Re: [Jwt-reg-review] Request to register claim: sig_val_claims
Stefan Santesson <stefan@aaa-sec.com> Sat, 12 March 2022 12:50 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 767123A0B42 for <jwt-reg-review@ietfa.amsl.com>; Sat, 12 Mar 2022 04:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cmRB0rdudIA for <jwt-reg-review@ietfa.amsl.com>; Sat, 12 Mar 2022 04:49:55 -0800 (PST)
Received: from smtp.outgoing.loopia.se (smtp.outgoing.loopia.se [93.188.3.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E14E3A0B21 for <jwt-reg-review@ietf.org>; Sat, 12 Mar 2022 04:49:54 -0800 (PST)
Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 867A22EADC69 for <jwt-reg-review@ietf.org>; Sat, 12 Mar 2022 13:49:52 +0100 (CET)
Received: from s899.loopia.se (unknown [172.22.191.5]) by s807.loopia.se (Postfix) with ESMTP id 76FF22E2919A; Sat, 12 Mar 2022 13:49:52 +0100 (CET)
Received: from s474.loopia.se (unknown [172.22.191.5]) by s899.loopia.se (Postfix) with ESMTP id 742C12C977EC; Sat, 12 Mar 2022 13:49:52 +0100 (CET)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
Received: from s934.loopia.se ([172.22.191.5]) by s474.loopia.se (s474.loopia.se [172.22.190.14]) (amavisd-new, port 10024) with LMTP id SbytmcNw4CIe; Sat, 12 Mar 2022 13:49:51 +0100 (CET)
X-Loopia-Auth: user
X-Loopia-User: mailstore2@aaa-sec.com
X-Loopia-Originating-IP: 90.229.17.25
Received: from [10.0.1.129] (unknown [90.229.17.25]) (Authenticated sender: mailstore2@aaa-sec.com) by s934.loopia.se (Postfix) with ESMTPSA id 55EFE7DCB85; Sat, 12 Mar 2022 13:49:51 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------H4JVN5f1556tTDSQx6FBsQ49"
Message-ID: <116b4bed-97c2-30a0-cf26-30f58681cf91@aaa-sec.com>
Date: Sat, 12 Mar 2022 13:49:51 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Thunderbird/98.0
Content-Language: en-GB
To: Brian Campbell <bcampbell@pingidentity.com>
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>, Russ Housley <housley@vigilsec.com>
References: <SJ0PR00MB10052992FA47D0DFA90CF3F4F5539@SJ0PR00MB1005.namprd00.prod.outlook.com> <CA+k3eCS5j6XDE8u090DNDDewk-k-vVhvxXv9v_UedYbbcuF9mw@mail.gmail.com> <3575c353-6576-06a7-fab9-5f2e91fe256e@aaa-sec.com> <CA+k3eCQ6PVxWDyvnvcnMYmr-M5QE6XrzKEEU3=Dy=jtvq4oOVg@mail.gmail.com> <132b91ae-440a-29d1-5f45-d46754cb79d1@aaa-sec.com> <CA+k3eCTaSVyD8DBDURVHx1uiCmW4n+Jh_Veew40JvTw+cBPmVg@mail.gmail.com>
From: Stefan Santesson <stefan@aaa-sec.com>
Organization: 3xA Security AB
In-Reply-To: <CA+k3eCTaSVyD8DBDURVHx1uiCmW4n+Jh_Veew40JvTw+cBPmVg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/4qY4dFPjY7Sft2a13lhNk47CeyI>
Subject: Re: [Jwt-reg-review] Request to register claim: sig_val_claims
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2022 12:50:01 -0000
Hi, As I understand this, the registration of this claim is approved. How do we proceed with this registration? /Stefan On 2022-01-18 14:53, Brian Campbell wrote: > Yeah, correct, the typ suggestion does not affect registration of the > sig_cal_calims claim. > > On Sun, Jan 16, 2022 at 1:17 PM Stefan Santesson <stefan@aaa-sec.com> > wrote: > > Thank you! > > The suggestion is tempting. We will discuss how to progress on > this matter if it is worth doing. > > However, if I understand this right, this does not affect > registration of the sig_cal_calims claim identifier right? > > /Stefan > > > > Den 2022-01-16 kl. 14:58, skrev Brian Campbell: >> It'd be a media type registration - the text in 3.11. Use >> Explicit Typing >> <https://datatracker.ietf.org/doc/html/rfc8725#section-3.11> of >> the JWT BCP explains it a bit more and references RFC8417 that >> has https://datatracker.ietf.org/doc/html/rfc8417#section-7.3 as >> an example of such a registration request. Looking for +jwt in >> the registry >> https://www.iana.org/assignments/media-types/media-types.xhtml >> will turn up a few others too. >> >> I believe you could define its use in SVT however makes sense >> given the constraints you have with existing implementations or >> whatever. I.e. typ has to be either jwt or svt+jwt. I suppose >> that waters it down a bit but is possible. >> >> Or maybe it's not worth doing at this point. It was just >> something that jumped out at me when trying to do a quick review >> of the draft. >> >> On Sat, Jan 15, 2022 at 7:01 AM Stefan Santesson >> <stefan@aaa-sec.com> wrote: >> >> Brian, >> >> Thank you for the suggestion. Our current implementations use >> the jwt type declaration as this technically is a JWT. This >> also works well with standard