Re: [jose] Should we delete the "typ" header field
Dick Hardt <dick.hardt@gmail.com> Thu, 30 May 2013 00:29 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E33B21F93D4 for <jose@ietfa.amsl.com>; Wed, 29 May 2013 17:29:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.05
X-Spam-Level:
X-Spam-Status: No, score=-3.05 tagged_above=-999 required=5 tests=[AWL=0.548, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PxqT-O01uA+y for <jose@ietfa.amsl.com>; Wed, 29 May 2013 17:29:50 -0700 (PDT)
Received: from mail-vc0-f170.google.com (mail-vc0-f170.google.com [209.85.220.170]) by ietfa.amsl.com (Postfix) with ESMTP id CA8DE21F910D for <jose@ietf.org>; Wed, 29 May 2013 17:29:49 -0700 (PDT)
Received: by mail-vc0-f170.google.com with SMTP id gf11so6935384vcb.15 for <jose@ietf.org>; Wed, 29 May 2013 17:29:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zE8g27nNrnq/l/SBFcTMPkwXpUqSOTG6Z39WtILDEio=; b=YBjVRh1N0U97zeXoo3t2DD85eWUmY8hKlgJ5crkEFTlGLl3HFei95ZCMha43V8ZAa6 oimxxlk0hVCVSN4R0rlqVAxxxk20k6KcmAiGA7j5OfEc8KyY2eony1d80/bRMyBeaek7 WzpqimN6N4902BrmuLCSlal4i/gwpEn5ksjrR9n9yLQ6EvtBq0Q6EYplwQbH6n8DYKn2 QWfRZAnIb8EUNkjC7CK7aN+puphHm3MCjC3fBAyORaFQ6cK762pDybzIyegfIFvmC70H hiVlhC7wr+CubTn41ehs+YhhPTEhAtHrCOaMrwp3gjwV0S1dFJrHxIsa+iRk1l4JLnnH eIGQ==
MIME-Version: 1.0
X-Received: by 10.52.53.36 with SMTP id y4mr2726045vdo.51.1369873789153; Wed, 29 May 2013 17:29:49 -0700 (PDT)
Received: by 10.52.160.161 with HTTP; Wed, 29 May 2013 17:29:49 -0700 (PDT)
In-Reply-To: <C84C740C-CA7F-40F4-829B-1A1C09EF357F@ve7jtb.com>
References: <02b701ce5cb8$46ae77e0$d40b67a0$@augustcellars.com> <CAD9ie-vK3gY9b9GQrbUa=TACy5KVA1uPH_u_utucoKzVynjuiA@mail.gmail.com> <02f501ce5cc5$ec9a2200$c5ce6600$@augustcellars.com> <CAD9ie-uV-THE0+oL-dNUB0qXF7sx8jHMZDCz8vGESmUHWV=LMg@mail.gmail.com> <C84C740C-CA7F-40F4-829B-1A1C09EF357F@ve7jtb.com>
Date: Wed, 29 May 2013 17:29:49 -0700
Message-ID: <CAD9ie-tgN7NyEU4_AP=KvcJZWSY_iOk85YYR_7zndb5ZGcP3Bw@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="089e01183cea96f77b04dde498bf"
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Should we delete the "typ" header field
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 00:29:54 -0000
On Wed, May 29, 2013 at 5:25 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > In the JWT spec the value of "typ" SHOULD be "jwt". That indicates as > Mike stated that it is a JWT in compact format that has as its body a jwt > claim set. If the claim set is signed then encrypted, the inner JWT has a > a typ of jwt and no cty , and the outer one has a typ of JWT and a cty of > jws. > I'm doing symmetric encryption with an integrity check, so I don't have a JWT in a JWE > > If a JOSE object has a typ of jws then one would assume that it is a jws > in compact serialization with some other body type then a jwt claimset. > > I think this is somewhat a symptom of the JWT and JOSE specs getting split > into different WG. > > So Mike can correct me but I don't think putting jwe or jws in typ is the > intended use of that element if you are in fact sending JWT. > > I understand where Jim is coming from I think of JWT as a jwt claim-set > and JWE and JWS as the outer layer, where JWT thinks of itself as a total > security token definition including overall processing rules for security > tokens, with a standard envelope segment and JWE or JWS encoding as > determined by the alg. > That is confusing to me. > > In security token processing knowing that what you have will unwrap to a > JWT claim-set , rather than to some other thing is quite important. > What else would it unwrap to? > > John B. > > > On 2013-05-29, at 7:56 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > I use it all the time and my code would barf if it was not there. > > I think it should be required rather than be a hint if it is going ot be > there. > > > On Wed, May 29, 2013 at 4:40 PM, Jim Schaad <ietf@augustcellars.com>wrote: > >> I think the values just changed**** >> >> ** ** >> >> However the way you are using it would be an argument to say that it >> should be a required field. Are you just using it as a hint if it exists >> and then looking at the rest of the fields if it is not present?