to be clarified, so please chat with me about it: -- Section 7.1 -- The implementation requirements of an algorithm MAY be changed over time by the Designated Experts(s) as the cryptographic landscape evolves, for instance, to change the status of an algorithm to Deprecated, or to change the status of an algorithm from Optional to Recommended+ or Required. Changes of implementation requirements are only permitted on a Specification Required basis, with the new specification defining the revised implementation requirements level. 1 (minor). The "MAY" does not refer to a protocol option, and I think it should not be a 2119 key word. Agreed 2 (the real point). I don't understand how the two sentences relate to each other. The first sentence seems to say that the DE(s) can change implementation requirements on their own. The second says it has to be done using Specification Required (which doesn't really need to be said, as that's the policy for the registry anyway). Which is it? If it's Specification Required, then anyone can propose a change, using a specification, and the DE(s) will review that as they do any other registration request. The intent is for both to be required – that a specification be written proposing the change and the designated experts approve the change. I can look into a wording change to make this clearer when the document is next revised. This comment also applies to Sections 7.4 and 7.6. Noted. -- Mike