Re: [saag] [apps-discuss] Input for conflict review of draft-secure-cookie-session-protocol
"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 18 October 2012 05:08 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF9621F85B1 for <saag@ietfa.amsl.com>; Wed, 17 Oct 2012 22:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.872
X-Spam-Level:
X-Spam-Status: No, score=-0.872 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MITZMCYfnBn for <saag@ietfa.amsl.com>; Wed, 17 Oct 2012 22:08:28 -0700 (PDT)
Received: from ipxano.tcif.telstra.com.au (ipxano.tcif.telstra.com.au [203.35.82.200]) by ietfa.amsl.com (Postfix) with ESMTP id 354A821F8599 for <saag@ietf.org>; Wed, 17 Oct 2012 22:08:26 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.80,605,1344175200"; d="scan'208";a="104324485"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipoani.tcif.telstra.com.au with ESMTP; 18 Oct 2012 16:08:24 +1100
X-IronPort-AV: E=McAfee;i="5400,1158,6868"; a="43296317"
Received: from wsmsg3704.srv.dir.telstra.com ([172.49.40.197]) by ipcani.tcif.telstra.com.au with ESMTP; 18 Oct 2012 16:08:24 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3704.srv.dir.telstra.com ([172.49.40.197]) with mapi; Thu, 18 Oct 2012 16:08:23 +1100
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: "saag@ietf.org" <saag@ietf.org>, Barry Leiba <barryleiba@computer.org>
Date: Thu, 18 Oct 2012 16:08:22 +1100
Thread-Topic: [apps-discuss] Input for conflict review of draft-secure-cookie-session-protocol
Thread-Index: Ac2s19rcyLmes8slSgS2DAE46H2uPQAEq41A
Message-ID: <255B9BB34FB7D647A506DC292726F6E114FDE435E7@WSMSG3153V.srv.dir.telstra.com>
References: <CALaySJK5JBo1cbsqcX6hyk0gSkDciZkX3o=o+rg9rgNVqBeRhw@mail.gmail.com>
In-Reply-To: <CALaySJK5JBo1cbsqcX6hyk0gSkDciZkX3o=o+rg9rgNVqBeRhw@mail.gmail.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 18 Oct 2012 08:03:40 -0700
Subject: Re: [saag] [apps-discuss] Input for conflict review of draft-secure-cookie-session-protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 05:08:29 -0000
Barry, draft-secure-cookie-session-protocol-08 is fairly close to the IETF JOSE working group’s JSON Web Encryption (JWE) format [draft-ietf-jose-json-web-encryption]. jose@ietf.org was one group NOT included in your email asking for conflict review. draft-secure-cookie-session-protocol-08: * a smallish text string with confidentiality and integrity protection; as does JWE * symmetric key; which is one JWE option * arbitrary binary content; same as JWE * uses base64url encoding; same as JWE * uses "|" as a separator; JWE uses "." * deflate compression; same as JWE * includes the time; signing-time field has been proposed for JWE * single id indicates keys and algorithms; JWE has separate alg id, and (broken) key id * As to whether draft-secure-cookie-session-protocol-08 “could potentially disrupt the IETF work done in WG” JOSE… uhmm. Probably not. -- James Manger > -----Original Message----- > From: apps-discuss-bounces@ietf.org [mailto:apps-discuss- > bounces@ietf.org] On Behalf Of Barry Leiba > Sent: Thursday, 18 October 2012 1:25 PM > To: http-state@ietf.org; websec@ietf.org; ietf-http-wg@w3.org; apps- > discuss@ietf.org; oauth@ietf.org > Subject: [apps-discuss] Input for conflict review of draft-secure- > cookie-session-protocol > > A document titled "Secure Cookie Sessions for HTTP" has been submitted > to the Independent Stream Editor (ISE): > http://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/ > > The IESG has been asked to review the document, as specified in RFC > 5742, Section 3. The Security and Applications Area Directors are > looking for input for that review. Please post any relevant comments > to the Security Area list, <saag@ietf.org>, as soon as possible, and at > least by 1 November 2012. > > Note: Please do NOT post responses to any of these mailing lists. > Respond only to <saag@ietf.org> (using the subject line of this > message). > > Please read RFC 5742, Section 3, and be aware that we are not looking > for detailed comments on the document itself (see below). We > specifically need input on whether this document is in conflict with > work that's being done in the IETF. Look at the five possible > responses specified in that section, and help us determine whether any > of 2 through 5 applies. Please be specific in your response. > > In addition to this, we're sure that the authors and the ISE would > appreciate comments about the document. If you have those, you may > send them directly to the authors at <draft-secure-cookie-session- > protocol@tools.ietf.org> > and to the ISE at <rfc-ise@rfc-editor.org>. > General discussion of the document on these lists or the saag list will > likely not get to the authors or the ISE. > > Barry Leiba, Applications AD > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss
- [saag] Input for conflict review of draft-secure-… Barry Leiba
- Re: [saag] [apps-discuss] Input for conflict revi… Barry Leiba
- Re: [saag] [apps-discuss] Input for conflict revi… Manger, James H
- Re: [saag] Input for conflict review of draft-sec… Willy Tarreau
- Re: [saag] Input for conflict review of draft-sec… SM
- Re: [saag] Input for conflict review of draft-sec… Barry Leiba
- Re: [saag] Input for conflict review of draft-sec… Barry Leiba
- Re: [saag] Input for conflict review of draft-sec… Tobias Gondrom
- [saag] Input for conflict review of draft-secure-… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Tobias Gondrom
- Re: [saag] Input for conflict review of draft-sec… Hannes Tschofenig
- Re: [saag] Input for conflict review of draft-sec… Stephen Farrell
- Re: [saag] Input for conflict review of draft-sec… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Stephen Farrell
- Re: [saag] Input for conflict review of draft-sec… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Willy Tarreau
- Re: [saag] Input for conflict review of draft-sec… Willy Tarreau
- Re: [saag] Input for conflict review of draft-sec… =JeffH
- Re: [saag] Input for conflict review of draft-sec… Tobias Gondrom
- Re: [saag] Input for conflict review of draft-sec… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Mark Nottingham
- Re: [saag] Input for conflict review of draft-sec… Thomas Fossati
- Re: [saag] Input for conflict review of draft-sec… Barry Leiba
- Re: [saag] Input for conflict review of draft-sec… Stephen Farrell
- Re: [saag] Input for conflict review of draft-sec… Mark Nottingham
- Re: [saag] Input for conflict review of draft-sec… Barry Leiba