[OAUTH-WG] FW: JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments

Mike Jones <Michael.Jones@microsoft.com> Wed, 10 December 2014 03:45 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9249A1A1A6C for <oauth@ietfa.amsl.com>; Tue, 9 Dec 2014 19:45:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ikhveNmcSFtR for <oauth@ietfa.amsl.com>; Tue, 9 Dec 2014 19:45:47 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0104.outbound.protection.outlook.com [207.46.100.104]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C79F11A010C for <oauth@ietf.org>; Tue, 9 Dec 2014 19:45:47 -0800 (PST)
Received: from BN3PR0301CA0012.namprd03.prod.outlook.com (25.160.180.150) by BN3PR0301MB1204.namprd03.prod.outlook.com (25.161.207.16) with Microsoft SMTP Server (TLS) id 15.1.31.17; Wed, 10 Dec 2014 03:45:46 +0000
Received: from BY2FFO11FD017.protection.gbl (2a01:111:f400:7c0c::143) by BN3PR0301CA0012.outlook.office365.com (2a01:111:e400:4000::22) with Microsoft SMTP Server (TLS) id 15.1.31.17 via Frontend Transport; Wed, 10 Dec 2014 03:45:46 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD017.mail.protection.outlook.com (10.1.14.105) with Microsoft SMTP Server (TLS) id 15.1.26.17 via Frontend Transport; Wed, 10 Dec 2014 03:45:45 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.188]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.03.0210.003; Wed, 10 Dec 2014 03:45:13 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments
Thread-Index: AdAUI55I3vU3GXoERk6BHCB97RwmvAACA9ZQ
Date: Wed, 10 Dec 2014 03:45:12 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BC19876@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739439BC19537@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BC19537@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BC19876TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(199003)(189002)(71186001)(16236675004)(87936001)(55846006)(16297215004)(54356999)(2501002)(76176999)(50986999)(2656002)(85806002)(26826002)(84676001)(33656002)(19625215002)(512954002)(86362001)(69596002)(66066001)(19580405001)(92566001)(84326002)(6806004)(46102003)(21056001)(20776003)(86612001)(64706001)(15975445007)(102836002)(99396003)(4396001)(19300405004)(120916001)(450100001)(19617315012)(81156004)(77156002)(62966003)(104016003)(1720100001)(19580395003)(107886001)(2351001)(107046002)(110136001)(31966008)(68736005)(106466001)(97736003)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1204; H:mail.microsoft.com; FPR:; SPF:Pass; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1204;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(602002); SRVR:BN3PR0301MB1204;
X-Forefront-PRVS: 0421BF7135
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1204;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/3fiUax2NtzEM9rq4zn3ZqQhDLBI
Subject: [OAUTH-WG] FW: JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Dec 2014 03:45:53 -0000


From: Mike Jones
Sent: Tuesday, December 09, 2014 6:47 PM
To: jose@ietf.org
Cc: Stephen Farrell; Pete Resnick
Subject: JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments

Slightly updated JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) drafts have been published that address the last of the IESG review comments, which were follow-up comments by Stephen Farrell and Pete Resnick.  All DISCUSS comments had already been addressed by the previous drafts<http://self-issued.info/?p=1303>.  The one normative change is that implementations must now discard RSA private keys with an "oth" parameter when the implementation does not support private keys with more than two primes.  The remaining changes were editorial improvements suggested by Pete.

The specifications are available at:

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-38

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-38

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-key-38

*        http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-38

*        http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32

HTML formatted versions are available at:

*        http://self-issued.info/docs/draft-ietf-jose-json-web-signature-38.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-38.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-key-38.html

*        http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-38.html

*        http://self-issued.info/docs/draft-ietf-oauth-json-web-token-32.html

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1310 and as @selfissued.