Re: [jose] POLL(s): header criticality

hideki nara <hdknr@ic-tact.co.jp> Thu, 07 February 2013 02:07 UTC

Return-Path: <hdknr@ic-tact.co.jp>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39DB021F8511 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 18:07:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZYKUeo2l8Pt for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 18:07:57 -0800 (PST)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com [IPv6:2607:f8b0:4001:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 2775D21F8523 for <jose@ietf.org>; Wed, 6 Feb 2013 18:07:55 -0800 (PST)
Received: by mail-ie0-f171.google.com with SMTP id 10so2883288ied.30 for <jose@ietf.org>; Wed, 06 Feb 2013 18:07:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=DhmAlI7C8KNlJ1xWbd15jjiK72GZZL8Pf0nM+lQzKTg=; b=OBBwoVRsekoaZnutdb0R6NbGH0lufwDKIUj8grP+wQa3w9cpLiogHnjDNYdknJPP55 qzazrDV3cdXD/9hvF7M2f8/FM+/qcPSsViZVk0vNp75Sz1HnzwzwndXLkzOLQScWqiDc PItjWVqNBzN99vbfDVvLURkRaxVMnEGRg9p5xc7zY3AZhsIO2Y2CtnvG7MJyjsx5/YJs 128nY9fTffdYtYOqLn4O6f2MPvh1Zyw3ge950ev1YNkYZBxVaaIMPZJ+KrkT6H0eHMdr vARa51ID6W0ez5NkqPQxsYOcr5CmSePGYFgLZuQHLIceo/xlKn5i+PUNK7x5sAE3zHxj ZFXw==
MIME-Version: 1.0
X-Received: by 10.50.91.168 with SMTP id cf8mr11014566igb.20.1360202874511; Wed, 06 Feb 2013 18:07:54 -0800 (PST)
Received: by 10.64.31.66 with HTTP; Wed, 6 Feb 2013 18:07:54 -0800 (PST)
In-Reply-To: <510FCA42.5000704@isoc.org>
References: <510FCA42.5000704@isoc.org>
Date: Thu, 7 Feb 2013 11:07:54 +0900
Message-ID: <CAAAkSUFNO_1o0orUgfwvE3AjruNQcrz5Z5a5Z_vg6z6ycC3f3w@mail.gmail.com>
From: hideki nara <hdknr@ic-tact.co.jp>
To: odonoghue@isoc.org
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlXTZIvpnUaI4DOA6b08qTEL3gwr38HY9e6V+LPmfb6mMoccrfqu+lF6VSlqcPv3AlTs58f
Cc: jose@ietf.org
Subject: Re: [jose] POLL(s): header criticality
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 02:07:58 -0000

FIRST POLL:  YES
SECOND POLL:  YES
THIRD POLL:  A

---
hideki nara

2013/2/4 Karen O'Donoghue <odonoghue@isoc.org>rg>:
> Folks,
>
> I am wrestling with how to help drive consensus on the topic of criticality
> of headers. For background, please review the current specification text,
> the minutes to the Atlanta meeting (IETF85), and the mailing list
> (especially the discussion in December with (Subj: Whether implementations
> must understand all JOSE header fields)). We need to come to closure on this
> issue in order to progress the specifications.
>
> As a tool to gather further information on determining a way forward, the
> following polls have been created. Please respond before 11 February 2013.
>
> Thanks,
> Karen
>
> *******************
> FIRST POLL: Should all header fields be critical for implementations to
> understand?
>
> YES – All header fields must continue to be understood by implementations or
> the input must be rejected.
>
> NO – A means of listing that specific header fields may be safely ignored
> should be defined.
>
> ********************
> SECOND POLL: Should the result of the first poll be "YES", should text like
> the following be added? “Implementation Note: The requirement to understand
> all header fields is a requirement on the system as a whole – not on any
> particular level of library software. For instance, a JOSE library could
> process the headers that it understands and then leave the processing of the
> rest of them up to the application. For those headers that the JOSE library
> didn’t understand, the responsibility for fulfilling the ‘MUST understand’
> requirement for the remaining headers would then fall to the application.”
>
> YES – Add the text clarifying that the “MUST understand” requirement is a
> requirement on the system as a whole – not specifically on JOSE libraries.
>
> NO – Don’t add the clarifying text.
>
> ************************
> THIRD POLL: Should the result of the first poll be "NO", which syntax would
> you prefer for designating the header fields that may be ignored if not
> understood?
>
> A – Define a header field that explicitly lists the fields that may be
> safely ignored if not understood.
>
> B – Introduce a second header, where implementations must understand all
> fields in the first but they may ignore not-understood fields in the second.
>
> C - Other??? (Please specify in detail.)
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose