Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)
Barry Leiba <barryleiba@computer.org> Sun, 05 October 2014 23:00 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818D31A00F5; Sun, 5 Oct 2014 16:00:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scHmH21SiBvr; Sun, 5 Oct 2014 16:00:04 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED0EF1A00ED; Sun, 5 Oct 2014 16:00:03 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id gi9so3489618lab.35 for <multiple recipients>; Sun, 05 Oct 2014 16:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=exfApcFpapsMTo8Y31lCPMK+e482F/psWHbUBRWZOBw=; b=yFfyEk+wBhqcL8CTqAoypyt/L8o10UueM+ust1eRkv9RBz/aYwzLn38vvuOgscEf6M YPDSEh47AmN+HtI9YjVxfITMP8hbKJHAJhksaxvU6zkmdMPpl+f1NNg1Oqoy5uXd660p cVKfwov6SncQwup283ihAghiUGEdNyv9pSFkGqqH/yHGKmoTExggAbGg8gHkUW/JUagG 9QGg5oFCVxMUWlcpQmbS/5tjaZIs7q9vGq4N4T34wq+Op6+dnpdMDWmRPVHHMKz0oO1x Bx0Zg0PYUgOz3B3Jf3Nro209u5hd4p47+/1TiMxKwvKBlzDHr/b8Yb1YmsUIEOYozzn/ D24w==
MIME-Version: 1.0
X-Received: by 10.112.118.227 with SMTP id kp3mr19609900lbb.75.1412550002093; Sun, 05 Oct 2014 16:00:02 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.152.1.193 with HTTP; Sun, 5 Oct 2014 16:00:02 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAE9ADF@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <20141001155414.3543.53089.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAE9ADF@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Sun, 05 Oct 2014 19:00:02 -0400
X-Google-Sender-Auth: prY08ojZPYTVmJ9KZ2RClELBRvU
Message-ID: <CALaySJ+AzoDWtegHoOgMoqVV2HsNdgX2ZDiEFa5g=0xQyPGsPA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/RU7guSKlzimviHamFJ-eEK-hkFE
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-oauth-json-web-token@tools.ietf.org" <draft-ietf-oauth-json-web-token@tools.ietf.org>
Subject: Re: [OAUTH-WG] Barry Leiba's Discuss on draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Oct 2014 23:00:05 -0000
> At Stephen Farrell's request, I'm responding with "> " line prefixes > on previous thread content. Yeh, Outlook (and certain other clients, such as Lotus Notes) are particularly bad at cooperating with the Internet-style quoting, and it can get to be quite a mess as people with all different kinds of mail clients start intermixing responses. Waddyagonnado. Maybe we oughta make a standard...... > We can update the text to clarify that MIME type comparisons > are an exception to the "code unit by code unit" comparison rule. > The drafts will also be scrutinized for other possible occurrences > of exceptions to the default string comparison instructions. Finally, > we can add language to 7.1 about "unless otherwise noted for a > particular kind of string" so that it's clear that there are exceptions > to the rule. That should work, and I'll have a look at the final result. I'll note that Ted Lemon (I think it was he) suggested that the documents might leave the comparison text as is, and instead modify each place where case-insensitive comparisons are needed by requiring that those items be normalized to lower case (upper case would, of course, work as well). You might consider that, because it gets you out of the business of trying to specify how to do the comparisons. At some point, you might have other normalization and canonicalization issues, though I don't see any right now. If, for example, you might ever have a field value containing something like "kühl", you'll have to deal with two ways to represent the "ü" (as a single character, and as two (a "u" plus a combining umlaut)). It might be that that's never going to be an issue for the JW* stuff. But if it ever is (if there are ever such strings that might be typed in by users), it could be a problem. Barry