IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory

Richard Barnes <rlb@ipv.sx> Fri, 19 April 2013 17:36 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9684E21F93B4 for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 10:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fK6ZdHYn6zXx for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 10:36:46 -0700 (PDT)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 6B78521F92E8 for <jose@ietf.org>; Fri, 19 Apr 2013 10:36:46 -0700 (PDT)
Received: by mail-ob0-f174.google.com with SMTP id wc20so746541obb.19 for <jose@ietf.org>; Fri, 19 Apr 2013 10:36:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=F11j5/w+U5wJhff9p8rWYFhptPoik4CEQrhBHaQ4/7U=; b=oSyXiTxozp0ACf/qoVF6I+RT8NIFXcc+eXHPRkZtJr/+8B+mO6FwX20t5uAY4vxyXM oLWOPjrLqZ1i04zGJkbHP/Gp4N7KNqEubx4AGNHtEExokAzcNvG9PQ7btiJax77xGn/l 7IrFQSuAmNdyz5VZO3Hq2OPYi/kOFTU29h92Rwb/z2CnExwoVfqpZWcI5VNLFl05vXS1 s1clCOe0yxrNVV+YG72mFe3QVjO0PES4MeacCBRZzBj3jr2v6UgzNjKnUJlIzwIBQib/ /z+06YFweaqDYRoD9sCRg8PmyKYURpVXyBn6QVrHGf2IiUQv4+9MryToC5xrwZhGhEZ1 NJKw==
MIME-Version: 1.0
X-Received: by 10.60.17.132 with SMTP id o4mr9624984oed.12.1366393005870; Fri, 19 Apr 2013 10:36:45 -0700 (PDT)
Received: by 10.60.25.196 with HTTP; Fri, 19 Apr 2013 10:36:45 -0700 (PDT)
X-Originating-IP: [192.1.51.16]
In-Reply-To: <A47D9015-908E-4BBB-A644-0682D4C2199A@vigilsec.com>
References: <A47D9015-908E-4BBB-A644-0682D4C2199A@vigilsec.com>
Date: Fri, 19 Apr 2013 13:36:45 -0400
Message-ID: <CAL02cgTdOFCfwW3xgcF6q85snOJtPMOyrACTuiRgqx4W68Wf-g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="089e01294d0cbd214104daba29e3"
X-Gm-Message-State: ALoCoQlgNhTjZ7wBbvzJtENpGXRwnoC6OQ+shSBItgbQEE1lktr2g+OhZA9GORrM+nRb3CYIe6Ed
Cc: "jose@ietf.org" <jose@ietf.org>, Karen ODonoghue <odonoghue@isoc.org>
Subject: Re: [jose] Feedback request on jose tracker issue #15: Should at least on key indicator be mandatory
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2013 17:36:47 -0000

Definitely agree with this statement.

That was the underlying intent of ISSUE-6 (Unclear requirements levels on
fields).  Because the document isn't structured in the way Russ describes,
everything has to be optional.    If it were structured according to key
management, you could have a clear set of REQUIRED fields based on the mode
(indicated by "alg"):
-- Key transport (asymmetric) => kid / jku
-- Key encipherment (symmetric) => kid
-- Key agreement => kid, epk, apu, apv

Of course, these could be omitted if pre-negotiation is going on, but you
would need to signal that, e.g., with SPI.

--Richard




On Fri, Apr 19, 2013 at 1:00 PM, Russ Housley <housley@vigilsec.com> wrote:

> As I have said in the past, this is the wrong question.  The document
> should be structured in a manner that tell which things are mandatory based
> on the use of particular types of key management.
>
> Russ
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email