Re: [jose] Tightened Key Managed JWS Spec
"Manger, James" <James.H.Manger@team.telstra.com> Thu, 28 May 2015 02:59 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 674501A070E for <jose@ietfa.amsl.com>; Wed, 27 May 2015 19:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPaBqalAfevv for <jose@ietfa.amsl.com>; Wed, 27 May 2015 19:59:17 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id 655071A0AFE for <jose@ietf.org>; Wed, 27 May 2015 19:59:15 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="5.13,510,1427720400"; d="scan'208,217"; a="93606437"
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipocvi.tcif.telstra.com.au with ESMTP; 28 May 2015 12:59:03 +1000
X-IronPort-AV: E=McAfee;i="5700,7163,7814"; a="3583595"
Received: from wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) by ipcbvi.tcif.telstra.com.au with ESMTP; 28 May 2015 12:59:02 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3707.srv.dir.telstra.com ([172.49.40.81]) with mapi; Thu, 28 May 2015 12:59:02 +1000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Date: Thu, 28 May 2015 12:59:01 +1000
Thread-Topic: Tightened Key Managed JWS Spec
Thread-Index: AdCY2M/LLt/hpU41S9SujXgPXPLaNwAF78KQ
Message-ID: <255B9BB34FB7D647A506DC292726F6E1285CA8B458@WSMSG3153V.srv.dir.telstra.com>
References: <BL2PR03MB433FCE29FB0D85441A0D9CDF5CB0@BL2PR03MB433.namprd03.prod.outlook.com>
In-Reply-To: <BL2PR03MB433FCE29FB0D85441A0D9CDF5CB0@BL2PR03MB433.namprd03.prod.outlook.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E1285CA8B458WSMSG3153Vsrv_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/siwHqqlYDA-phjSb9ZE_nP1ph_8>
Subject: Re: [jose] Tightened Key Managed JWS Spec
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 02:59:19 -0000
How is code supposed to distinguish KMJWS from JWS and JWE? Or how is code that understands JWS and JWE supposed to notice that a KMJWS message is something it cannot handle? JWE section 9 "Distinguishing between JWS and JWE Objects" allows code to use any of 4 methods: counting dot-separated segments; payload/ciphertext member presence; alg value; enc member presence. I think KMJWS breaks all 4. Should 'crit' be used to indicate that something beyond JWS/JWE is going on? -- James Manger From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones Sent: Thursday, 28 May 2015 9:57 AM To: jose@ietf.org Subject: [jose] Tightened Key Managed JWS Spec The -01 version of draft-jones-jose-key-managed-json-web-signature tightened the semantics by prohibiting use of "dir" as the "alg" header parameter value so a second equivalent representation for content integrity-protected with a MAC with no key management isn't introduced. (A normal JWS will do just fine in this case.) Thanks to Jim Schaad for pointing this out. This version also adds acknowledgements and references the now-final JOSE RFCs<http://self-issued.info/?p=1387>. This specification is available at: * https://tools.ietf.org/html/draft-jones-jose-key-managed-json-web-signature-01 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-jones-jose-key-managed-json-web-signature-01.html -- Mike P.S. This note was also posted at http://self-issued.info/?p=1396 and as @selfissued.
- [jose] Tightened Key Managed JWS Spec Mike Jones
- Re: [jose] Tightened Key Managed JWS Spec Manger, James
- Re: [jose] Tightened Key Managed JWS Spec Mike Jones