[OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
Pieter Kasselman <pieter.kasselman@microsoft.com> Mon, 12 August 2024 11:00 UTC
Return-Path: <pieter.kasselman@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4EFAC151549 for <oauth@ietfa.amsl.com>; Mon, 12 Aug 2024 04:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APWXMna1OXM1 for <oauth@ietfa.amsl.com>; Mon, 12 Aug 2024 04:00:24 -0700 (PDT)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2138.outbound.protection.outlook.com [40.107.103.138]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2B5BC15109C for <oauth@ietf.org>; Mon, 12 Aug 2024 04:00:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dsaScenTSVaPIjHmGYrt9jjRM+fsXPLL7EljkvR/RVHSjcmF2+J4rRDK4rTs31/lkdd+bR/klFntGu8ISqg8HL9LuEVrha4ey40SrQL7WfBHskCiVVv9eVsyHG55zURkVf3ecgzojZZAZjpSjwcVxYrf5eIKwF41bEvcjzkncfvBHOpDctEdWgiuHU4gcjQyZyTfjZ0OezmoMo14RQf7RHG4Vzc/du0DmhHaORkaTKNa/7bzgWFnaOH/EDAjy4tIiV06+20Ixt4VTtKNA3fjflCLIjHRvIU/vjCmEgx1tUaAZ+R4F/Qajs1eQ3CEk1kMJks2k3irajgJa1alzfn2FQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rrbltle87gjdVxDvK5UUgpPTFngsbwK76bVRNyyC9Fo=; b=c3Uno5IfMF+8GOebrKcmx3EZ+OnIwvYAonhjnpbtNFP3bgYGLfqO7TgJ5DrFX8jTRseT9Dq07l5Uozxv1791GPTe8DXf5TLr3CFmw+NT26Gw9Cu2t5y7V5UDBYbmgUCHZUWr4gJ8DS0Gz35SQFpZkPtLmgYd9/AxzNLoHfIij69uJDN2EWBfINdzNTl8g9EQYsEcOw03aCSzFR8nTROst0BmV178rsnB1hyCuG5SXVABs73tH+hIcoYe72OoA9Gbty5iUqjI1pDtpTWfB3/tIpQf63GZV5sk5hl2VvJoj4xUS/eDM/GJcPSHP/4dvqB6x+jycNAT2mmshZnCCQdRTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rrbltle87gjdVxDvK5UUgpPTFngsbwK76bVRNyyC9Fo=; b=YAcxcpy7PBrRCdo3LTVlrnFuKWJiqRkEt/HqO9I2o7XAzU2WhSX0apKGdY9dvpCHC9ef+vzGZABmekYHRkj5rS5vobGS3F/sEQwt4ZDIwq15qQxRTQ0u+Bf/PWFWocef4Bt/E1F1VSQFBnMKaUoIetTGeJ63LYgGbbtg4MPeY2o=
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com (2603:10a6:10:19e::6) by VI0PR83MB0738.EURPRD83.prod.outlook.com (2603:10a6:800:262::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.4; Mon, 12 Aug 2024 11:00:20 +0000
Received: from DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded]) by DBAPR83MB0437.EURPRD83.prod.outlook.com ([fe80::9ee1:305:cfd7:dded%6]) with mapi id 15.20.7897.003; Mon, 12 Aug 2024 11:00:19 +0000
From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>, Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org>
Thread-Topic: [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
Thread-Index: AQHa41CeTZar3Osyq0OMWLFy+Hb0NLIQ3QtQgAAuWQCAACRwgIABQ0IggAadm4CAAAUrMIAAJEgAgApLtKA=
Date: Mon, 12 Aug 2024 11:00:19 +0000
Message-ID: <DBAPR83MB04373531FDFC605A6437614291852@DBAPR83MB0437.EURPRD83.prod.outlook.com>
References: <20240731132617.0FE6C3B873@rfcpa.rfc-editor.org> <CA+k3eCSU45mnmRQxdNhf-cJ6FEfxon9d64bO0jJ4u3G99bEvqA@mail.gmail.com> <DBAPR83MB0437A90177CB7B34DBD67F1291B12@DBAPR83MB0437.EURPRD83.prod.outlook.com> <CA+k3eCQ_8NAmdYejmj7oLW=QeLM1=AHKnPQyM2qhc65=hNwqTw@mail.gmail.com> <CAGL5yWYde01JQYc5h4iESgQG=rRNGBREbKDD3U3oYvNHH4VG9Q@mail.gmail.com> <DBAPR83MB043762B970631E79DACA729191B22@DBAPR83MB0437.EURPRD83.prod.outlook.com> <CA+k3eCS7x9p0ZB5J7hu0=TkWt1kuFzgQQO979ViJ0qnFUXfAdA@mail.gmail.com> <DBAPR83MB04370C7F73A28363E06501D291BE2@DBAPR83MB0437.EURPRD83.prod.outlook.com> <66684D87-21C4-4FAC-8B40-401B6FA0F5C9@alkaline-solutions.com>
In-Reply-To: <66684D87-21C4-4FAC-8B40-401B6FA0F5C9@alkaline-solutions.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=333f3e56-13dc-45e9-9fb8-b2cdc3e8350a;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-08-12T10:56:08Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DBAPR83MB0437:EE_|VI0PR83MB0738:EE_
