Re: [media-types] Thoughts on suffixes, single and multiple
Orie Steele <orie@transmute.industries> Thu, 11 April 2024 15:55 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18C3AC14F691 for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 08:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZXh6w-8W46q for <media-types@ietfa.amsl.com>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F8FC14F682 for <media-types@ietf.org>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-2a2f82ded89so4494511a91.1 for <media-types@ietf.org>; Thu, 11 Apr 2024 08:55:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1712850939; x=1713455739; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=47mbLHCyU//xQQ4in1kyRRtEUNV4Y307R8G6vt+JEGQ=; b=P+03pI2Leh8m7++jyPW8XIEkDaNhFATU/vh0vAKa7Ah9RBBh6iWkrmW6iiXa+S99Am FeRBCs/jeWn5okFFaXhkoLFGb7PXvw26H3GL+3oKWJG5gsV9q4H7V+/pErexEcQhpVtL ttJr2je66Vbau8lng/rNS3c4kRnz2yonSGZevJa5h2jQgfSQinVkPXnOkIDdD+N7HAVo et4H6Vp4+ZwU/ML9IAgK4qLOYt8lCkQ620dvELxqKvC3goFUq58sld8TVcfTz/4Y1JEr AscF4n8qqfqjHhDd0TiTGF2GZtZJqkkIosUFSX86w6WkjbY0iclwlrwpKeUGeuGWQZ0t iCcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712850939; x=1713455739; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=47mbLHCyU//xQQ4in1kyRRtEUNV4Y307R8G6vt+JEGQ=; b=hmi7d8RMUPsLic9bEoh93MlbSnjLeuk6RajioHCbe0JUEsWJRhSoJAbSBBvsIOeZr4 VOYhXAgB/X430FVuXNY78JZiK23DdvIXr+gxpVY5xDnPZtZL2aJx3qVG20/zIebos4S8 d+FLEcxqAAvkDAxFcncYkRoNmA7hIY3IO39JmPEdx+O9L8QaZO6lcZdGoMobwvHaf6z1 XCiT9CKRy3R5LAYnbflqIGk8aFJ9aNfmSpbuqdv2qqb+Ee26t56r/GwJMXHwP13Vw952 MXSHPXA5Mp2u1yrXAbYG+5BYodfKDp2LqIJNQ3SI9HsJtPXpQVKwt+xsT5He9RR5l8zY Ptag==
X-Forwarded-Encrypted: i=1; AJvYcCXkPNswS3gg+O2ISX1lab3WuccPNvCtegddG6V3uxY1/dG7nVU6vLQty79JdCViJ4FLmNXnDQJ/xpu2QCgGqUcvXrptgw==
X-Gm-Message-State: AOJu0YwlUPpHOudAXExBzzsD5Mn+mHGtCCpkhE5yiFF5dcm0e//rCCKL e55pbNNb+cejdDo4rGlmK3kqpNelezXF2iP4at0DODlefwaIVlIAhVzOZAb2TlGA1qdKwefhtsp UtK4IXqDQWm4xzw0AZGg5smxrAr0DIXTkg1Xnw1wdb0ZINQf/aY/1lw==
X-Google-Smtp-Source: AGHT+IFnsq5o6Nk9Koq5Oz9yfSutLW/ZGwTPpVpwe/UBMIqeF3MvmC5xVZD666XXSCN8pdBpCKXEn8QJGuDj//2YIgI=
X-Received: by 2002:a17:90b:1c0e:b0:2a6:bd41:a05e with SMTP id oc14-20020a17090b1c0e00b002a6bd41a05emr233112pjb.9.1712850939272; Thu, 11 Apr 2024 08:55:39 -0700 (PDT)
MIME-Version: 1.0
References: <2E20FEDE-C766-43EE-A6E2-1FB63E79CF0B@mnot.net> <1c404c4d-437c-464a-b414-4e0d39c1d8ea@alvestrand.no> <E83E80FF-5810-4A53-85D8-E5095F9C1C1C@openlinksw.com> <837B503B-B9F9-40F7-8078-7D1BCD66D076@mnot.net> <CAMBN2CTMk8GDeUT0ObHcW=xxaRMzd75PrtWwLa_YB-4JoF_FxA@mail.gmail.com> <DU0P190MB1978FF21206D608D2AECB9C2FD032@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CR4xT5BAsAN7ocWp4q84Bi8tb98ALGg7oUNobYYxgpKaw@mail.gmail.com> <DU0P190MB1978F8522FD3B435FD2401E2FD072@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com>
In-Reply-To: <CAMBN2CRFVAEshXBYHdmb73X7nAnszDpf8LEVx+JQDXY747ZhPQ@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 11 Apr 2024 10:55:28 -0500
Message-ID: <CAN8C-_LvLCk4yzvNeb6FeTy4h6oxqALtYvF7wweizt-HJMNisg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Esko Dijk <esko.dijk@iotconsultancy.nl>, IETF Media Types <media-types@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c9fb990615d42fc1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/ixbbk27g-Bidgc3PZNclDbTHHms>
Subject: Re: [media-types] Thoughts on suffixes, single and multiple
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 15:55:44 -0000
See the IANA registries: jose application/jose <https://www.iana.org/assignments/media-types/application/jose> [RFC7515 <https://www.iana.org/go/rfc7515>] jose+json application/jose+json <https://www.iana.org/assignments/media-types/application/jose+json> [ RFC7515 <https://www.iana.org/go/rfc7515>]and: cose application/cose <https://www.iana.org/assignments/media-types/application/cose> [RFC9052 <https://www.iana.org/go/rfc9052>] Note that there is no "cose+cbor", because cose is CBOR. Whereas "jose" is the compact representation that uses base64url and "." Regards, OS On Thu, Apr 11, 2024 at 8:52 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On Tue, Apr 9, 2024 at 5:56 AM Esko Dijk <esko.dijk@iotconsultancy.nl> > wrote: > > Kind of like a digital bazaar of formats ;-) > > *lol* I see what you did there. :) > > > The media type is currently stated as "application/voucher-jws+json" - > see