IETF Logo Mail Archive

Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)

"Preibisch, Sascha H" <Sascha.Preibisch@ca.com> Mon, 21 December 2015 17:54 UTC

Return-Path: <Sascha.Preibisch@ca.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1201A916F; Mon, 21 Dec 2015 09:54:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1dAMYdQimL7; Mon, 21 Dec 2015 09:54:11 -0800 (PST)
Received: from mx0a-001c7801.pphosted.com (mx0a-001c7801.pphosted.com [148.163.156.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8742F1A916B; Mon, 21 Dec 2015 09:54:11 -0800 (PST)
Received: from pps.filterd (m0082002.ppops.net [127.0.0.1]) by mx0a-001c7801.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id tBLHrLUL015903; Mon, 21 Dec 2015 12:53:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ca.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20151012; bh=HKh30EjzKTN6lcZ6JHs7t38VY07qdbMTEnxZ3GT4LPg=; b=m8EAorU3orcWQZNnP+ce4alhssT5qa81JppMWHZOz9be6qu2Z03C+my8HKyrVDOZu4Tk yaEPzYR/PshR65zq2/LT7JWuIQ3Cbexeo09dKvA2RuqJKnvxCbB3uC/9k/jH7jTpHg8G NoTWMHT6lKwQoLt6W8dxkSwu9c3w8ujivs0hZjK6cyxKvu3c2NniZXWrRfw+kx2dl09Y nIYa7yXXVw7A3vIvgTs71tdPLQhSWtQFM9UEDUOF2TiiIg5ut7sXajOz6CtQ0v38+FoN kexT0M5/MJqnHfKbFZCZOkQ47H8T0wfaGWDBujEHQVdL8FXt9yz+2tMNjQTO1abKJvHM Sw==
Received: from usilms290.ca.com (usilms290.ca.com [141.202.246.44]) by mx0a-001c7801.pphosted.com with ESMTP id 1yxn2y84fj-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Mon, 21 Dec 2015 12:53:49 -0500
Received: from usilms210.ca.com (141.202.6.100) by usilms290.ca.com (141.202.246.44) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Mon, 21 Dec 2015 12:53:47 -0500
Received: from usilms212.ca.com (141.202.6.102) by usilms210.ca.com (141.202.6.100) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Mon, 21 Dec 2015 12:53:45 -0500
Received: from usilms291.ca.com (141.202.246.45) by usilms212.ca.com (141.202.6.102) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Mon, 21 Dec 2015 12:53:45 -0500
Received: from na01-bn1-obe.outbound.protection.outlook.com (207.46.163.140) by o365smtp.ca.com (141.202.246.45) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Mon, 21 Dec 2015 12:53:45 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ca.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WMDjZvmMbKeT07vcqzexdFy9/2BJlHqpRtJNB0T0LLU=; b=qO28tffxsrz4W8jeqj4jGwMgS1/X2mO9JYhoFVG7JRUyovLWYwj8vOGKlsNCr4bXMt5SvxHM0OE/P4Dq15eqeGjIkiRcUBmXmwWnBrc/mUPPIaDbIVYoIYdkbGXZ3X4VzJsnVhgORw0Gr9F+/a8jcNgYr4tu5/bzBUx2ncv+QZU=
Received: from CY1PR01MB1392.prod.exchangelabs.com (10.163.18.26) by CY1PR01MB1391.prod.exchangelabs.com (10.163.18.25) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 21 Dec 2015 17:53:43 +0000
Received: from CY1PR01MB1392.prod.exchangelabs.com ([10.163.18.26]) by CY1PR01MB1392.prod.exchangelabs.com ([10.163.18.26]) with mapi id 15.01.0361.006; Mon, 21 Dec 2015 17:53:42 +0000
From: "Preibisch, Sascha H" <Sascha.Preibisch@ca.com>
To: Roland Hedberg <roland.hedberg@umu.se>, Nat Sakimura <sakimura@gmail.com>
Thread-Topic: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
Thread-Index: AQHRONEvWPCbw+aCtkqBVhTrnka5jJ7PMa2AgAAEYYCAAAfgAIAAEqaAgAAb2gCABghzAIAAGK+AgAAfBwD//4y6gA==
Date: Mon, 21 Dec 2015 17:53:42 +0000
Message-ID: <D29D7C8C.13806%sascha.preibisch@ca.com>