x-ms-office365-filtering-correlation-id: b07274bb-3701-4733-ea66-08dcbabdf4bd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: u1IlA2PWF1UTW12cBlryn9cFeJ06i3I8PXbygQefR41k2usfNOhAKchXBtKy8OKfHRGClcmvkZwzhzW03peFPwsn9gZg18lloKeoKZrEIYRFoYs9uvM66HeUFpmkWuSnyTtAPA2s3vtosJwyxB4RqTfacChfE6OZdyA+/cv5/twyHP1wrKLnjq2bwbuz5tfTtS5Zc9qFQCJjry9GERQGAH9PXmG4QcjoUKXzHCj4ciFmNVRphz6+cnQiQfUW6N+RXWBjUqIA0IaG0xbfgHVMn/8nWqgp1mvRmj8ge5VFt4RJhx6gLaVFfs3XB31v54qKUrr6INIIQo+kkh2OTsm13ooiCGgiqvp/v4Ay7NLPkPV+JEh/Vfz/K5rO+H/K+Zz3qCAlO/DkjfagFxuTFbmL491mtctAi25m1rQLxN2fRkPjCG+e9iz33pj4DXrJy8pQicuM0wgQrCKz3ugyAOXIMVfJ3DxFlzAghJ44jTmFwZ7rY66KpxPzpseWVQ1bMaBxFKcm8YcvOMxdaZPLODDZOW34aU/Bf9SVLHDyh5WhQaSDx+ZGhd81zeMtT7Y/8GpnzBCf6cJeTcZSxr2aSYy732GsnJjObjMuQd+zaomHWQ8Z75JJXsHSsgQX7myc3jJtjlWKqkYHfLXb+VATY/wOHJXXdk6Y56u4G41k+Cm+O+Gz15DdKVhIm4jL5W6wtyvcfOoyTeTC7LmnDjfiTq6f8zBSQ95GHz02/jVApVy41/oUqO9FYGeKUCi0ezqRR9KlRK1kt/KoFEnDlsgOzgMsAtyOUO5xlM2UsntiveNqtyKQgcr+pBUKN/PbkxSNi38iRBikmj36+t+xyZQ7iMp3UuG3GVBlt6SdKih1uKd6HqRkuI3T5yT8wGJ3rJL4gOg6ECLOmRfkSgdu7IQJXwQIY53YJ3MbXjt6pZRMEtXiDOmtvxC6RtdVZDlVDSDWzRp5FfHJ/+mqL7aIlhj29oFmgFCha0XrvVWt7jeITeYpHsqVLHMA+0VQUxqvH+isxP51tMpuYtOBHZll9E3XEgmEXbDIiiutC8T/XUqb8YMD+TwRDEo3OZ82ntaeTXs/OpOPl7069PMgPbmte5xITCWNYdAjKEOgXzYrbFCeOVHtF/CPtRPzehcG/Rbq/izvyicc6MRXhMJ3oxj1DBr7bi3mxiDC40R30cpfu+pc0vIVi8966DhWna//dlw5VKCLFGqzTqhO4TdRovOLcM2Ox3Utsn8TbdxvGRZxSJxzwv/ewp/TxeeReo/kBN7ngEaepZ9F2h56S8Kp2HFLRf7/WXrBK8u9PIE7+gPGWxRwXivh12eflrcovdR5Sob4CaCM1bKJ9K4jaAy7nWkFzofGe7FmqAYLpIO9/PJ3nr79RQnGllyB51BSerbJQktjsnwhq+4j2HtUeZeoAc7Kyyv3INx3fA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DBAPR83MB0437.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eFgGiLY7KQjmHYTYtotoWJvIT4lUXKLFCj58J7wOB49AZyFnXX5forq7mE3JMG16yb8wSabZ3b9IyS2ZJxgl6Dbtsgq8luhRxG7tNq2jS8Of/zhw0riqClDjHfEiFN8JnMZuD/KE+KTEGRLT94QUvlGQ4HO60BcXDHVWjKn3FE7FJILkFtO3bkgNpMQzuJzxEkJecrYRfAlqdTmIglfUy6wSZ9Gt1qWxCvCmKOXLLATE/ln6Re1KQ25XY4pe7euQdV/0nPqjI8+oMdP741UyJmTNz5iDWetjBIjyM7LbmexUI48DMmMl880Ec6/hu8haIYIp2hrgYlONWDwGMmBMmHEmMQdRDbjtZBiEht1I24FXVEBRiraCGujAlLNh/mtCWSqUZu5+a5JlKtR+eTGIEUtLoFx+dRT1PC1pV3+Bm6+MYe3muu7j6ZEnG22bxdNCh6OxqnkblR+j9PdtPuitN+SASJOb9b6eXPaLppn9zkCJcgkZR8BLYiL8TTfCy4FVgoKTZTAYR1+Zg7UC18SmtmSsF5LOrujNb3u4D9Q6yXbZKD+iA2eDlapq6SEZceK72VlpIXuBN/Yi4TwtE4ir+32uVpnNLyELhuPAthR98H8onPKGYgUE4Z9GVHRewFnlnwX6/ZieK3nOQUr7ko8QjqHDQP+NA4dVwCgaQZa4tPD+T3ZxTVvAkTecAlegXxfJEpYY0vHjcnIt++YwXHfWVU4MZ0r6T2K5OyBCBpZObysTnesfKlmq2UUVVTJKXay39pEptQvZxImjRziLT7kQBHFGP04Qxfyt01tzC3wgOvt5/WzJo2RRUvgSOArCnp/ruGRqzVfVe2NtPQnkW+rXJMyr+r9yI8rDVEcUZeAiYdyfKSHgvE0xGeswpIWBfYy3juwuN5VEXFasg6eAmnee8wh1ZMK8ArCiB1WvTm/CvIVS7wFiP48L950+uUHwa9urPztcVa8ySLK3FlND0vJPD09j7214B1cZ2IEYDX7mjml2aESIeBw71Ubf9GpA9fFKYZlKmEZIUDftWntwaG3qAeH2Tp3WbfziYtT/NFcV39pIgmYULDPom0I8P1qd1Yb8ax493jzQ9UteosyfajjmUNVArL8YuGk+VvMNpZLpNlpG9OYzgeS6ck2PqKerSGID5eXZzODV10WwSISsfqL7HSCAbKbI4/AqKUIUYBJtLJDUxIm7LjFmw+4gyHOQLSG4qQP6QndIhDPFdE1PZyA1toCvefWymThLWDprJxjC6bqdIM8PUKxtdZoGZQrwijPTVzHBjz8SKjZPAtrIDFKYoo1pNkXcqNUf/tt/ovmRyxJ3Z8WjS2daWKyYkdOhYP7eoanyXWBVy0aNYlCGYmNeJRcm9rSZiHevAOfD4ZeAeWb+uijxPfXeE5Y47PV1YkIeMpA5+VbSyfuTwZKa6ho016/AKW1XBqITUeYiXdZdi5cKSm8UWsuzv34HBkY/pQuT4teq1WQhK/UjC/O2f4XcDm/wsa6I/EYfbDSHv/TUw3qutKGsvufrP43C2wHjFuGd
