IETF Logo Mail Archive

Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:54 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71921A87BB; Tue, 14 Oct 2014 05:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EvBqlIA6lKSB; Tue, 14 Oct 2014 05:54:30 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0702.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:702]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3141A87CA; Tue, 14 Oct 2014 05:54:29 -0700 (PDT)
Received: from BN3PR0301CA0067.namprd03.prod.outlook.com (25.160.152.163) by DM2PR0301MB1216.namprd03.prod.outlook.com (25.160.219.17) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:54:06 +0000
Received: from BY2FFO11FD045.protection.gbl (2a01:111:f400:7c0c::147) by BN3PR0301CA0067.outlook.office365.com (2a01:111:e400:401e::35) with Microsoft SMTP Server (TLS) id 15.0.1049.19 via Frontend Transport; Tue, 14 Oct 2014 12:54:06 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD045.mail.protection.outlook.com (10.1.15.177) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:54:05 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:53:27 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ted Lemon <Ted.Lemon@nominum.com>, John Bradley <ve7jtb@ve7jtb.com>
Thread-Topic: Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)
Thread-Index: Ac/nrdghljtsJxvvTAasWMq+smkawA==
Date: Tue, 14 Oct 2014 12:53:26 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D59F@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(13464003)(189002)(43784003)(199003)(51704005)(24454002)(377454003)(97756001)(31966008)(85306004)(54356999)(50986999)(230783001)(46102003)(87936001)(85806002)(2656002)(120916001)(80022003)(104016003)(20776003)(64706001)(66066001)(47776003)(4396001)(97736003)(99396003)(107046002)(95666004)(92566001)(6806004)(106466001)(84676001)(81156004)(92726001)(15975445006)(44976005)(19580395003)(19580405001)(21056001)(86362001)(50466002)(86612001)(55846006)(76482002)(77096002)(85852003)(69596002)(68736004)(23726002)(33656002)(46406003)(26826002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1216; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1216;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/KF040EpmpHEOsCAdsBFxq2EwAcs
Cc: "draft-ietf-oauth-json-web-token@tools.ietf.org" <draft-ietf-oauth-json-web-token@tools.ietf.org>, "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-27: (with COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:54:42 -0000

The proposed resolution below has been applied to the -28 draft.

				Thanks again,
				-- Mike

> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Mike Jones
> Sent: Tuesday, October 07, 2014 6:06 PM
> To: Ted Lemon; John Bradley
> Cc: oauth-chairs@tools.ietf.org; oauth@ietf.org; The IESG; draft-ietf-oauth-
> json-web-token@tools.ietf.org
> Subject: Re: [OAUTH-WG] Ted Lemon's No Objection on draft-ietf-oauth-json-
> web-token-27: (with COMMENT)
> 
> > -----Original Message-----
> > From: Ted Lemon [mailto:Ted.Lemon@nominum.com]
> > Sent: Tuesday, October 07, 2014 10:30 AM
> > To: John Bradley
> > Cc: The IESG; Mike Jones; draft-ietf-oauth-json-web-token@tools.ietf.org;
> > oauth-chairs@tools.ietf.org; oauth@ietf.org
> > Subject: Re: Ted Lemon's No Objection on draft-ietf-oauth-json-web-token-
> 27:
> > (with COMMENT)
> >
> > On Oct 7, 2014, at 1:14 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
> > > Encrypting and then signing is likely only a special case used by some
> > applications that are configured to understand what is going on.
> >
> > This isn't really responsive to what I said.   As I said, I'm just asking you to be
> > consistent, not to change the requirements.   I don't think that text in the
> > security considerations section addresses the inconsistency I'm talking about in
> a
> > different section.   That said, please don't continue to talk to me about this.   If
> > you think there's an action to take, take it.   If not, no need to continue trying
> to
> > explain.   I'm okay with it either way.
> 
> I'll plan to take the action described yesterday that you said you were OK with -
> adding language about "If both signing and encryption are necessary" in order to
> make the context of this advice clear.  I believe that that will improve the
> understanding of this guidance by many readers.
> 
> Thanks again for the discussion, Ted.
> 
> 				-- Mike
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email