References: <20151217112025.22801.65457.idtracker@ietfa.amsl.com> <BY2PR03MB4429A8A55EB13BCF8227BEBF5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672B939.4020507@cs.tcd.ie> <BY2PR03MB442F5A1BDF03E7997843CF0F5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672BD41.3000804@cs.tcd.ie> <2A23B5AE-6E82-4A44-A0D8-3D7970C57438@ve7jtb.com> <B8649513-3B05-417F-B551-46FFDA5689C2@ve7jtb.com> <CAHbuEH4yrcqmJ0uWvv2iZXZjdKGSOzcAH34i6uU2QpSyuUq=ug@mail.gmail.com> <45F8D078-A72B-4F6D-87EB-880EF867F4F2@cisco.com> <7B1E2B3A05FF2341B03CE0320754230728E3A1283B@HE101454.emea1.cds.t-internal.com> <CABzCy2C0sfJJdsv9mVvVJYWYfujTMJednE_8L7p3NcHo9-bOCg@mail.gmail.com> <0B32ADA9-D045-41A1-9207-CE238A8A5217@umu.se>
In-Reply-To: <0B32ADA9-D045-41A1-9207-CE238A8A5217@umu.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [138.42.113.4]
x-microsoft-exchange-diagnostics: 1; CY1PR01MB1391; 5:4bExUNJx5ymjwp4LQpGWLAbGuVxgEl3KafQjg8LTPAze5hrXo3tcFS5UMsVm01BEvxpMKCbMusgeNYA4cFoB79U95PA5qPVrDXvdrkT+jLAKomh1p9rMcqol7Q2PiXf85R105Qa0j4E4PSebcJ7zCA==; 24:OeypfTpPfqACjLcWClhZdHHkrntTk4i+U/LgblTm9rmzTfnjKhz7iZHQfB5t2mot6iO/LX+++l+oT/xQwqMkgwxB0gi6OW/e9iTepOCLNPc=; 20:mqC919XWgjgHQNpmHBb3tBGwbLlCiaSSr70qufDVOyeIsZqX9H4byOTX6rAWJ3Cqqx6vVBr5WL6e3I8Co30+4dYkNlO6jJ0qUt1YnHZuKaNoFPOtIwcAXFrijHe/zQSTpA2hUW0CRfN/HCZl/PCJNB5Gej32lOGzr1XXVX/U1ls=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR01MB1391;
x-microsoft-antispam-prvs: <CY1PR01MB1391E8C6E22BB7897A0A8077EFE40@CY1PR01MB1391.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:CY1PR01MB1391; BCL:0; PCL:0; RULEID:; SRVR:CY1PR01MB1391;
x-forefront-prvs: 079756C6B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(479174004)(377454003)(189002)(199003)(13464003)(43784003)(51444003)(377424004)(24454002)(93886004)(50986999)(4001150100001)(230783001)(16236675004)(102836003)(19617315012)(5001770100001)(106116001)(106356001)(97736004)(81156007)(19580405001)(19580395003)(189998001)(1096002)(1220700001)(6116002)(3846002)(105586002)(5001960100002)(5002640100001)(2950100001)(5004730100002)(36756003)(2900100001)(5008740100001)(10400500002)(15975445007)(77096005)(92566002)(586003)(87936001)(101416001)(86362001)(10090500001)(40100003)(76176999)(66066001)(122556002)(54356999); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR01MB1391; H:CY1PR01MB1392.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ca.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D29D7C8C13806saschapreibischcacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2015 17:53:42.4039 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 1194df16-3ae0-49aa-b48b-5c4da6e13689
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR01MB1391
X-WiganSS: 01000000010010usilms210.ca.com ID0028<D29D7C8C.13806%sascha.preibisch@ca.com>
X-OriginatorOrg: ca.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-12-21_11:, , signatures=0
X-Proofpoint-Outbound-Spam-Details: rule=outbound_notspam policy=outbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310008 definitions=main-1512210317
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/vuXyCgmBB7-RHIlnk8SOqmtAKvA>
X-Mailman-Approved-At: Mon, 21 Dec 2015 10:26:50 -0800
Cc: "jose-chairs@ietf.org" <jose-chairs@ietf.org>, Axel Nennker <Axel.Nennker@telekom.de>, Jim Schaad <ietf@augustcellars.com>, Mike Jones <Michael.Jones@microsoft.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "draft-ietf-jose-jws-signing-input-options@ietf.org" <draft-ietf-jose-jws-signing-input-options@ietf.org>, "jose@ietf.org" <jose@ietf.org>, Matthew Miller <mamille2@cisco.com>, John Bradley <ve7jtb@ve7jtb.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 17:54:19 -0000

