Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 3ED791A1AFF;
 Wed, 19 Nov 2014 17:27:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level: 
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 6Mjz59V8Rfvt; Wed, 19 Nov 2014 17:27:31 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com
 (mail-bn1on0778.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:fc10::778])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id EC0031A03A6;
 Wed, 19 Nov 2014 17:27:30 -0800 (PST)
Received: from BN3PR0301CA0060.namprd03.prod.outlook.com (25.160.152.156) by
 BN3PR0301MB1203.namprd03.prod.outlook.com (25.161.207.156) with Microsoft
 SMTP Server (TLS) id 15.1.16.15; Thu, 20 Nov 2014 01:26:37 +0000
Received: from BN1AFFO11FD008.protection.gbl (2a01:111:f400:7c10::194) by
 BN3PR0301CA0060.outlook.office365.com (2a01:111:e400:401e::28) with Microsoft
 SMTP Server (TLS) id 15.1.26.15 via Frontend Transport; Thu, 20 Nov 2014
 01:26:36 +0000
Received: from mail.microsoft.com (131.107.125.37) by
 BN1AFFO11FD008.mail.protection.outlook.com (10.58.52.68) with Microsoft SMTP
 Server (TLS) id 15.1.6.13 via Frontend Transport; Thu, 20 Nov 2014 01:26:36
 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.229]) by
 TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with
 mapi id 14.03.0210.003; Thu, 20 Nov 2014 01:25:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Thread-Topic: [jose] Pete Resnick's Discuss on
 draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
Thread-Index: AQHP3fdK8YG+SRr1nECfcW20xykmgJwgtxPQgAJQ0QCAARwqgIArdnkAgARaq4CAFM/YYIAAQMgg
Date: Thu, 20 Nov 2014 01:25:49 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB8DC90@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <20141002041344.8073.81288.idtracker@ietfa.amsl.com>
 <4E1F6AAD24975D4BA5B16804296739439BAEBD05@TK5EX14MBXC286.redmond.corp.microsoft.com>
 <008a01cfe161$f0ec5090$d2c4f1b0$@augustcellars.com>
 <4E1F6AAD24975D4BA5B16804296739439BAF370A@TK5EX14MBXC286.redmond.corp.microsoft.com>
 <CAHbuEH4dWUcUnP5_+w5tGY7eS0HKbu8Jr3WDVoq4s1eYvct8xA@mail.gmail.com>
 <545B9763.9050004@qti.qualcomm.com>
 <4E1F6AAD24975D4BA5B16804296739439BB8CF5A@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BB8CF5A@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.76]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates
 131.107.125.37 as permitted sender)
 receiver=protection.outlook.com; 
 client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37)
 smtp.mailfrom=Michael.Jones@microsoft.com; 
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI;
 IPV:NLI; EFV:NLI; SFV:NSPM;
 SFS:(10019020)(6009001)(438002)(43784003)(51704005)(189002)(377454003)(13464003)(199003)(51874003)(106466001)(81156004)(15202345003)(46406003)(106116001)(15975445006)(6806004)(68736004)(69596002)(19580405001)(19580395003)(44976005)(107046002)(230783001)(84676001)(66066001)(20776003)(47776003)(110136001)(64706001)(86362001)(104016003)(86612001)(95666004)(92726001)(92566001)(99396003)(4396001)(120916001)(97736003)(85806002)(26826002)(33656002)(23726002)(50466002)(87936001)(2656002)(55846006)(31966008)(46102003)(21056001)(93886004)(62966003)(77156002)(77096003)(97756001)(76176999)(54356999)(50986999);
 DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1203; H:mail.microsoft.com; FPR:;
 PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; 
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1203;
X-O365ENT-EOP-Header: Message processed by -  O365_ENT: Allow from ranges
 (Engineering ONLY)
X-Forefront-PRVS: 0401647B7F
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/stqozfpJETTALWAacMD6r3y9gz0
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>,
 Jim Schaad <ietf@augustcellars.com>,
 Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>,
 "jose@ietf.org" <jose@ietf.org>,
 "draft-ietf-jose-json-web-signature@tools.ietf.org"
 <draft-ietf-jose-json-web-signature@tools.ietf.org>
Subject: Re: [jose] Pete Resnick's Discuss on
 draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>,
 <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>,
 <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 01:27:33 -0000

This resolution is incorporated in the -37 drafts.

				-- Mike

-----Original Message-----
From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Wednesday, November 19, 2014 1:49 PM
To: Pete Resnick
Cc: jose-chairs@tools.ietf.org; Jim Schaad; Kathleen Moriarty; The IESG; jo=
se@ietf.org; draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-sign=
ature-33: (with DISCUSS and COMMENT)

Below I'm responding only to the remaining issue about "rejecting JWSs".   =
Pete, please let me know if the proposed language works for you.

> >>>>> 5.2:
> >>>>>
> >>>>> Strike the last sentence of the second paragraph. There's no=20
> >>>>> requirement here. If none of them validate, I can do what I want=20
> >>>>> with the JWS. I needn't "reject" it. I might just mark it as "inval=
id".
> >>>>>
> >>>>> [Get rid of all talk of "rejecting" throughout this document.
> >>>>> Again, I will note that the signatures are not valid, but=20
> >>>>> rejecting is a local implementation detail.]
> >>>>>
> >>>> As discussed during the telechat and on subsequent threads, the=20
> >>>> terms "accept" and "reject" are commonly used in this way, for=20
> >>>> instance, in RFC 5820.  As Kathleen wrote after the call, "For=20
> >>>> the
> "reject"
> >>>> language, Pete said on the call that he would go through each one=20
> >>>> to see where it might be application specific and will suggest chang=
es.
> >>>> Thanks in advance, Pete.".
> >>>>
>=20
> So I've gone through all of the "reject"s in the document, and I think=20
> I see a way to allay my concern without significantly changing the
> language: Instead of saying "reject the JWS" as it does in most=20
> places, I believe it would be much clearer if it simply said "reject=20
> the signature" as it does in 4.1.6. Then you're clearly not saying=20
> "rejecting the data", as I'm afraid certain sorts of applications=20
> developers will interpret it. In some instances, you'll need to say=20
> something like "reject the signature of a JWS with foobar", but I don't t=
hink that significantly changes the intended meaning.

It turns out that way back in draft -15, in response to issue #35 (http://t=
rac.tools.ietf.org/wg/jose/trac/ticket/35), we'd already changed statements=
 about "rejecting the JWS" in contexts of signature failures to statements =
about  the JWS Signature being invalid.  So those uses of "reject the JWS" =
that remained were actually about rejecting the whole thing - not about rej=
ecting the signature.  I'm revisiting that history because your suggested l=
anguage about "reject the signature" doesn't actually convey the correct me=
aning in the remaining contexts.

But I understand and agree with your intent - which is to say that implemen=
tations will determine that some JWSs are invalid, rather than the "rejecti=
on" being some kind of cataclysmic failure.  To achieve this intent, I've i=
nstead changed the language "reject the JWS" to "consider the JWS to be inv=
alid" in my current editor's draft.  Let me know if that works for you.

I've made the parallel changes in the JWE draft as well.

				Thanks again,
				-- Mike

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose