IETF Logo Mail Archive

Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01

Kristina Yasuda <Kristina.Yasuda@microsoft.com> Fri, 29 April 2022 19:39 UTC

Return-Path: <Kristina.Yasuda@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50DA8C159482 for <oauth@ietfa.amsl.com>; Fri, 29 Apr 2022 12:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6a5vzWMzDNwK for <oauth@ietfa.amsl.com>; Fri, 29 Apr 2022 12:39:43 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazlp170100000.outbound.protection.outlook.com [IPv6:2a01:111:f403:c111::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52EFEC15EB24 for <oauth@ietf.org>; Fri, 29 Apr 2022 12:39:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PqecJhb4pajYcAQN6wpWMXVHs/sOT46ckdOMfCXM9uYDDETbY7HgOYQqtxgn8VUWt3lL22XyPb0khOdzhAPL5EDsZ2MxDsdkX/iOntux3svjcHsPWXLIKf5zGt997Vvzx3kFn8OAS2dhdO6o90im0gnhxP8ur1xcG13lZsjUD1gYahMsztX/h/NT+jKb6llvr6UnDDrNKF7LEghti2OYhlSr5JgRKh2bnk3Kxb1rISuueuB6YLxdisWhjZgEKysfZZ2EZcWkHnO+scNIFSviF4PWHd0+8UJh7nY8CowaWElBran0kOG+PWMbBB9J70Y1knCKr58yUrZwH9CE7V01NA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=091DETdbYg3yGgQcaTWr4AzMKiGWfZh5QqFP73sWTl8=; b=HXl9uRFlCEN9/XfF40T6aknx8aAA33edpTyUpXU6VMgFZFjgQ4UjuiJX6118ENNStwErFtvANc7q4VcfsWOAc8ILUyXjCBIeQCRPIiYReMxk+DsCnDWgAOezXDZduH536kZUt/CQGhQbJe8xK7twPKFDLMTo9uW6JaCPkApJQg2bEDm6dgCKTsarXHrkjS0NBSDluvPKvjRuJrG5w9ovY4tPm0MNK6g28E9nnjnorvMNp1KmtzN1Id5SJzBw6AZfSprWb0PC94AM/d2ZQpzf3WqLUSBRtltosLNuQ5/ZnEaiIBIi8j3ZybN+CE4wWqCOqHJAGk4UmWtSnY89al4XrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=091DETdbYg3yGgQcaTWr4AzMKiGWfZh5QqFP73sWTl8=; b=cxc4WTZcPodgd7t8GGNEyjs8cvOFWd5M84uUWwmHJKFQmyifDW1x3XZ1X4+giC394+raTr7MsCrbVuChoqCv60zNuRYXSBccJWPUV6p9nmDWRmqKvlfnsy1vas2ZSkBiO15DJiVjZepkcgtQ2Gce5+o/ZcHkR/V8j7v+pnqv1pM=
Received: from DM6PR00MB0891.namprd00.prod.outlook.com (2603:10b6:5:168::31) by SJ0PR00MB1239.namprd00.prod.outlook.com (2603:10b6:a03:370::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5252.0; Fri, 29 Apr 2022 19:39:33 +0000
Received: from DM6PR00MB0891.namprd00.prod.outlook.com ([fe80::f0d7:7407:c0a8:b4df]) by DM6PR00MB0891.namprd00.prod.outlook.com ([fe80::f0d7:7407:c0a8:b4df%8]) with mapi id 15.20.5254.000; Fri, 29 Apr 2022 19:39:33 +0000
From: Kristina Yasuda <Kristina.Yasuda@microsoft.com>
To: Roman Danyliw <rdd@cert.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01
Thread-Index: AdhY38M5L5MN5hq1QcytyExp5oO4DgDH9m5g
Date: Fri, 29 Apr 2022 19:39:33 +0000
Message-ID: <DM6PR00MB0891DC711BA1E61FA8FE3D05E5FC9@DM6PR00MB0891.namprd00.prod.outlook.com>
References: <BN2P110MB110764218AE49ACD31DC37E8DCF89@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB110764218AE49ACD31DC37E8DCF89@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US, ja-JP
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-04-29T19:39:32Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c7ea8802-fdd3-4738-8591-21a257d1bf54; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 58a43501-cfae-468d-04e9-08da2a17fc7c
x-ms-traffictypediagnostic: SJ0PR00MB1239:EE_
