Re: [jose] Common elements (was: Re: Should we keep or remove the JOSE JWS and JWE MIME types?)
"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 20 June 2013 23:57 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7607121E80C9 for <jose@ietfa.amsl.com>; Thu, 20 Jun 2013 16:57:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.664
X-Spam-Level:
X-Spam-Status: No, score=-0.664 tagged_above=-999 required=5 tests=[AWL=0.237, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5dQs4bYj6XX for <jose@ietfa.amsl.com>; Thu, 20 Jun 2013 16:57:36 -0700 (PDT)
Received: from ipxbvo.tcif.telstra.com.au (ipxbvo.tcif.telstra.com.au [203.35.135.204]) by ietfa.amsl.com (Postfix) with ESMTP id 025CA21E80AD for <jose@ietf.org>; Thu, 20 Jun 2013 16:57:35 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.87,908,1363093200"; d="scan'208";a="142523382"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipobvi.tcif.telstra.com.au with ESMTP; 21 Jun 2013 09:57:33 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,7112"; a="139525082"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcdvi.tcif.telstra.com.au with ESMTP; 21 Jun 2013 09:57:33 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Fri, 21 Jun 2013 09:57:33 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Richard Barnes <rlb@ipv.sx>
Date: Fri, 21 Jun 2013 09:57:32 +1000
Thread-Topic: [jose] Common elements (was: Re: Should we keep or remove the JOSE JWS and JWE MIME types?)
Thread-Index: AQHObeXN1GY2mXm1UkS/cH+IeFF5Vpk+9RbQgABLqwA=
Message-ID: <255B9BB34FB7D647A506DC292726F6E1151BB8F653@WSMSG3153V.srv.dir.telstra.com>
References: <CAL02cgThKXYYmKpB+_XVCE3cBPDsX=cKnNaEYdKOEqz1cy8aLw@mail.gmail.com> <4E1F6AAD24975D4BA5B168042967394367879E91@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367879E91@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] Common elements (was: Re: Should we keep or remove the JOSE JWS and JWE MIME types?)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 23:57:43 -0000
> Editorially, if we do decide to add application/jose and application/jose+json MIME types, I would register them in draft-ietf-jose-json-web-signature, just like other registry content shared between JWS and JWE, such as the JSON Web Signature and Encryption Header Parameters Registry.
>> While we're at it, you could move over the header parameters that are shared between the two. Namely all but "enc" and "zip". ("epk", and "apu" should move to JWA.)
+1
>> And once you do that, it seems more and more like JWE is becoming the little brother to JWS, in which case we might as well combine them.
+0.5
We do need a *single* description of the basic structure of any JOSE object. Calling such a spec "JWS" is not ideal. With a sensible separation of the spec into sections on the basic structure, a section of signing, a section on MACing, a section on authenticated encryption, sections on key exchange... -- it wouldn't matter quite so much if, say, the encryption section was in a separate document as long as it didn't have to duplicate so much text the way JWE does.
> As you know from our private conversation about your review comments, while closely related, the key selection header parameter definitions are, by design, not identical between the JWS and JWE spec. In JWS they refer to the key that is used to check the signature/MAC. In JWE they refer to the key to which the JWE was encrypted. Trying to coalesce them would only make the text unnecessarily muddier in both cases.
Coalescing the text would highlight the design flaw that the same field (eg "kid") in the same place (JOSE header) has different meanings (eg identifying a recipient key or identifying an originator key). It might help us fix that design flaw.
--
James Manger
- [jose] Common elements (was: Re: Should we keep o… Richard Barnes
- Re: [jose] Common elements (was: Re: Should we ke… Mike Jones
- Re: [jose] Common elements (was: Re: Should we ke… Richard Barnes
- Re: [jose] Common elements (was: Re: Should we ke… Manger, James H