first introduction paragraph. > > I'm assuming this is correct as the outer envelope appears to be JSON > (Section 3.1 defines this). > > There was a long discussion about using "voucher+jws" or other names > instead: > > https://github.com/anima-wg/anima-jws-voucher/issues/7 > > I've now read the entire thread, thanks for the pointer. > > Yes, this highlights the current confusion around media type suffixes. > > Using "+json" as the suffix when the syntax of the message is clearly > not JSON is just plain wrong. > > Using "+jws" or "+jose" as the suffix if the syntax matches the "JWS > Syntax" is problematic because it doesn't specify if "JWS Compact > Serialization" or "JWS JSON Serialization" is used. If you're using > the former, the pattern seems to be to use "+jwt" (JOSE experts, > please correct me if there is more nuance to this). If you're using > the latter pattern, it's not clear what the suffix should be, though I > know "+json+jwt" has not received unanimous support previously, and > that might signal that the JOSE community needs to register another > suffix for "JWS JSON Serialization" form. > > > The end goal of this work is to have one "Voucher" data model, that can > be presented in both JSON and CBOR, and signed in multiple ways (e.g. CMS, > COSE, JWT i.e. JOSE, ... ) > > Ah! This is interesting. That is the same model that the W3C > Verifiable Credentials WG has adopted, which triggered the whole > multiple suffixes discussion in that group. Are you saying that > "application/voucher" could be thought of as a meta model (there is a > set of information that you are encoding there), but the syntax isn't > determined until you serialize it to JSON or CBOR, and then it's not > secured until you use COSE, JWT, JOSE, etc?) > > This is all useful information as it demonstrates that at least two > groups came to the same sort of design through completely independent > operation, and are now being hit by the "which suffix should we use?" > discussion. If I had to guess, you're probably exploring something > like the following: > > * application/voucher+jwt > * Base64 encoded JSON payload of voucher data model > * application/voucher+jose or application/voucher+jws > * JWS JSON Serialization with base64-encoded JSON payload of voucher > data model > * application/voucher+cose > * COSE CBOR serialization with ??deterministic?? CBOR payload of > voucher data model > > What am I getting wrong wrt. the above? > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ > > _______________________________________________ > media-types mailing list > media-types@ietf.org > https://www.ietf.org/mailman/listinfo/media-types > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [media-types] Thoughts on suffixes, single and mu… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Michael Jones
- [media-types] Fwd: Thoughts on suffixes, single a… Brian Campbell
- Re: [media-types] Thoughts on suffixes, single an… Michael Jones
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Russ Housley
- Re: [media-types] Thoughts on suffixes, single an… Michael Jones
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Michael Jones
- Re: [media-types] Thoughts on suffixes, single an… Harald Alvestrand
- Re: [media-types] Thoughts on suffixes, single an… Ted Thibodeau Jr
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Fwd: Thoughts on suffixes, sing… Michael Richardson
- Re: [media-types] Fwd: Thoughts on suffixes, sing… Michael Jones
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Michael Richardson
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Esko Dijk
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Fwd: Thoughts on suffixes, sing… Michael Richardson
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Paul Libbrecht
- Re: [media-types] Fwd: Thoughts on suffixes, sing… S Moonesamy
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham
- Re: [media-types] Thoughts on suffixes, single an… Esko Dijk
- Re: [media-types] Thoughts on suffixes, single an… Esko Dijk
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Orie Steele
- Re: [media-types] Thoughts on suffixes, single an… Esko Dijk
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Manu Sporny
- Re: [media-types] Thoughts on suffixes, single an… Mark Nottingham