Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

Ted Lemon <Ted.Lemon@nominum.com> Tue, 07 October 2014 14:34 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 420D61A6F3D; Tue, 7 Oct 2014 07:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.686
X-Spam-Level:
X-Spam-Status: No, score=-2.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMlgn1P-GPHP; Tue, 7 Oct 2014 07:34:41 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7899B1A6F04; Tue, 7 Oct 2014 07:34:41 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 42CEC1B8184; Tue, 7 Oct 2014 07:34:41 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 3128053E070; Tue, 7 Oct 2014 07:34:41 -0700 (PDT)
Received: from [10.0.10.40] (71.233.43.215) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.195.1; Tue, 7 Oct 2014 07:34:41 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAF4627@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Tue, 7 Oct 2014 10:34:36 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <D68B52F5-30FA-440E-AE51-BC35B584F1D4@nominum.com>
References: <20141002111501.6046.52416.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAF0C1E@TK5EX14MBXC286.redmond.corp.microsoft.com> <00c601cfe1a4$15d32900$41797b00$@augustcellars.com> <7ABF79CB-61C8-490B-A727-465530222F0B@nominum.com> <00dd01cfe1aa$eba7db10$c2f79130$@augustcellars.com> <54330888.4090605@cs.tcd.ie> <00f101cfe1ad$6dc9fea0$495dfbe0$@augustcellars.com> <54330D56.507@cs.tcd.ie> <4E1F6AAD24975D4BA5B16804296739439BAF2783@TK5EX14MBXC286.redmond.corp.microsoft.com> <011b01cfe1d5$17f6d610$47e48230$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739439BAF321C@TK5EX14MBXC286.redmond.corp.microsoft.com> <5433BDC3.2050404@cs.tcd.ie> <CALaySJ+cDNPGc6orsJqwnhx-p3puRH_q1E4=vx0Vcodv-Npz+Q@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439BAF4627@TK5EX14MBXC286.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1878.6)
X-Originating-IP: [71.233.43.215]
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/vp4HCrq24Nyk1bB8w8sXpOrCrzc
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, Jim Schaad <ietf@augustcellars.com>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, Barry Leiba <barryleiba@computer.org>, "draft-ietf-jose-json-web-key@tools.ietf.org" <draft-ietf-jose-json-web-key@tools.ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 14:34:45 -0000

On Oct 7, 2014, at 8:29 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> This brings me back around to wondering why just saying that Key ID values are case sensitive strings is not enough, and leaving it up to applications how to choose the contents of those case-sensitive strings?  I really feel like injecting domain names into the discussion, when I'm aware of no deployments that use domain names in Key ID values, is a red herring.

You could say "Key IDs are compared literally, not in a case-insensitive manner.   Therefore, case-sensitive strings or other strings requiring non-literal comparison algorithms MUST NOT be used as Key IDs."