IETF Logo Mail Archive

Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names

Dick Hardt <dick.hardt@gmail.com> Thu, 04 April 2013 04:29 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DB0221E8039 for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 21:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0CuoY19rRvT for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 21:29:24 -0700 (PDT)
Received: from mail-pd0-f173.google.com (mail-pd0-f173.google.com [209.85.192.173]) by ietfa.amsl.com (Postfix) with ESMTP id CBF8C11E80A2 for <jose@ietf.org>; Wed, 3 Apr 2013 21:29:24 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id v14so992054pde.32 for <jose@ietf.org>; Wed, 03 Apr 2013 21:29:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=pO+9K5fM7M3LloJbEArF3qXxZ8Gy5OKWQ03BxXGlePs=; b=fZKtAFh1nhEuQkPgxLML2vl032D/VBkmnuGIcpXtZ76ssED95oo/Q+ILJRR7W0OXDG 4cQBMEGikN4no8wGoV8e5nW70dyw6NyYFFDAJxcu+1MOLQl3XTFm0FPfDHnXRfsHdn1G zjzgbM317DmZqvZQTVn8exywgpIqaIpVhq9IRG5smFhDdhm9ibFkZ6lA7ZrXXEefkI3d 0W2PuE8h4p2A0+O0WGHnw37qsWoMv0kpIVVfOKRC4pgo4rM1IREaoIft1F9Q0LwcXHCR UZXo2v4OibYfuuoC0MYgaiozNzA2WNq2o5lwgsG9p9tz1ICnt6ZiWucnE4R3QPIhhEMJ 0KNw==
X-Received: by 10.68.225.40 with SMTP id rh8mr6691905pbc.137.1365049764342; Wed, 03 Apr 2013 21:29:24 -0700 (PDT)
Received: from [10.0.0.58] (c-98-210-193-30.hsd1.ca.comcast.net. [98.210.193.30]) by mx.google.com with ESMTPS id yz4sm3527775pbc.11.2013.04.03.21.29.21 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Apr 2013 21:29:22 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <074.45573b920fde1863b2b824557b6bbbe8@trac.tools.ietf.org>
Date: Wed, 03 Apr 2013 21:29:23 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <70DD0047-E4B5-4A00-A74D-B4B3CC67D68E@gmail.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.45573b920fde1863b2b824557b6bbbe8@trac.tools.ietf.org>
To: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Mailer: Apple Mail (2.1503)
Cc: rlb@ipv.sx, draft-ietf-jose-json-web-encryption@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 04:29:25 -0000

Actually, Mike was suggesting that the issue be moved to the JWT WG. 

I'll settle with the JWE spec pointing to an IANA registry. Speaking as an implementer, if there is a list of reserved names in the spec, I'm likely to think that is all of them.

I'm a little unsettled that no one else has had any feedback on having 'aud' and 'iss' in the JWE header. Is my implementation the only that has that requirement? 

-- Dick

On Apr 3, 2013, at 8:57 PM, "jose issue tracker" <trac+jose@trac.tools.ietf.org> wrote:

> #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
> 
> 
> Comment (by rlb@ipv.sx):
> 
> I agree with Mike that these don't really belong in the core JWE/JWS
> specs.
> 
> I would suggest we address this issue more generally, by creating an IANA
> registry of reserved parameter names, with a fairly liberal inclusion
> policy.  That registry could have a field to indicate whether JOSE
> implementations are REQUIRED to support a given parameter (MTI
> parameters).  (Note that this is different from whether a JOSE object is
> REQUIRED to contain a parameter.)  Perhaps we could have optional
> parameters under a fairly liberal policy (e.g., Specification Required),
> with a higher bar for MTI parameters (e.g., Standards Action).
> 
> If we set up the registry in this way, then Dick could write a short
> Informational document that would register these fields.
> 
> -- 
> -------------------------+-------------------------------------------------
> Reporter:               |       Owner:  draft-ietf-jose-json-web-
>  dick.hardt@gmail.com   |  encryption@tools.ietf.org
>     Type:  enhancement  |      Status:  new
> Priority:  major        |   Milestone:
> Component:  json-web-    |     Version:
>  encryption             |  Resolution:
> Severity:  -            |
> Keywords:               |
> -------------------------+-------------------------------------------------
> 
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/17#comment:2>
> jose <http://tools.ietf.org/jose/>
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email