x-microsoft-antispam-prvs: <SJ0PR00MB12395C08E676FE9E4609498AE5FC9@SJ0PR00MB1239.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8H+LcDvrFMS6L7EJG5yq9BGSnpd0GaR/MHQtkBUueoMQHgro9ClEBSprEgsU6oHjSZ2vr+QQGVS5AhU337fS/qIy4LEMPoEvhnT0vjj950osEAXpqcSi7Y2Pm2+awY0lipqd711ZnP/hwGzGXcvQSR4MrdY2Oa0SdHqACXJv92ja8j8k/qvSt7xQ35M7KHpjXKygOQOBG+mNPi06rRuZX9YGjssh+MB9GPv6ayym/TL58ecj7esnN5wkGqUpVWMVzeH0VBcdFaKb3a6MQ7s5AI9fCrS+zy3NS4yQxoyv08cpnumOcS0ixwe/FqDKw4DhKXiqeSbaa7nKGAJGGExhV7DLOj9H4LmtIjmbAwh8UDdJHCthI0NTu9GZrygtsXqK89vIi3dtEt2+XdsL5MFPLTQT052EVRRPayAo8B4RPrwDHCKH+gvkXLWCzXlNEM2Ke5FUnsgeBf26wmAlDLfsNUWzAXS7OX9uS8EPS4cxuSqrw1212RcgeEdl34Cd5fBY0RnTZuODmFKq6BVfTLmA8m3FvWKqT3C8W626AwAFJ6bxoCu+d6Q7DvhQycnd9gQuGlwaxO2qsc6sQQbqk6OZQJymLHRwHeQjYb7aAUFvQN6GUWYwFQmALTHzcq20q43oot1ogrmSi3dUakOD6a62pgg7gfCf0xpgg2ySnBdxgHNdSQRvUiOw5jww39FSZhp6SsVndntBoj7JwrGc0BN77iG/E9VKpX/3sLVEatzn80wTgADaaYXqNfGffXRK020yhLS0bEgyED4sr0MqNfQYk2xRq4ObaqXNYaj5/AvyFDw/k9Fz+8OKEfiOPPcwuEQTPFy5ov1vPW0gVnpoWZph/A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0891.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(53546011)(6506007)(2906002)(508600001)(82960400001)(82950400001)(5660300002)(7696005)(10290500003)(316002)(9686003)(110136005)(52536014)(8936002)(186003)(83380400001)(966005)(64756008)(71200400001)(86362001)(38100700002)(38070700005)(76116006)(33656002)(8990500004)(8676002)(122000001)(66946007)(66556008)(66476007)(66446008)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: ShAZCyYBGiPmy+Tiktrq61ocq4rZ0nGgo8zyn2dmcAh5INOsSWUyvy5qchAlXv8VMzWjeRGeRYunOvxWeUKVct/hX+NGo4SPO1wPb2caTltSqjV1Y2zjq364c4CP0iZ9fC+2Rt/oQtlra0Qwto4jdcz7VrvhMSLiuPx7l1+avRC+xdNTvXubdREtSkuEJqxVjQrQD7+V2Ryrz/FCvmfYv6C5CgOzsLclMRLUaIp2bFwtnQ/bn4mre5mAODAXKgkkxh6362RPQuVixqkESi6bCQdga3R4opKJ3uY0QlMsCeHgo0wmBqXP6fLma+dHFYhAtqKvEyv2HuiatzyYcRGk8zJF4UjJTkw/7BQR0IStbEFlZlPEeh2goZt3eoNIbMldxzl+R8S1hyXX5JSU8mih+QnTW+o3hk3++pUXOyzQQMl5+H6XtvxKV7LJOwrjSWL2dbRWCEzpA6cEP5/dpKzbTUhYD71xSVUD8TzWFjqdbiSQZHDDbhYgsj8us7wLxVIoxwlsQMtWmsQAmvMOfkF1vsd08S14L0Jx9XDSfbdUMIJbDGVShfrDeJMeXonJBMKLN/VGqF/YTiBHO2lz/4d9zk08jcQEr/1l/LLj2CtrdfUTm4JBQXUnt/qDmP/deqFpBgq/aD1oMygfy/qut7nERJRD71ME7PIDw9JY83rltqRw/LaafU861OZDCjGILOxZPSnf6764BRFvl/HmDraG0cpZLCO/WhNm8mXJghlj0gKyQpvDr9rcLhTSQThGHx8WuiwSJvjURZhFczI0mXlejgH3DW2nREYC5V5NOsq9vwGz9MQywA4ooYPgtm05BcYwYf9BcTyQfEolq/Gab9nNUgyCIxKiokHTDyLk4VL45QoZ/ZXPbjYupxUR92z3v22ozNb0SfztuDdCTiKeLbj1cIM5HT4gkFnz2hrZBOqlQ7oRPffnaKppaLO2WBQKEdguSTMtODU+b9U+WL7IW5RQ0D4T7n/0h37tRRWwKkyFlyGIZmz5YmJl0feFGaSATpI7lgGaazoi3EK/f0ceYU0pHOCNcjE8RWASHYzTt6Wkulzo+uQyyFhIcoh+dUaci0ZV4oCZrf8kMiCMCrIdzM0J3N2Hs/t3PN3rZQmX6q3i0DP5XHdAE623fV1DYheTnC+77kMiPPJMSl/2AtRYC2g96vK2QVRn06Wt8gLnGMzGJFgs7H8Liu9TLmXFApMfZ94/EujpiTCd+k/lkUdhJVv38rJKJo9ytlbggKBIS647QMH+ki3TRf7+eQM2oy2pkrPA1hVPUuX2TolHFv9R8lYKIUAo3AtuM0jNFO3L/gNhOKixvgej39RvaYlP5/G1GfS854Mn4slx6P7mCYZPjDtm8u5KnmWuC5DUyOiP8ZFD+G4xaZIGi2OTcTjEcEvP/M+CBXqz9q9MIw4ydJCHrfJ9QR7nV1RDBMmCc5QX/YFRr3tRhrP97rQvfVhcs2jfqwPvDUjja6ZFTJnSH/4M6fmKc5kN9yLVXvfGCIjA8RAdUrKWWZkmAadITQHK5h6/2v6FVYaBr3Rc5iqjPNCANlfh1M5f6e1Im5S/1spbsTUKwFK0iLUCy67YjqRCiQdd79c3+6DLPQZ7dWZQmVQTosaAOhAicoj87B107aAesE/mIs6DRjq/qfsRC4J7ufjgjW9XDxQf23XVTDucp286bLHye1SMntFW0gjzSSIx80f0VsSfV7A3e9we07MmJF7uZ1eouhBNNT0qPvFwzb6uxSkolJNY/gNG7Vft4wRhprwwVHp1xQAOQQ120jJ6UxgX6Vd7peNy+3G+
x-ms-exchange-antispam-messagedata-1: hJAdGCoKf0dcYg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0891.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 58a43501-cfae-468d-04e9-08da2a17fc7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2022 19:39:33.4647 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1oQaf7Ab+aAOBeSKrORl94ScVCq6sEW92uG+o5B54nUtL8uRhVZPAM7fQbEyK3VC8wibwVwyzHiHT65fHNAA3A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR00MB1239
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/jAfsqRJxYTSs1cB-qrFWcH3NY1E>
Subject: Re: [OAUTH-WG] AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2022 19:39:44 -0000

