[OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)

Brian Campbell <bcampbell@pingidentity.com> Mon, 12 August 2024 18:46 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74601C15109C for <oauth@ietfa.amsl.com>; Mon, 12 Aug 2024 11:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFK5evDaq33W for <oauth@ietfa.amsl.com>; Mon, 12 Aug 2024 11:46:28 -0700 (PDT)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFB9CC18DB98 for <oauth@ietf.org>; Mon, 12 Aug 2024 11:46:28 -0700 (PDT)
Received: by mail-ua1-x929.google.com with SMTP id a1e0cc1a2514c-8223f0614b6so1476018241.2 for <oauth@ietf.org>; Mon, 12 Aug 2024 11:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1723488387; x=1724093187; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XKn+HfNDxVab5eFSzvSFVs8V9Ct356FHq4e/hK0RbQA=; b=KWJtwr6p6t7YEJVj0m6ypsMMS62PHcFrITKy4FW4NE7Bnq1uTzyFZ1Oui1wvWFoYEC Oc6QhUabVlZ7VBBU2MNS7OJ8DmNpTd311fCCczzs7UjnPQmL0CwufQ3Avg1youKsu+nt M67wOIvLexxqI1D7kgIbOsmWEuidXqkmd5cxz6bMD24g8W7dB0fcjXWzwwgiIHtyHMYq y8GrbY0T/NHSb0y4KHSHIoQG70HXY8dTqTb+i9Dh6uiQhfRJGQPsxts7PWUP0ZGkOAY4 sEtP8O6zOv8nlnz8X0DREAXCm2da+eyLBBBS41XVOCzh5qEbn9ZcNEDnCzza/5vL8zQf piSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723488387; x=1724093187; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XKn+HfNDxVab5eFSzvSFVs8V9Ct356FHq4e/hK0RbQA=; b=lpAxi1ejs/xwfplrkG0bFS5wYYG9snh6hTlpiaKKmu5l5+yqOdA665V7IneQviiSBL QC3YlZTEbW2Ewrw1+HKCzEwQY4OowrPBzbRQstV4uUrZS69TDhQEs1Z7CnInSsCaQKFG eHa7gW3pUoTq51bPrYW8qJCNYWm+GCObcImIIuVmyw5KcTeRREyWcOETAV6CkaEROr4T rJV9MNKXRB12p0ruYKP/hspDgOi14WfPh4JN4QOkRAk/YnFBWX8jVX2W1rtcRMMgZBve T55V9CoQhsGJTy92ZSdxaV9bRgA0TT9u9tU3e2+GtJlP5oN/4PDdjIhuEZQPcbtROCzI 52jg==
X-Forwarded-Encrypted: i=1; AJvYcCXrzbatuhbSCiPCmnExLCzm7yb6Ggy6ANROTVCQd5XSTwis5pcwZoXUtznrPSmrn/ZF3Y3dZH8D4+jADWEu5Q==
X-Gm-Message-State: AOJu0YyPC/U2npNnMfEDudfkjyeaCo6hntOB65408peQi6/+yRMtS3sy x8DP9J56Uj/wW+Uv2SPUiXJRutTF4wUceLItujT7yaz128LfIMTO4gJLxYKZBpRIeEukHxE4AtN z7eYIqI5hhRrBZ92EOWKXDpEk36cEVysUJp1rgUBMBYnVMBWbdINgT9/zvFrQvKlpf5wtHBi2dw MjKG0yhkdH9A==
X-Google-Smtp-Source: AGHT+IEvztwybv+BrAqEyNs3ag6FhIItvL2S8rDPjLmFdEtoVekjjhN9Q1VKEKL85A6td3i+ToGLAB9y5rX7bdEHqSY=
X-Received: by 2002:a05:6102:54ab:b0:495:6aeb:a0e9 with SMTP id ada2fe7eead31-497439a952dmr1546351137.4.1723488387475; Mon, 12 Aug 2024 11:46:27 -0700 (PDT)
MIME-Version: 1.0
References: <20240731132617.0FE6C3B873@rfcpa.rfc-editor.org> <CA+k3eCSU45mnmRQxdNhf-cJ6FEfxon9d64bO0jJ4u3G99bEvqA@mail.gmail.com> <DBAPR83MB0437A90177CB7B34DBD67F1291B12@DBAPR83MB0437.EURPRD83.prod.outlook.com> <CA+k3eCQ_8NAmdYejmj7oLW=QeLM1=AHKnPQyM2qhc65=hNwqTw@mail.gmail.com> <CAGL5yWYde01JQYc5h4iESgQG=rRNGBREbKDD3U3oYvNHH4VG9Q@mail.gmail.com> <DBAPR83MB043762B970631E79DACA729191B22@DBAPR83MB0437.EURPRD83.prod.outlook.com> <CA+k3eCS7x9p0ZB5J7hu0=TkWt1kuFzgQQO979ViJ0qnFUXfAdA@mail.gmail.com> <DBAPR83MB04370C7F73A28363E06501D291BE2@DBAPR83MB0437.EURPRD83.prod.outlook.com> <66684D87-21C4-4FAC-8B40-401B6FA0F5C9@alkaline-solutions.com> <DBAPR83MB04373531FDFC605A6437614291852@DBAPR83MB0437.EURPRD83.prod.outlook.com>
In-Reply-To: <DBAPR83MB04373531FDFC605A6437614291852@DBAPR83MB0437.EURPRD83.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 12 Aug 2024 12:46:01 -0600
Message-ID: <CA+k3eCT7V5QHVKMe6aiPjMxoJtH=LqwX8j9PXtDiQDZFvN82Mw@mail.gmail.com>
To: Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001c5476061f80e98d"
Message-ID-Hash: QFJNV7DWCINFQ2YHUT5DQFFD3YDLJHUW
X-Message-ID-Hash: QFJNV7DWCINFQ2YHUT5DQFFD3YDLJHUW
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, "prkasselman@gmail.com" <prkasselman@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/xiBUJuig87TYXfmwnELEZCfwHh8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Thanks Pieter,