+1

From: jose <jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>> on behalf of Roland Hedberg <roland.hedberg@umu.se<mailto:roland.hedberg@umu.se>>
Date: Monday, December 21, 2015 at 8:46 AM
To: Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>>
Cc: "jose-chairs@ietf.org<mailto:jose-chairs@ietf.org>" <jose-chairs@ietf.org<mailto:jose-chairs@ietf.org>>, Axel Nennker <Axel.Nennker@telekom.de<mailto:Axel.Nennker@telekom.de>>, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>>, "draft-ietf-jose-jws-signing-input-options@ietf.org<mailto:draft-ietf-jose-jws-signing-input-options@ietf.org>" <draft-ietf-jose-jws-signing-input-options@ietf.org<mailto:draft-ietf-jose-jws-signing-input-options@ietf.org>>, "jose@ietf.org<mailto:jose@ietf.org>" <jose@ietf.org<mailto:jose@ietf.org>>, Matthew Miller <mamille2@cisco.com<mailto:mamille2@cisco.com>>, John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)

+1

21 dec. 2015 kl. 15:55 skrev Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>>:

I also think it is better to make the b64 parameter critical. Being deterministic makes the life of programmers simpler. It also decreases the vulnerability surface. So +1 to James's text.

2015-12-21 22:26 GMT+09:00 <Axel.Nennker@telekom.de<mailto:Axel.Nennker@telekom.de>>:
I think that the larger a payload is the higher is the risk of a bad verify and that few extra bytes don't matter then.
And I follow Vladimir's argument to try to keep the security concideration section simpler.

So +1 to James proposed text.

-----Original Message-----
From: jose [mailto:jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>] On Behalf Of Matt Miller (mamille2)
Sent: Donnerstag, 17. Dezember 2015 18:19
To: Kathleen Moriarty; jose@ietf.org<mailto:jose@ietf.org>
Cc: jose-chairs@ietf.org<mailto:jose-chairs@ietf.org>; ietf@augustcellars.com<mailto:ietf@augustcellars.com>; Michael Jones; The IESG; John Bradley; Stephen Farrell; draft-ietf-jose-jws-signing-input-options@ietf.org<mailto:draft-ietf-jose-jws-signing-input-options@ietf.org>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)

I prefer James' proposed text.  I believe this draft came about primarily because there are use cases where the content to sign is large enough that the burden of base64url encoding is too great.  By that measure, I'm not sure how worthwhile size-of-header arguments are, as content so large that base64url might be prohibitive would dwarf the concerns around header size.  I think the risk of bad verifies outweighs the reduced-headher-size benefits.


--
- m&m

Matt Miller
Cisco Systems, Inc.

