[OAUTH-WG] FW: JOSE -28 and JWT -22 drafts incorporating additional AD feedback
Mike Jones <Michael.Jones@microsoft.com> Fri, 20 June 2014 23:52 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B561A031C for <oauth@ietfa.amsl.com>; Fri, 20 Jun 2014 16:52:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61E3gLTe8Bx9 for <oauth@ietfa.amsl.com>; Fri, 20 Jun 2014 16:52:50 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711AF1A0319 for <oauth@ietf.org>; Fri, 20 Jun 2014 16:52:50 -0700 (PDT)
Received: from DM2PR03CA004.namprd03.prod.outlook.com (10.141.52.152) by DM2PR0301MB0701.namprd03.prod.outlook.com (25.160.96.27) with Microsoft SMTP Server (TLS) id 15.0.969.15; Fri, 20 Jun 2014 23:52:49 +0000
Received: from BY2FFO11FD046.protection.gbl (2a01:111:f400:7c0c::117) by DM2PR03CA004.outlook.office365.com (2a01:111:e400:2414::24) with Microsoft SMTP Server (TLS) id 15.0.959.24 via Frontend Transport; Fri, 20 Jun 2014 23:52:48 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD046.mail.protection.outlook.com (10.1.15.170) with Microsoft SMTP Server (TLS) id 15.0.969.12 via Frontend Transport; Fri, 20 Jun 2014 23:52:48 +0000
Received: from TK5EX14MBXC294.redmond.corp.microsoft.com ([169.254.3.103]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.03.0195.002; Fri, 20 Jun 2014 23:52:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JOSE -28 and JWT -22 drafts incorporating additional AD feedback
Thread-Index: Ac+M4oyywZzVkymtQ/K0Cy4DpMbPGwAABa2w
Date: Fri, 20 Jun 2014 23:52:16 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439AD86D4D@TK5EX14MBXC294.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.71]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439AD86D4DTK5EX14MBXC294r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(438001)(377454003)(199002)(189002)(86612001)(97736001)(50986999)(76482001)(54356999)(15202345003)(19625215002)(85852003)(44976005)(87936001)(16297215004)(83072002)(33656002)(512954002)(106466001)(81156004)(79102001)(81342001)(19580405001)(31966008)(81542001)(46102001)(74662001)(80022001)(74502001)(77096002)(66066001)(19300405004)(71186001)(69596002)(85306003)(64706001)(21056001)(84676001)(92726001)(104016002)(6806004)(19580395003)(4396001)(83322001)(26826002)(99396002)(2656002)(77982001)(16236675004)(20776003)(55846006)(68736004)(86362001)(84326002)(92566001)(15975445006)(95666004)(6606295002); DIR:OUT; SFP:; SCL:1; SRVR:DM2PR0301MB0701; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 024847EE92
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/_Nyt0Rv69cCUFZLn9ombAWQrbGA
Subject: [OAUTH-WG] FW: JOSE -28 and JWT -22 drafts incorporating additional AD feedback
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 23:52:53 -0000
From: Mike Jones Sent: Friday, June 20, 2014 4:52 PM To: jose@ietf.org Subject: JOSE -28 and JWT -22 drafts incorporating additional AD feedback Updated JOSE and JWT drafts have been released that incorporate additional wording improvements in places suggested by Kathleen Moriarty. Most of the changes were rewording and reorganization of the Security Considerations sections. An explanation of when applications typically would and would not use the typ and cty header parameters was added. The one normative change was to specify the use of PKCS #7 padding with AES CBC, rather than PKCS #5 - a correction pointed out by Shaun Cooley. (PKCS #7 is a superset of PKCS #5, and is appropriate for the 16 octet blocks used by AES CBC.) No breaking changes were made. The specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-28 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-28 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-28 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-28 * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-22 HTML formatted versions are available at: * http://self-issued.info/docs/draft-ietf-jose-json-web-signature-28.html * http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-28.html * http://self-issued.info/docs/draft-ietf-jose-json-web-key-28.html * http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-28.html * http://self-issued.info/docs/draft-ietf-oauth-json-web-token-22.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1240 and as @selfissued.