IETF Logo Mail Archive

Re: [jose] POLL(s): header criticality

George Fletcher <gffletch@aol.com> Wed, 06 February 2013 17:33 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5308821F8542 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 09:33:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.138
X-Spam-Level:
X-Spam-Status: No, score=-2.138 tagged_above=-999 required=5 tests=[AWL=0.460, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x+QKm4JxhsIL for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 09:33:15 -0800 (PST)
Received: from imr-da05.mx.aol.com (imr-da05.mx.aol.com [205.188.105.147]) by ietfa.amsl.com (Postfix) with ESMTP id B5C4D21F8523 for <jose@ietf.org>; Wed, 6 Feb 2013 09:33:14 -0800 (PST)
Received: from mtaout-mb06.r1000.mx.aol.com (mtaout-mb06.r1000.mx.aol.com [172.29.41.70]) by imr-da05.mx.aol.com (Outbound Mail Relay) with ESMTP id 3BECD1C000094; Wed, 6 Feb 2013 12:33:14 -0500 (EST)
Received: from palantir.local (unknown [10.181.176.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb06.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 88864E000441; Wed, 6 Feb 2013 12:33:13 -0500 (EST)
Message-ID: <511293D8.7000408@aol.com>
Date: Wed, 06 Feb 2013 12:33:12 -0500
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: jose@ietf.org
References: <510FCA42.5000704@isoc.org>
In-Reply-To: <510FCA42.5000704@isoc.org>
Content-Type: multipart/alternative; boundary="------------080709050101050706070009"
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5400.1158/87968
X-AOL-VSS-CODE: clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20121107; t=1360171994; bh=f8wNSH4TPa/AgDFk8AtMglj97QW7e0gTMCpZ8Im4/94=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=j0QWTgOWMbl65uUpZqkpPx5o/mBtheDr/ZG7fy1oT03pq+vBqZOTwKsZybF7wPwT5 sJyw53613DfkKYuNhm0+UEBJHV0yxQFewu9ADAvJazAQ2urEHyOjXaZtHTm4v3qg1W wsx+vvk9XSDqawomYB+0gLOY/IFBPzpls17n1q8o=
X-AOL-SCOLL-SCORE: 1:2:499819712:93952408
X-AOL-SCOLL-URL_COUNT: 1
x-aol-sid: 3039ac1d2946511293d965ac
X-AOL-IP: 10.181.176.202
Cc: odonoghue@isoc.org
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 17:33:18 -0000

FIRST POLL:  NO
SECOND POLL:  YES
THIRD POLL:  A

On 2/4/13 9:48 AM, Karen O'Donoghue wrote:
> Folks,
>
> I am wrestling with how to help drive consensus on the topic of 
> criticality of headers. For background, please review the current 
> specification text, the minutes to the Atlanta meeting (IETF85), and 
> the mailing list (especially the discussion in December with (Subj: 
> Whether implementations must understand all JOSE header fields)). We 
> need to come to closure on this issue in order to progress the 
> specifications.
>
> As a tool to gather further information on determining a way forward, 
> the following polls have been created. Please respond before 11 
> February 2013.
>
> Thanks,
> Karen
>
> *******************
> FIRST POLL: Should all header fields be critical for implementations 
> to understand?
>
> YES – All header fields must continue to be understood by 
> implementations or the input must be rejected.
>
> NO – A means of listing that specific header fields may be safely 
> ignored should be defined.
>
> ********************
> SECOND POLL: Should the result of the first poll be "YES", should text 
> like the following be added? “Implementation Note: The requirement to 
> understand all header fields is a requirement on the system as a whole 
> – not on any particular level of library software. For instance, a 
> JOSE library could process the headers that it understands and then 
> leave the processing of the rest of them up to the application. For 
> those headers that the JOSE library didn’t understand, the 
> responsibility for fulfilling the ‘MUST understand’ requirement for 
> the remaining headers would then fall to the application.”
>
> YES – Add the text clarifying that the “MUST understand” requirement 
> is a requirement on the system as a whole – not specifically on JOSE 
> libraries.
>
> NO – Don’t add the clarifying text.
>
> ************************
> THIRD POLL: Should the result of the first poll be "NO", which syntax 
> would you prefer for designating the header fields that may be ignored 
> if not understood?
>
> A – Define a header field that explicitly lists the fields that may be 
> safely ignored if not understood.
>
> B – Introduce a second header, where implementations must understand 
> all fields in the first but they may ignore not-understood fields in 
> the second.
>
> C - Other??? (Please specify in detail.)
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

-- 
George Fletcher <http://connect.me/gffletch>

v2.23.0 | Report a Bug | By Email