Content-Type: multipart/alternative; boundary="_000_DBAPR83MB04373531FDFC605A6437614291852DBAPR83MB0437EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DBAPR83MB0437.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b07274bb-3701-4733-ea66-08dcbabdf4bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2024 11:00:19.6809 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rCn09ODENxoaJmciIQ4L4XgMIGduBZzMnN+2wo0ttFxh/kl166cXlCbP/1kkdxqmcru0UAwOeHQtOBK2yuC3c71X1YYRaHVadodZP55wCWo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR83MB0738
Message-ID-Hash: O6NTOSOALMX2DE3QFQCZ2NY6DTKGEZD2
X-Message-ID-Hash: O6NTOSOALMX2DE3QFQCZ2NY6DTKGEZD2
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, "prkasselman@gmail.com" <prkasselman@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WPcqcdEoiVMVYFIk4-rsn-lYEPQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Thanks David and Brian. Unless there are any concerns with adopting the alternative text, I would suggest the following for the errata in section 7.2 bullet 5: Original Text ------------- 5. Verify that the resulting JOSE Header includes only parameters and values whose syntax and semantics are both understood and supported or that are specified as being ignored when not understood. Corrected Text -------------- 5. Verify the resulting JOSE Header according to RFC7515 or RFC7516. Cheers Pieter From: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org> Sent: Monday 5 August 2024 22:43 To: Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org> Cc: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>; RFC Errata System <rfc-editor@rfc-editor.org>; prkasselman@gmail.com; oauth@ietf.org Subject: [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060) On Aug 5, 2024, at 1:52 PM, Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org<mailto:pieter.kasselman=40microsoft.com@dmarc.ietf.org>> wrote: I tried to keep the changes to additional text that would scope the processing rules more precisely for the JWT/JWS/JWE cases (point 7 in the processing steps references JWS and JWE separately, so thought I would propose text that does something similar to that). The idea of additional text is that a reader who is familiar may find it easier to process the delta. However, if we want to change the text, I like your second option: "Verify the resulting JOSE Header according to RFC7515 or RFC7516." I don’t think we should delete the bullet completely. Cheers Pieter I prefer this over the current text, which might be incorrectly construed to provide counter guidance to the “crit” protected header parameter. -DW
- [OAUTH-WG] [Technical Errata Reported] RFC7519 (8… RFC Errata System
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Brian Campbell
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Pieter Kasselman
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Brian Campbell
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Paul Wouters
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Pieter Kasselman
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Brian Campbell
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Pieter Kasselman
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… David Waite
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Pieter Kasselman
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Brian Campbell
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Pieter Kasselman
- [OAUTH-WG] Re: [Technical Errata Reported] RFC751… Justin Richer