IETF Logo Mail Archive

[OAUTH-WG] AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01

Roman Danyliw <rdd@cert.org> Mon, 25 April 2022 20:08 UTC

Return-Path: <rdd@cert.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC401C2D3F24 for <oauth@ietfa.amsl.com>; Mon, 25 Apr 2022 13:08:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Euo11l-vKTAe for <oauth@ietfa.amsl.com>; Mon, 25 Apr 2022 13:08:13 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0729.outbound.protection.office365.us [IPv6:2001:489a:2202:c::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E04CC2BCDC8 for <oauth@ietf.org>; Mon, 25 Apr 2022 13:08:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=zJHD7xV0+DAZHJJMEa7QILyXnckGwFZIlCwBeUaOfEucQHVoypisCrs5JMPJBbbKSBR9h4kssJxMh+jzAViLkF9paI1XSDYuhU2GDfSEUd4RyL0lQ949efP79oRBpGbi3lEUe1HuOYY8sbQQEAfc3hQU+Kpi4GXD9viUpy/mDrwZKmX/X7RRNY5RRLvvQtaIh7iyLCIiO4jtkzgk61vKaraPxprtBv9Qni14/ml8x3bM1SAnM5zFUSRtoDNm+OXdi/W1HDH67R2mVy8anUqcKUNvmN3qL/b+CibmNHmdPl5hTy7uo4Hzq1lKMUOl9BXo+ZtlI3vKSYFSGEblOpvx3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eIHVdijNepf7vhpCNZHwBbIeQFpG74/opT81pCgVQcU=; b=Cc2XNdroclMH0iNyKj3Mg5moZ87uOtjOYlPOkeA+jmKLGIK+a+Y1j16tvK31Bw0CXNYeSLIS/4DbVwpihFuG/IJnavFOqacGtP0h4wfq6nxM8ctMQJwaXDQBsI9GZwl1xpnJgH2j7YWTCNqmuhafLnCruS1L+EVV1BI2tLdk8cx9KkSyvlDN/Wt+51VTEFabrv5nLMVv/ABDbKzoshyP2VyS/8+hPn5A1YocEIML/+DcJ8N2GaTWAWKJbsTlRRxlCiRZtGik8cUM2t2jcNKByuaXpOb93hhGYmXpls3E3J6YZ9EpQekPDzlBXJfHnmIVhwYA6ryys3L4hTzQQYXuUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eIHVdijNepf7vhpCNZHwBbIeQFpG74/opT81pCgVQcU=; b=GfBdECEmWldX0btNv3O7zdQZ92ienrIJ91vwn6zCBmuMctI+gyQQ65muO1ovN0cpkeiC8SbFDiHpVx5yalZp6k2zDJXt4Fd54E8tU1J4sgAMPN8IGMYC6AnvvhYLyn6fgAOeGDSyWXte+goSveYFBNCd2iZPxvlAXpSGAWS9sNw=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB0961.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:16b::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.14; Mon, 25 Apr 2022 20:08:07 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::ed15:bcc4:3362:6291]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::ed15:bcc4:3362:6291%5]) with mapi id 15.20.5186.020; Mon, 25 Apr 2022 20:08:07 +0000
From: Roman Danyliw <rdd@cert.org>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01
Thread-Index: AdhY38M5L5MN5hq1QcytyExp5oO4Dg==
Date: Mon, 25 Apr 2022 20:08:07 +0000
Message-ID: <BN2P110MB110764218AE49ACD31DC37E8DCF89@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cfded260-8650-495c-e231-08da26f7504e
x-ms-traffictypediagnostic: BN2P110MB0961:EE_