tools as long as we can define >> the claim as requested here. >> >> Having a specific type like svt+jwt might be a good idea. I'm >> not sure exactly what implications that brings to our current >> implementations. If we register a "svt+jwt" type, could it's >> user be optional? How would we go ahead and do the >> registration of this type? >> >> /Stefan >> >> >> Den 2022-01-14 kl. 22:24, skrev Brian Campbell: >>> Honestly, I can't really wrap my head around this kind of >>> signature indirection so I'll just say that I'm okay with >>> the registration of the claim name "sig_val_claims". >>> >>> Because the document is defining this SVT, which is one >>> particular kind of JWT, I wonder if it'd be worthwhile to >>> consider explicitly typing it, as recommended in >>> https://datatracker.ietf.org/doc/html/rfc8725#section-3.11, >>> with something like a "typ":"svt+jwt" header rather than the >>> general and kinda meaningless "typ":"jwt"? >>> >>> >>> On Wed, Jan 12, 2022 at 7:44 PM Mike Jones >>> <Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote: >>> >>> I approve of the registration of this claim. >>> >>> -- Mike >>> >>> -----Original Message----- >>> From: Jwt-reg-review <jwt-reg-review-bounces@ietf.org> >>> On Behalf Of Stefan Santesson >>> Sent: Friday, September 3, 2021 8:33 AM >>> To: jwt-reg-review@ietf.org >>> Cc: Russ Housley <housley@vigilsec.com> >>> Subject: [EXTERNAL] [Jwt-reg-review] Request to register >>> claim: sig_val_claims >>> >>> Hi, >>> >>> The draft >>> https://datatracker.ietf.org/doc/draft-santesson-svt/ is >>> being requested for publication as individual submission >>> >>> This draft includes the request to register the claim >>> name "sig_val_claims" as follows: >>> >>> 6.1. Claim Names Registration >>> >>> >>> This section registers the "sig_val_claims" claim >>> name in the IANA >>> "JSON Web Token Claims" registry established by >>> Section 10.1 in >>> [RFC7519]. >>> >>> 6.1.1. Registry Contents >>> >>> * Claim Name: "sig_val_claims" >>> * Claim Description: Signature Validation Token Claims >>> * Change Controller: IESG >>> * Specification Document(s): Section 3.2.3 of {this >>> document} >>> >>> >>> The draft specifies a Token having the form of a JWT >>> which includes this defined claim. >>> >>> The rationale for this claim is described in the >>> referenced document. >>> >>> The solution is deployed is real services and it is >>> considered for national government usage which is the >>> main reason to publish the specification as an >>> informational RFC. >>> >>> >>> >>> /Stefan Santesson >>> >>> >>> _______________________________________________ >>> Jwt-reg-review mailing list >>> Jwt-reg-review@ietf.org >>> https://www.ietf.org/mailman/listinfo/jwt-reg-review >>> _______________________________________________ >>> Jwt-reg-review mailing list >>> Jwt-reg-review@ietf.org >>> https://www.ietf.org/mailman/listinfo/jwt-reg-review >>> >>> >>> /CONFIDENTIALITY NOTICE: This email may contain confidential >>> and privileged material for the sole use of the intended >>> recipient(s). Any review, use, distribution or disclosure by >>> others is strictly prohibited. If you have received this >>> communication in error, please notify the sender immediately >>> by e-mail and delete the message and any file attachments >>> from your computer. Thank you./ >> >> >> /CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended >> recipient(s). Any review, use, distribution or disclosure by >> others is strictly prohibited. If you have received this >> communication in error, please notify the sender immediately by >> e-mail and delete the message and any file attachments from your >> computer. Thank you./ > > > /CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly > prohibited. If you have received this communication in error, please > notify the sender immediately by e-mail and delete the message and any > file attachments from your computer. Thank you./
- [Jwt-reg-review] Request to register claim: sig_v… Stefan Santesson
- Re: [Jwt-reg-review] Request to register claim: s… Mike Jones
- Re: [Jwt-reg-review] Request to register claim: s… Brian Campbell
- Re: [Jwt-reg-review] Request to register claim: s… Stefan Santesson
- Re: [Jwt-reg-review] Request to register claim: s… Brian Campbell
- Re: [Jwt-reg-review] Request to register claim: s… Stefan Santesson
- Re: [Jwt-reg-review] Request to register claim: s… Brian Campbell
- Re: [Jwt-reg-review] Request to register claim: s… Stefan Santesson