IETF Logo Mail Archive

[OAUTH-WG] FW: JOSE -37 and JWT -31 drafts addressing remaining IESG review comments

Mike Jones <Michael.Jones@microsoft.com> Thu, 20 November 2014 01:22 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 032621A8706 for <oauth@ietfa.amsl.com>; Wed, 19 Nov 2014 17:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CczkHl-6k6fe for <oauth@ietfa.amsl.com>; Wed, 19 Nov 2014 17:22:29 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0108.outbound.protection.outlook.com [65.55.169.108]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDBC91A8AD4 for <oauth@ietf.org>; Wed, 19 Nov 2014 17:22:28 -0800 (PST)
Received: from DM2PR0301MB1214.namprd03.prod.outlook.com (25.160.219.155) by DM2PR0301MB0654.namprd03.prod.outlook.com (25.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.16.15; Thu, 20 Nov 2014 01:22:27 +0000
Received: from BN3PR0301CA0037.namprd03.prod.outlook.com (25.160.180.175) by DM2PR0301MB1214.namprd03.prod.outlook.com (25.160.219.155) with Microsoft SMTP Server (TLS) id 15.1.16.15; Thu, 20 Nov 2014 01:22:26 +0000
Received: from BN1BFFO11FD038.protection.gbl (2a01:111:f400:7c10::1:197) by BN3PR0301CA0037.outlook.office365.com (2a01:111:e400:4000::47) with Microsoft SMTP Server (TLS) id 15.1.16.15 via Frontend Transport; Thu, 20 Nov 2014 01:22:26 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD038.mail.protection.outlook.com (10.58.144.101) with Microsoft SMTP Server (TLS) id 15.1.6.13 via Frontend Transport; Thu, 20 Nov 2014 01:22:25 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.229]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0210.003; Thu, 20 Nov 2014 01:21:54 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JOSE -37 and JWT -31 drafts addressing remaining IESG review comments
Thread-Index: AdAEYE/mZ7+JGScpTO2tFTNz3XO8hQAAAmRw
Date: Thu, 20 Nov 2014 01:21:53 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB8DC3F@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.76]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB8DC3FTK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(199003)(189002)(77096003)(77156002)(62966003)(450100001)(16236675004)(46102003)(55846006)(50986999)(54356999)(87936001)(120916001)(4396001)(99396003)(66066001)(86362001)(2656002)(26826002)(69596002)(68736004)(44976005)(19580405001)(19580395003)(15975445006)(19625215002)(6806004)(16297215004)(33656002)(86612001)(19617315012)(104016003)(85806002)(84676001)(64706001)(84326002)(110136001)(92726001)(92566001)(20776003)(15202345003)(2501002)(97736003)(107046002)(107886001)(21056001)(71186001)(95666004)(81156004)(106466001)(19300405004)(512954002)(2351001)(31966008)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1214; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1214;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB1214;
X-Forefront-PRVS: 0401647B7F
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB1214;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/NbRHHVyrh2icKk3D6l9vvi0tZIQ
Subject: [OAUTH-WG] FW: JOSE -37 and JWT -31 drafts addressing remaining IESG review comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 01:22:33 -0000


From: Mike Jones
Sent: Wednesday, November 19, 2014 5:22 PM
To: jose@ietf.org
Cc: Pete Resnick; Stephen Farrell; Richard Barnes
Subject: JOSE -37 and JWT -31 drafts addressing remaining IESG review comments

These JOSE and JWT drafts contain updates intended to address the remaining outstanding IESG review comments by Pete Resnick, Stephen Farrell, and Richard Barnes, other than one that Pete may still provide text for.  Algorithm names are now restricted to using only ASCII characters, the TLS requirements language has been refined, the language about integrity protecting header parameters used in trust decisions has been augmented, we now say what to do when an RSA private key with "oth" is encountered but not supported, and we now talk about JWSs with invalid signatures being considered invalid, rather than them being rejected.  Also, added the CRT parameter values to example JWK RSA private key representations.

The specifications are available at:

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-37

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-37

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-key-37

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-37

*         http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-31

HTML formatted versions are available at:

*         http://self-issued.info/docs/draft-ietf-jose-json-web-signature-37.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-37.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-key-37.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-37.html

*         http://self-issued.info/docs/draft-ietf-oauth-json-web-token-31.html

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1303 and as @selfissued.

v2.23.0 | Report a Bug | By Email