Re: [POSH] I-D Action: draft-miller-posh-01.txt
Peter Saint-Andre <stpeter@stpeter.im> Tue, 10 September 2013 22:23 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: posh@ietfa.amsl.com
Delivered-To: posh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7F2C21F9E11 for <posh@ietfa.amsl.com>; Tue, 10 Sep 2013 15:23:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geVAQe6-aJKN for <posh@ietfa.amsl.com>; Tue, 10 Sep 2013 15:23:37 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 9A21E21F9E1D for <posh@ietf.org>; Tue, 10 Sep 2013 15:23:30 -0700 (PDT)
Received: from ergon.local (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id BE9ED415BD; Tue, 10 Sep 2013 16:27:56 -0600 (MDT)
Message-ID: <522F9BE2.2010809@stpeter.im>
Date: Tue, 10 Sep 2013 16:23:30 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
References: <20130906221429.28168.74635.idtracker@ietfa.amsl.com> <BF7E36B9C495A6468E8EC573603ED9411EEF0966@xmb-aln-x11.cisco.com> <BXjoBrNAVf0RUm7aeEneuOrDeilOdDr46RJxBKrIrAEgG5pLI@smtp.gmail.com> <BF7E36B9C495A6468E8EC573603ED9411EEF6359@xmb-aln-x11.cisco.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED9411EEF6359@xmb-aln-x11.cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Tobias Markmann <tmarkmann@googlemail.com>, "<posh@ietf.org>" <posh@ietf.org>
Subject: Re: [POSH] I-D Action: draft-miller-posh-01.txt
X-BeenThere: posh@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion about PKIX Over Secure HTTP <posh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/posh>, <mailto:posh-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/posh>
List-Post: <mailto:posh@ietf.org>
List-Help: <mailto:posh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/posh>, <mailto:posh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 22:23:42 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 WFM! On 9/10/13 3:42 PM, Matt Miller (mamille2) wrote: > Thanks for the feedback! Requiring just the "x5t" makes sense, and > we can incorporate that change in the next revision. > > > - m&m > > Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. > > On Sep 9, 2013, at 3:54 PM, Tobias Markmann > <tmarkmann@googlemail.com> wrote: > >> >> Hi, >> >> Matt Miller (mamille2) wrote: >> >> FYI, the latest draft incorporates just about all of the feedback >> we received as a result of the BoF, minus ASCII art; we'll see >> about that for the next version! >> >> >> - m&m >> >> Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. >> >> >> here some feedback based on an initial read of the changes. >> >> Section 4.1 >> >> >> Additionally, each JWK object MUST possess at least one of the >> following: >> >> o The "x5t" field set to the certificate thumbprint, as per <a >> href="http://tools.ietf.org/html/draft-miller-posh-01#section-3.6">section: >> ] <a >> href="http://tools.ietf.org/html/draft-miller-posh-01#section-3.6">3.6: >> ] of [<a >> href="http://tools.ietf.org/html/draft-miller-posh-01#ref-JOSE-JWK">JOSE-JWK: >> ]]. >> >> >> o The "x5c" field set to the certificate chain, as per section >> 3.7 of [<a >> href="http://tools.ietf.org/html/draft-miller-posh-01#ref-JOSE-JWK">JOSE-JWK: >> ]]. >> >> <div class="message-gap"> <p style="margin: 0px; padding: 0px; >> "> >> >> <div class="message-signature" >> id="signature_1378760946803-1670277853" >> name="signature_1378760946803-1670277853"> I suggest making x5t, >> the thumbprint/fingerprint, a MUST to reduce the mimimum possible >> code paths to implement this draft, considering not all TLS API >> provide access to the public key's modulus and exponent. In >> addition, verification using the thumbprint is independent of the >> type of key (RSA, ECC, ?) that the certficate uses, which further >> eases implementation and straightens the codepath. I'd still >> allow (MAY) inclusion of x5c, for debugging purposes though. <div >> class="message-signature" >> name="signature_1378760946803-1670277853"> <div >> class="message-signature" >> name="signature_1378760946803-1670277853"> Cheers, <div >> class="message-signature" >> name="signature_1378760946803-1670277853"> Tobi > > > > _______________________________________________ posh mailing list > posh@ietf.org https://www.ietf.org/mailman/listinfo/posh > - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSL5vhAAoJEOoGpJErxa2poWIP/15hKeMaMbnnBL7B5WNrlFaA nb1q5c47R/mG3CP5U+tde383fIDAFrOZ7WWFhB4YAZIpSiSlQY7CTuMlA5Ezv8Nb UooOvDOZ8DzPViRFX6NPuhqjnr3/uJ3O2pSZI32ftako4dTnXXaptFNsHpEl9x9s WiG6K/ESDf1qs8MxPpqL+lb5jrCrmydVhOU2ZnjAgwbmIoJD1mkVeS3QwkN6Bhjo pvLG148Ux6Wf+17jzMjBw5dMgIpn8EHx9bVVvrywcB6rYY3/hQrJT29DVpOQ3VLU RA1FXy5R53LKpTuT/DStUywgNfjyWh6rKGYURkkIRxWS3Nwuz0BV5uPJasBq2GXK HzGacqeAobH9kD+MwMIL7d3TmqvxSR6yyJOrTCtYP5dhYkF8ZAkaK2plbZ7gWLaT qQl2Y1x2S1n2a3QnBI4ziJ5U3zAHrz6BkVDzVMM6xEuDdsTppWLdx6YZA2B/nD7h +fR9QsPZuKfgt8igf6GJJ6DbZ1zLoMrzGzbUdFVhCtJToaGYEQBj+ytAs71btyTQ 9k6efC1TNFvzwsruBRnPYIzIwYb4NVP8Il2BmJsrz27Ci12G/TGwfqF9IPZ6Z6Yn CkG8orS3AVwwvrqfxo1/1mbhU7UTMBIABIa69KjvfbmnauRIozH4f+rFaPurPZGt JkSASPz6dlfmCOnbduBK =tF3x -----END PGP SIGNATURE-----
- [POSH] Fwd: I-D Action: draft-miller-posh-01.txt Matt Miller (mamille2)
- Re: [POSH] Fwd: I-D Action: draft-miller-posh-01.… Tobias Markmann
- Re: [POSH] I-D Action: draft-miller-posh-01.txt Matt Miller (mamille2)
- Re: [POSH] I-D Action: draft-miller-posh-01.txt Peter Saint-Andre
- Re: [POSH] Fwd: I-D Action: draft-miller-posh-01.… Alexey Melnikov
- Re: [POSH] Fwd: I-D Action: draft-miller-posh-01.… Matt Miller (mamille2)
- Re: [POSH] Fwd: I-D Action: draft-miller-posh-01.… Peter Saint-Andre