[OAUTH-WG] FW: JOSE -34 and JWT -28 drafts addressing IESG review comments
Mike Jones <Michael.Jones@microsoft.com> Tue, 14 October 2014 12:40 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 845361A879C for <oauth@ietfa.amsl.com>; Tue, 14 Oct 2014 05:40:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlvW3QyR3eOK for <oauth@ietfa.amsl.com>; Tue, 14 Oct 2014 05:40:18 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0142.outbound.protection.outlook.com [207.46.100.142]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2361A8797 for <oauth@ietf.org>; Tue, 14 Oct 2014 05:40:17 -0700 (PDT)
Received: from CO2PR03CA0018.namprd03.prod.outlook.com (10.141.194.145) by BN3PR0301MB1202.namprd03.prod.outlook.com (25.161.207.155) with Microsoft SMTP Server (TLS) id 15.0.1049.19; Tue, 14 Oct 2014 12:40:16 +0000
Received: from BN1AFFO11FD037.protection.gbl (2a01:111:f400:7c10::145) by CO2PR03CA0018.outlook.office365.com (2a01:111:e400:1414::17) with Microsoft SMTP Server (TLS) id 15.0.1054.13 via Frontend Transport; Tue, 14 Oct 2014 12:40:15 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD037.mail.protection.outlook.com (10.58.52.241) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 14 Oct 2014 12:40:15 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.03.0210.003; Tue, 14 Oct 2014 12:39:34 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JOSE -34 and JWT -28 drafts addressing IESG review comments
Thread-Index: Ac/nq9tUA/c8pqIbSdqFmKhSVvB8WAAAAfmA
Date: Tue, 14 Oct 2014 12:39:33 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB0D098@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB0D098TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(199003)(189002)(377454003)(84676001)(66066001)(71186001)(110136001)(16297215004)(21056001)(106466001)(15202345003)(81156004)(77096002)(20776003)(80022003)(107886001)(2351001)(64706001)(46102003)(99396003)(107046002)(95666004)(85806002)(2656002)(31966008)(84326002)(19580405001)(44976005)(19580395003)(97736003)(87936001)(6806004)(50986999)(120916001)(54356999)(76482002)(19617315012)(33656002)(2501002)(55846006)(16236675004)(85852003)(104016003)(15975445006)(69596002)(68736004)(512954002)(26826002)(86612001)(92566001)(4396001)(19300405004)(85306004)(92726001)(86362001)(19625215002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1202; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1202;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03648EFF89
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/jtmd9W-Xk_9GCiBTuUPGsUyiPhU
Subject: [OAUTH-WG] FW: JOSE -34 and JWT -28 drafts addressing IESG review comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 12:40:20 -0000
From: Mike Jones Sent: Tuesday, October 14, 2014 5:39 AM To: jose@ietf.org Subject: JOSE -34 and JWT -28 drafts addressing IESG review comments Updated JOSE and JWT specifications have been published that address the IESG review comments received. The one set of normative changes was to change the implementation requirements for RSAES-PKCS1-V1_5 from Required to Recommended- and for RSA-OAEP from Optional to Recommended+. Thanks to Richard Barnes, Alissa Cooper, Stephen Farrell, Brian Haberman, Ted Lemon, Barry Leiba, and Pete Resnick for their IESG review comments, plus thanks to Scott Brim and Russ Housley for additional Gen-ART review comments, and thanks to the working group members who helped respond to them. Many valuable clarifications resulted from your thorough reviews. The specifications are available at: * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-key-34 * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-34 * http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-28 HTML formatted versions are available at: * http://self-issued.info/docs/draft-ietf-jose-json-web-signature-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-key-34.html * http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-34.html * http://self-issued.info/docs/draft-ietf-oauth-json-web-token-28.html -- Mike P.S. I also published this note at http://self-issued.info/?p=1291 and as @selfissued.