Re: [jose] Should we keep or remove the JOSE JWS and JWE MIME types?
Richard Barnes <rlb@ipv.sx> Thu, 20 June 2013 15:15 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49E7721F8F5C for <jose@ietfa.amsl.com>; Thu, 20 Jun 2013 08:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.321
X-Spam-Level:
X-Spam-Status: No, score=-0.321 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g06Wyj+Pqpfs for <jose@ietfa.amsl.com>; Thu, 20 Jun 2013 08:15:48 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA4921F99AE for <jose@ietf.org>; Thu, 20 Jun 2013 08:15:35 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id ta17so7209524obb.8 for <jose@ietf.org>; Thu, 20 Jun 2013 08:15:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=y8DUXGJJnVsjnGjPoIjtZiTrrTTLbOudSWvaObrj2t4=; b=VcqQ3cdUWqqraUryRPYDmMN4fPvIUM0fy1UPRwZBVY9UkEgu616vy4AxxkX92SUH2R VCOIiIadrXfJU+sYVaqyai7cyQ8SDugcZjnrnSFsVHdmFXzBAFI3Ma3V7mJNQVXtw4Q0 gvBLAvsZlq9ONkMBTUgQ6wc5rH+pSmSWhkyHgLhgtEuO9vVxh6RpOtoTLLSX3mxIRxBu ITQ6l6Bpv+5skxyv582GT10RNHZD0vCD4qQ7ry6KyZD0W/43EYjq1tvtOSFTUOL7TeI9 T7be4SwYjT2GsvzqC1QpN2ajkHIIBLw10MrvJZH5FpjGtJHqpmQiMrdsNFd8PNxh1pFJ Ex6w==
MIME-Version: 1.0
X-Received: by 10.182.237.77 with SMTP id va13mr1748478obc.65.1371741326047; Thu, 20 Jun 2013 08:15:26 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Thu, 20 Jun 2013 08:15:25 -0700 (PDT)
X-Originating-IP: [192.1.51.101]
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943678735D4@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B1680429673943678735D4@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Thu, 20 Jun 2013 11:15:25 -0400
Message-ID: <CAL02cgQUpbYLatgiaXa8T9oMMi+sA5KxEiocETLTEDXskTtqDQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8ff1cdcc7690a704df976adf"
X-Gm-Message-State: ALoCoQnJMJw2ZkiU1WhRv7m7irLUEmiHUWRCtPAUglJQQ8UEaho7TEU4dHGMq644JoiEy50OK2gU
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Should we keep or remove the JOSE JWS and JWE MIME types?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 15:15:52 -0000
Multiplexing JWE and JWS under a single JOSE media type only makes sense if there's a defined algorithm to demux them. So if you want to do this, you would need to write down the algorithm. Personally, it seems simpler and clearer to me to just have the four current types, so that you know which type of object you're dealing with, and in what serialization, without having to do content sniffing. On Tue, Jun 18, 2013 at 9:26 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > The JWS and JWE documents currently define these MIME types for the > convenience of applications that may want to use them:**** > > application/jws**** > > application/jws+json**** > > application/jwe**** > > application/jwe+json**** > > ** ** > > That being said, I’m not aware of any uses of these by applications at > present. Thus, I think that makes it fair game to ask whether we want to > keep them or remove them – in which case, if applications ever needed them, > they could define them later.**** > > ** ** > > Another dimension of this question for JWS and JWE is that it’s not clear > that the four types application/jws, application/jws+json, application/jwe, > and application/jwe+json are even the right ones. It might be more useful > to have generic application/jose and application/jose+json types, which > could hold either JWS or JWE objects respectively using the compact or JSON > serializations (although I’m not advocating adding them at this time).**** > > ** ** > > Having different JWS versus JWE MIME types apparently did contribute to at > least Dick’s confusion about the purpose of the “typ” field, so deleting > them could help eliminate this possibility of confusion in the future. > Thus, I’m increasingly convinced we should get rid of the JWS and JWE types > and leave it up to applications to define the types they need, when they > need them.**** > > ** ** > > Do people have use cases for these four MIME types now or should we leave > them to future specs to define, if needed?**** > > ** ** > > -- Mike*** > * > > ** ** > > P.S. For completeness, I’ll add that the JWK document also defines these > MIME types:**** > > application/jwk+json**** > > application/jwk-set+json**** > > ** ** > > There are already clear use cases for these types, so I’m not advocating > deleting them, but wanted to call that out explicitly. For instance, when > retrieving a JWK Set document referenced by a “jku” header parameter, I > believe that the result should use the application/jwk-set+json type. (In > fact, I’ll add this to the specs, unless there are any objections.) > Likewise, draft-miller-jose-jwe-protected-jwk-02 already uses > application/jwk+json. Both could also be as “cty” values when encrypting > JWKs and JWK Sets, in contexts where that that would be useful.**** > > ** ** > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- Re: [jose] Should we keep or remove the JOSE JWS … Manger, James H
- [jose] Should we keep or remove the JOSE JWS and … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Jim Schaad
- Re: [jose] Should we keep or remove the JOSE JWS … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Manger, James H
- Re: [jose] Should we keep or remove the JOSE JWS … Richard Barnes
- Re: [jose] Should we keep or remove the JOSE JWS … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Justin Richer
- Re: [jose] Should we keep or remove the JOSE JWS … Justin Richer
- Re: [jose] Should we keep or remove the JOSE JWS … Richard Barnes
- Re: [jose] Should we keep or remove the JOSE JWS … Matt Miller (mamille2)
- Re: [jose] Should we keep or remove the JOSE JWS … Justin Richer
- Re: [jose] Should we keep or remove the JOSE JWS … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Richard Barnes
- Re: [jose] Should we keep or remove the JOSE JWS … Jim Schaad
- Re: [jose] Should we keep or remove the JOSE JWS … Mike Jones
- Re: [jose] Should we keep or remove the JOSE JWS … Edmund Jay
- Re: [jose] Should we keep or remove the JOSE JWS … Richard Barnes
- Re: [jose] Should we keep or remove the JOSE JWS … Brian Campbell
- Re: [jose] Should we keep or remove the JOSE JWS … Richard Barnes
- Re: [jose] Should we keep or remove the JOSE JWS … John Bradley
- Re: [jose] Should we keep or remove the JOSE JWS … Manger, James H
- Re: [jose] Should we keep or remove the JOSE JWS … Tony Hansen