> On Dec 17, 2015, at 08:39, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com<mailto:kathleen.moriarty.ietf@gmail.com>> wrote:
>
> On Thu, Dec 17, 2015 at 9:32 AM, John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> wrote:
>> Sorry I just recounted, it is a extra 20 bytes per message with the encoded header and not 6.
>>
>> That is a bit more but probably not worth dying over.   I still prefer the smaller option.
>
> If we could get to a consensus on this and which text is preferred,
> that would be helpful.
>
> Thanks!
> Kathleen
>
>
>>
>> John B.
>>
>>> On Dec 17, 2015, at 3:04 PM, John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> wrote:
>>>
>>> I prefer making crit only required if the producer is not certain that all potential recipients understand/the extension.
>>>
>>> However it would not be the end of the world for me from a size perspective if crit was always required.  Trading 6 octets for saving 1/4 of the body size is not a bad trade off.
>>>
>>> The issue for me is more always requiring something to be sent that is known to not be used.
>>>
>>> So I am on the not forcing crit side but could live with the consensus if it goes the other way.
>>>
>>> John B.
>>>
>>>> On Dec 17, 2015, at 2:48 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:
>>>>
>>>>
>>>> Great. For completeness, the alternative proposed by James Manger
>>>> (which I'd also prefer) was:
>>>>
>>>> The "crit" Header Parameter MUST be included with "b64" in its set
>>>> of values to ensure the JWS is rejected (instead of being
>>>> misinterpreted) by implementations that do not understand this
>>>> specification.
>>>>
>>>> My discuss then is asking if, after all this discussion, the WG
>>>> prefer the above or that below. I'll take the WG chairs word on
>>>> what they conclude as the outcome.
>>>>
>>>> S.
>>>>
>>>> On 17/12/15 13:44, Mike Jones wrote:
>>>>> Sure, I'm obviously fine asking the working group what they think of the new text.  Working group - this new text at https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-08#section-6<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Djose-2Djws-2Dsigning-2Dinput-2Doptions-2D08-23section-2D6&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=6h1ckn5Dg9eXWhm7uBzIv5nlfE0hRhBXnepM4VkYTF4&e=> is:
>>>>>
>>>>> 6.  Using "crit" with "b64"
>>>>>
>>>>> If a JWS using "b64" with a value of "false" might be processed by
>>>>> implementations not implementing this extension, then the "crit"
>>>>> Header Parameter MUST be included with "b64" in its set of values
>>>>> to cause such implementations to reject the JWS.  Conversely, if
>>>>> used in environments in which all participants implement this
>>>>> extension, then "crit" need not be included, since its inclusion
>>>>> would have no effect, other than increasing the JWS size and processing costs.
>>>>>
>>>>>                           Thanks all,
>>>>>                           -- Mike
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>]
>>>>>> Sent: Thursday, December 17, 2015 2:32 PM
>>>>>> To: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; The IESG
>>>>>> <iesg@ietf.org<mailto:iesg@ietf.org>>
>>>>>> Cc: ietf@augustcellars.com<mailto:ietf@augustcellars.com>; jose-chairs@ietf.org<mailto:jose-chairs@ietf.org>;
>>>>>> draft-ietf-jose-jws-signing- input-options@ietf.org<mailto:input-options@ietf.org>;
>>>>>> jose@ietf.org<mailto:jose@ietf.org>
>>>>>> Subject: Re: Stephen Farrell's Discuss on
>>>>>> draft-ietf-jose-jws-signing-input-
>>>>>> options-08: (with DISCUSS and COMMENT)
>>>>>>
>>>>>>
>>>>>> Hiya,
>>>>>>
>>>>>> On 17/12/15 13:20, Mike Jones wrote:
>>>>>>> Thanks for your review, Stephen.  Replies inline below...
>>>>>>>
>>>>>>>> -----Original Message----- From: Stephen Farrell
>>>>>>>> [mailto:stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>] Sent: Thursday, December 17,
>>>>>>>> 2015 12:20 PM To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>> Cc:
>>>>>>>> draft-ietf-jose-jws-signing-input-options@ietf.org<mailto:draft-ietf-jose-jws-signing-input-options@ietf.org>; Mike Jones
>>>>>>>> <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; Jim Schaad
>>>>>>>> <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; jose-chairs@ietf.org<mailto:jose-chairs@ietf.org>; ietf@augustcellars.com<mailto:ietf@augustcellars.com>; jose@ietf.org<mailto:jose@ietf.org> Subject:
>>>>>>>> Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-
>>>>>>>> options-08: (with DISCUSS and COMMENT)
>>>>>>>>
>>>>>>>> Stephen Farrell has entered the following ballot position for
>>>>>>>> draft-ietf-jose-jws-signing-input-options-08: Discuss
>>>>>>>>
>>>>>>>> When responding, please keep the subject line intact and reply
>>>>>>>> to all email addresses included in the To and CC lines. (Feel
>>>>>>>> free to cut this introductory paragraph, however.)
>>>>>>>>
>>>>>>>>
>>>>>>>> Please refer to
>>>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=F-Oeeqy3nqyCXNTlMMsbDn0uum3p2s8B_C_bPHv-iWU&e=> for
>>>>>>>> more information about IESG DISCUSS and COMMENT positions.
>>>>>>>>
>>>>>>>>
>>>>>>>> The document, along with other ballot positions, can be found
>>>>>>>> here:
>>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-in<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Djose-2Djws-2Dsigning-2Din&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=Ch214Lh2tm6Ix64rIOcKk79Za-NwaV61Nvq6pVT91Hk&e=>
