Re: [jose] Working Group last call on draft-ietf-jose-jwk-thumbprint
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 23 January 2015 23:13 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7083E1AD0CC for <jose@ietfa.amsl.com>; Fri, 23 Jan 2015 15:13:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0eGE90zknRfA for <jose@ietfa.amsl.com>; Fri, 23 Jan 2015 15:13:01 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9231AD0CB for <jose@ietf.org>; Fri, 23 Jan 2015 15:13:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B29DABEC9; Fri, 23 Jan 2015 23:12:59 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VD2P3-CNYfMm; Fri, 23 Jan 2015 23:12:58 +0000 (GMT)
Received: from [10.87.48.73] (unknown [86.42.29.136]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 28912BE9F; Fri, 23 Jan 2015 23:12:58 +0000 (GMT)
Message-ID: <54C2D579.9000505@cs.tcd.ie>
Date: Fri, 23 Jan 2015 23:12:57 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: ⌘ Matt Miller <mamille2@cisco.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <Michael.Jones@microsoft.com>
References: <046701d036af$c74ec7b0$55ec5710$@augustcellars.com> <CAL02cgSvp7d14B2Yan2-CHsi__ZedHfrvOAGbJRmnU93i33jbA@mail.gmail.com> <54C284C3.7070902@cisco.com> <601AAE53-0A77-4582-B56D-B126ECBEEFBE@ve7jtb.com> <4E1F6AAD24975D4BA5B1680429673943A21EB5D7@TK5EX14MBXC291.redmond.corp.microsoft.com> <CAL02cgQgV+b6rdOn9nHRS0cNgrb4-1A669vr9Q9L_XyMQ9BO6A@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943A21EB6E9@TK5EX14MBXC291.redmond.corp.microsoft.com> <CAL02cgQQUo6P3XD7QDADNhrXkcmSL9X0oxMmXAiMkgJh78eQ-Q@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943A21EBD4B@TK5EX14MBXC291.redmond.corp.microsoft.com> <325597BB-8A06-4410-85F8-E01906B399F4@ve7jtb.com> <54C2C223.2040302@cisco.com>
In-Reply-To: <54C2C223.2040302@cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/u3SvRw1RMg86Kp21913UyQM5q0c>
Cc: Richard Barnes <rlb@ipv.sx>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Working Group last call on draft-ietf-jose-jwk-thumbprint
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 23:13:02 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/01/15 21:50, ⌘ Matt Miller wrote: > Or maybe we seriously consider SPKI. Yes. It works. It's used elsewhere so offers better interop. All libraries support it so coding up the thumbprint stuff with that is trivial and far less error prone. It avoids any need for (even more) pointless debate about hash-input nitpicking. There's less spec text needed too. All useful asymmetric algs will have a well defined SPKI for the next decade because those are used in TLS and for the WebPKI which is not going away no matter how much you want it to go away. That is a pile of advantages. And, most important, there is zero advantage in pointlessly inventing a new variation. Frankly the supposed advantages offered so far: - - a line or two less code, (maybe, maybe not, unimportant in any case) - - "not asn.1" (nonsense, SPKI needs no generic asn.1 support, we've known for decades how to do without that, and your library constructs the octets from the key already) - - "it should be json" (more nonsense, it's a hash input and never sent or stored, nobody cares what format it has) ...are utterly unconvincing in any rational view. S. PS: As another data point, the W3C sub-resource integrity spec [1] uses ni URIs today. I've no idea if that's likely to last into a W3C REC or get deployed, but seems to me like not-reinventing in this space is one sensible thing those folks have (sensibly:-) done, given the utter lack of benefit from re-inventing. [1] http://www.w3.org/TR/SRI/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUwtVxAAoJEC88hzaAX42iiyAH/2IBfml30CcQzUiFyFO0zzZZ lCiaMy+Iy+ZmVtXNGGTQlA7xt+EK060TgG0Aj+vWOMJpxGabxniseJf6RnrSGL2D M3VL+Tcbx4EDbGTUAyjf8lQ+kAuAbj9xBY3VPG8r1qNrqh8chtRwRSU2O7+plBuJ qSx+A+8KORzMPhpan+XlcTjnDoSClBnI7+Ajt4T9LozVN4Z0Pl4S2Nnrr8lbgyiH g8T+u1GTvcT542kL/+Q9g+rUyzVJNE/F+VwvraueTUdkCu+hxhWIUwFZnek27gSk g4NDwmouzS/0hr3hkM2eqrGyfjpmvTL/VnrfjhKeIKkpBDL2Fvt0hNUlLlhReIU= =cnGe -----END PGP SIGNATURE-----
- [jose] Working Group last call on draft-ietf-jose… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… hideki nara
- Re: [jose] Working Group last call on draft-ietf-… nov matake
- Re: [jose] Working Group last call on draft-ietf-… Axel.Nennker
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Vladimir Dzhuvinov
- Re: [jose] Working Group last call on draft-ietf-… Axel.Nennker
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Richer, Justin P.
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Richer, Justin P.
- Re: [jose] Working Group last call on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Richard Barnes
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… hideki nara
- Re: [jose] Working Group last call on draft-ietf-… stephen.farrell
- Re: [jose] Working Group last call on draft-ietf-… Brian Campbell
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Kathleen Moriarty
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Justin Richer
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Brian Campbell
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… John Bradley
- Re: [jose] Working Group last call on draft-ietf-… Brian Campbell
- Re: [jose] Working Group last call on draft-ietf-… Stephen Farrell
- Re: [jose] Working Group last call on draft-ietf-… Brian Campbell
- Re: [jose] Working Group last call on draft-ietf-… Jim Schaad
- Re: [jose] Working Group last call on draft-ietf-… Brian Campbell
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Breno de Medeiros
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones
- Re: [jose] Working Group last call on draft-ietf-… Mike Jones