**** >> >> ** ** >> >> Jim**** >> >> ** ** >> >> ** ** >> >> *From:* Dick Hardt [mailto:dick.hardt@gmail.com] >> *Sent:* Wednesday, May 29, 2013 3:49 PM >> *To:* Jim Schaad >> *Cc:* jose@ietf.org >> *Subject:* Re: [jose] Should we delete the "typ" header field**** >> >> ** ** >> >> Well, I have been using, but now realize the spec changed or I was >> confused.**** >> >> ** ** >> >> I had been setting "typ" to be either "JWE" or "JWS" depending on the >> type of token I was creating or parsing as it was easier than looking at >> "alg"**** >> >> ** ** >> >> As currently defined, I don't see value in "typ".**** >> >> ** ** >> >> -- Dick**** >> >> ** ** >> >> ** ** >> >> On Wed, May 29, 2013 at 3:02 PM, Jim Schaad <ietf@augustcellars.com> >> wrote:**** >> >> In reading the documents, I am trying to understand the justification for >> having the “typ” header parameter in the JOSE documents.**** >> >> **** >> >> The purpose of the field is to hold the type of the object. In the past, >> I believe that values which should now be placed in the cty field (such as >> “JWT”) were placed in this field as well. However the parameter is >> optional and an implementation cannot rely on its being present. This >> means that for all practical purposes all of the code to determine the >> value of the type field from the values of the alg and enc fields. If the >> field was mandatory then this code would disappear at a fairly small space >> cost and I can understand why the parameter would be present.**** >> >> **** >> >> Can anybody justify why this field should be present in the document – or >> should it just disappear?**** >> >> **** >> >> Jim**** >> >> **** >> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose**** >> >> >> >> **** >> >> ** ** >> >> -- >> -- Dick **** >> > > > > -- > -- Dick > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > -- -- Dick
- [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] FW: Should we delete the "typ" header … Richard Barnes
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Manger, James H
- Re: [jose] Should we delete the "typ" header field Mike Jones
- [jose] FW: Should we delete the "typ" header field Manger, James H
- Re: [jose] FW: Should we delete the "typ" header … Mike Jones
- Re: [jose] FW: Should we delete the "typ" header … Manger, James H
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Richer, Justin P.
- Re: [jose] Should we delete the "typ" header field Nat Sakimura
- Re: [jose] Should we delete the "typ" header field John Bradley
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Anthony Nadalin
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Nat Sakimura
- Re: [jose] Should we delete the "typ" header field Brian Campbell
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Nat Sakimura
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] Should we delete the "typ" header field Nat Sakimura
- Re: [jose] Should we delete the "typ" header field Dick Hardt
- Re: [jose] Should we delete the "typ" header field Nat Sakimura
- Re: [jose] Should we delete the "typ" header field Manger, James H
- Re: [jose] Should we delete the "typ" header field Axel.Nennker
- Re: [jose] Should we delete the "typ" header field Jim Schaad
- Re: [jose] Should we delete the "typ" header field Mike Jones
- Re: [jose] Should we delete the "typ" header field Richard Barnes
- Re: [jose] FW: Should we delete the "typ" header … Mike Jones
- Re: [jose] FW: Should we delete the "typ" header … Manger, James H
- Re: [jose] FW: Should we delete the "typ" header … Mike Jones
- Re: [jose] FW: Should we delete the "typ" header … Richard Barnes
- Re: [jose] FW: Should we delete the "typ" header … Mike Jones
- Re: [jose] FW: Should we delete the "typ" header … Jim Schaad
- Re: [jose] FW: Should we delete the "typ" header … Mike Jones
- Re: [jose] FW: Should we delete the "typ" header … Manger, James H