That sounds good to me. I think a bit of the explanatory text in the
"Notes" part of the errata likely needs to be adjusted accordingly too.



On Mon, Aug 12, 2024 at 5:01 AM Pieter Kasselman <pieter.kasselman=
40microsoft.com@dmarc.ietf.org> wrote:

> Thanks David and Brian.
>
>
>
> Unless there are any concerns with adopting the alternative text, I would
> suggest the following for the errata in section 7.2 bullet 5:
>
>
>
> Original Text
> -------------
>    5.   Verify that the resulting JOSE Header includes only parameters
>         and values whose syntax and semantics are both understood and
>         supported or that are specified as being ignored when not
>         understood.
>
> Corrected Text
> --------------
>    5.  Verify the resulting JOSE Header according to RFC7515 or RFC7516.
>
>
>
> Cheers
>
>
>
> Pieter
>
>
>
> *From:* David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>
> *Sent:* Monday 5 August 2024 22:43
> *To:* Pieter Kasselman <pieter.kasselman=40microsoft.com@dmarc.ietf.org>
> *Cc:* Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>; RFC Errata
> System <rfc-editor@rfc-editor.org>; prkasselman@gmail.com; oauth@ietf.org
> *Subject:* [OAUTH-WG] Re: [Technical Errata Reported] RFC7519 (8060)
>
>
>
>
>
>
>
> On Aug 5, 2024, at 1:52 PM, Pieter Kasselman <
> pieter.kasselman=40microsoft.com@dmarc.ietf.org> wrote:
>
>
>
> I tried to keep the changes to additional text that would scope the
> processing rules more precisely for the JWT/JWS/JWE cases (point 7 in the
> processing steps references JWS and JWE separately, so thought I would
> propose text that does something similar to that). The idea of additional
> text is that a reader who is familiar may find it easier to process the
> delta.
>
>
>
> However, if we want to change the text, I like your second option:
>
>
>
> "Verify the resulting JOSE Header according to RFC7515 or RFC7516."
>
>
>
> I don’t think we should delete the bullet completely.
>
>
>
> Cheers
>
>
>
> Pieter
>
>
>
> I prefer this over the current text, which might be incorrectly construed
> to provide counter guidance to the “crit” protected header parameter.
>
>
>
> -DW
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._