x-microsoft-antispam-prvs: <BN2P110MB0961167525559C2B2C694AFCDCF89@BN2P110MB0961.NAMP110.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PKu/SftFeqDmBqNxIkWhbvBDWtCvyAeS/6INRifaYqR19Ep2wCJ5qORc/CY7QSdAl8BCnNMV5NQi2ojowcRWGfLTpvNdC0Yl07UuWKUT3ne7iD2jKkHASfYn4GwS8/Yk4eaqEdzuPgeUFs4y1TGKeL7N5YEFN+uFwJy6sw2RaX0up7kWcwVVjU/6Jgbh753KAmBktwUAhDI6pxE7/sE4qgQwsvKmIsUZuXUQU95hEbnJo8Cwd6p8N8/I5F5kilDOTxIZu4deJKkLi89wkEXMtYns5hpPQeCyXm1FQk05BZ9XjrzWM9+Q2IFjf3DFp9sS5Zwldb+nO9kntG9v7S2w0uGwLYvwGMnMuEtsFiDlIf8qq3UByGH0m93h65KpI3BbwYnwmO7QWh6dfB+m4zNovBt44i+tK9N53llMSUjjOgPa/OE42bu2LudAhcEsxK650mWXY7MD3kPt/DZywCl5+j8sHcWFgXxoSCWq2sLpv8AqabCkZt81CQ7QNVvntlr/tz2atD9z3hP+EFy3uapZU5KWGhbQ4kNzuVXgzEpyco0XJtV+HHHnltnctyYyFpsW+C9HYiMdM4hVOKhA3kIdG6IinyV1SORA6AZd6PEGtjxLgyp6KVswMndRa8KKAjIx
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(186003)(9686003)(6916009)(64756008)(8676002)(66476007)(33656002)(6506007)(66556008)(66946007)(5660300002)(55016003)(8936002)(26005)(76116006)(82960400001)(122000001)(66446008)(498600001)(7696005)(71200400001)(38100700002)(86362001)(2906002)(38070700005)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: C7ymWKuO+emxFD1nE0h/cFOUPO4xbRt1pkDlSiqpvzOPui0bzEMrc/K7hgze6qbA7AblM/VTJcTBwt5NGEgen5N0ADjKBZ+fkmEChlT2+AADMbNCddQVcRAGOu0VzrDq3HgFz8O3+1qgPCYqIMdZdyD6s6Yqp8XJuJw+XGgoLHb5WSzMa5h6bVEg5QB+ujZjjz8IpLRvt2ZLjV0BOWSkUhLf75q7PToec/ghBBrPxEy3LgqGe6e5bcYPaZtVyJ4m69kLsFzUStjNAUk5Bc62Ns9NxiJ421PsSF1OBXSZbcfzLUu4O/bfR3SDds5NEuue9YYV/uXERdm1nEKIE+VEpi2uX4sFeR/e8O9h0JsPQZBPPFikD3gKTo4BdaedsOhnyq7DvxqeuKdgjXyc9XhtQ0JVivZ92Io+xFEsxbPVt2g=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cfded260-8650-495c-e231-08da26f7504e
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2022 20:08:07.2158 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB0961
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JV-JKWRYjmWHHojU_6APj_i8kWY>
Subject: [OAUTH-WG] AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2022 20:08:18 -0000

Hi!

I conducted an AD review of draft-ietf-oauth-jwk-thumbprint-uri-01.  Thanks for the work on this document. I have the following feedback which can be addressed with other IETF Last Call reviews.

** Section 4.  Editorial clarification on which field from the registry to use and error handling is below:  

OLD
   Hash algorithm identifiers used in JWK Thumbprint URIs are strings
   registered in the IANA "Named Information Hash Algorithm Registry"
   [IANA.Hash.Algorithms].

NEW
Hash algorithm identifiers used in JWK Thumbprint URIs MUST be values from the "Hash Name String" column in the IANA "Named Information Hash Algorithm Registry" [IANA.Hash.Algorithms].  JWK Thumbprint URIs with hash algorithm strings not found in this registry are considered invalid and the application using these thumbprints will need to define an appropriate error handling mechanism.

** From idnits:

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

If the above isn't adopted, drop Section 2 since it doesn't appear to be needed.

Regards,
Roman

v2.23.0 | Report a Bug | By Email