>>>>>>>> put-op
>>>>>>>> tions/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> -----------------------------------------------------------------
>>>>>> -----
>>>>>>>> DISCUSS:
>>>>>>>> ---------------------------------------------------------------
>>>>>>>> ------
>>>>>>>> -
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> The "crit" point raised in the gen-art review and maybe elsewhere
>>>>>> is I think
>>>>>>>> correct but I don't think section 6 of -08 is a good resolution
>>>>>>>> of this topic. However, I'll clear if this is the WG consensus
>>>>>>>> but it's hard to know that's the case for text just added
>>>>>>>> yesterday. To resolve this discuss we just need to see what the
>>>>>>>> WG list says about the new text.
>>>>>>>
>>>>>>> Jim's shepherd write-up at
>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-inp<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Djose-2Djws-2Dsigning-2Dinp&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=_3qBc6exQH8Nd356HMWzlscgfNDHK0jEbj_cdpJtUXI&e=>
>>>>>>> ut-opt ions/shepherdwriteup/ records the working group's desire
>>>>>>> to not require the use of "crit"
>>>>>>> when it isn't needed.  He wrote:
>>>>>>>
>>>>>>> "(6)  The fact that there are two different versions of encoding
>>>>>>> that produce the same text string for signing is worrisome to
>>>>>>> me.  The WG had the ability to address this when producing the
>>>>>>> JWS specification and decided not to do so that time.  In this
>>>>>>> document, the desire to allow for things to be smaller has lead
>>>>>>> to the fact that the b64 and crit headers can be omitted as
>>>>>>> being implicit.  This was the desire of the WG, but I personally feel that it is the wrong decision."
>>>>>>
>>>>>> Fair enough, so the chair/shepherd, gen-art reviewer and seems
>>>>>> like a few IESG members all find the current position
>>>>>> unconvincing as does the one implementer who posted to the WG list since the new text was added.
>>>>>> Wouldn't you agree there's enough there to justify asking the WG
>>>>>> once more what they think about that 13 byte overhead to prevent
>>>>>> interop and maybe even security problems?
>>>>>>
>>>>>>>
>>>>>>>> ---------------------------------------------------------------
>>>>>>>> ------
>>>>>>>> -
>>>>>>>>
>>>>>>>>
>>>>>> COMMENT:
>>>>>>>> ---------------------------------------------------------------
>>>>>>>> ------
>>>>>>>> -
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> - abstract: the description of the update to 7519 is odd. It
>>>>>> seems to be saying
>>>>>>>> "Here we define a thing. This specification updates 7519 to say
>>>>>>>> you must not use this thing." but prohibiting is an odd verb to
>>>>>>>> use there. (Since it wasn't previously there to be allowed or
>>>>>>>> not.)
>>>>>>>
>>>>>>> Would you like this text better?
>>>>>>>
>>>>>>> "This specification updates RFC 7519 by stating that JSON Web
>>>>>>> Tokens
>>>>>>> (JWTs) MUST NOT use the unencoded payload option defined by this
>>>>>>> specification."
>>>>>>
>>>>>> Better yep. Thanks.
>>>>>>
>>>>>>>
>>>>>>> Or do you think this spec doesn't need to have the "Updates 7519"
>>>>>>> clause at all?  People seemed split on whether this was needed or not.
>>>>>>
>>>>>> Happens all the time. Personally I mostly don't care about
>>>>>> updates which is the case this time too:-)
>>>>>>
>>>>>>>
>>>>>>>> - section 6: "It is intended that application profiles specify
>>>>>>>> up front whether" "intended" is very wishy washy and "up front"
>>>>>>>> makes no sense at all.
>>>>>>>
>>>>>>> How about this wording change? "It is intended that application
>>>>>>> profiles specify up front whether" -> "Application profiles
>>>>>>> should specify whether"
>>>>>>
>>>>>> Also better,
>>>>>> Ta,
>>>>>> S.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Thanks again, -- Mike
>>>>>>>
>>>>> _______________________________________________
>>>>> jose mailing list
>>>>> jose@ietf.org<mailto:jose@ietf.org>
>>>>> https://www.ietf.org/mailman/listinfo/jose<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_jose&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=Qyndlk0bv0B8HTrwp6eO0l_J1-gyQihx8hClD34fnos&e=>
>>>>>
>>>>
>>>> _______________________________________________
>>>> jose mailing list
>>>> jose@ietf.org<mailto:jose@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/jose<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_jose&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=Qyndlk0bv0B8HTrwp6eO0l_J1-gyQihx8hClD34fnos&e=>
>>>
>>
>
>
>
> --
>
> Best regards,
> Kathleen

_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_jose&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=Qyndlk0bv0B8HTrwp6eO0l_J1-gyQihx8hClD34fnos&e=>



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/<https://urldefense.proofpoint.com/v2/url?u=http-3A__nat.sakimura.org_&d=CwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=B1oKcaNgmP1aOC-WZgfxNIOlZoW1gZ5MrL-Ju1XK9uc&e=>
@_nat_en
_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_jose&d=CwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=tevYWz1lgHjtwlrld6RGUwDmuvlCuJw1Ryc17kjJxYc&m=rPr_MDrtA5TV8cVpReqg_XIkoWdGNUqptpRHwfzV3Nw&s=Qyndlk0bv0B8HTrwp6eO0l_J1-gyQihx8hClD34fnos&e=>

v2.23.0 | Report a Bug | By Email