Hi Roman,
Thank you very much for the comments. We will incorporate them in the next revision.
Best,
Kristina

-----Original Message-----
From: OAuth <oauth-bounces@ietf.org> On Behalf Of Roman Danyliw
Sent: Monday, April 25, 2022 1:08 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] AD Review of draft-ietf-oauth-jwk-thumbprint-uri-01

Hi!

I conducted an AD review of draft-ietf-oauth-jwk-thumbprint-uri-01.  Thanks for the work on this document. I have the following feedback which can be addressed with other IETF Last Call reviews.

** Section 4.  Editorial clarification on which field from the registry to use and error handling is below:  

OLD
   Hash algorithm identifiers used in JWK Thumbprint URIs are strings
   registered in the IANA "Named Information Hash Algorithm Registry"
   [IANA.Hash.Algorithms].

NEW
Hash algorithm identifiers used in JWK Thumbprint URIs MUST be values from the "Hash Name String" column in the IANA "Named Information Hash Algorithm Registry" [IANA.Hash.Algorithms].  JWK Thumbprint URIs with hash algorithm strings not found in this registry are considered invalid and the application using these thumbprints will need to define an appropriate error handling mechanism.

** From idnits:

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

If the above isn't adopted, drop Section 2 since it doesn't appear to be needed.

Regards,
Roman

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Foauth&amp;data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C469bf75e99ec425bd78808da286d75c4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637866747863647551%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=M2jHv5g9texb82YzgjMJtxDAfg9Pl032IyZAyb8xuYo%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email