Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

Tim Bray <tbray@textuality.com> Mon, 15 September 2014 19:04 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD071A70FD for <secdir@ietfa.amsl.com>; Mon, 15 Sep 2014 12:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KX731sXufxHn for <secdir@ietfa.amsl.com>; Mon, 15 Sep 2014 12:04:22 -0700 (PDT)
Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [209.85.220.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22181A7022 for <secdir@ietf.org>; Mon, 15 Sep 2014 11:54:50 -0700 (PDT)
Received: by mail-vc0-f176.google.com with SMTP id la4so3794208vcb.7 for <secdir@ietf.org>; Mon, 15 Sep 2014 11:54:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=q4eReECnaza4AkgIXfLOcdPIRntyhOrK21leF9AckNY=; b=JREXbRdnLM9QZF2b911oDdlPEzppA/4LuBnw0bq3iAh+HGOO6bXpoD1qMBK0YC65LN KdgYm6TgjIq5TXzEkuNffqjmaYEGstZZKG6+WJh28stBxfay6tsLAwH5xId7c88NRiVF zZ25o1i0UjPdGPEIgjHdtJ3E0pTL+4IBzxvW8JLEZ7A6Gk2BiZ9ZRsvRgPHYGRWUDQy4 R8fyYsqxH7Kuw5DtL8DQDQlZtnQ01+XeY3IGQDRUiQp8owuhzBETSZvE6SWyJOPZC8pD 3B3R4ToKFne+Z6ysZNtk2uBI5+aRfvb/pUxF0BjW2UOQwiT4JIkluJauR6Vu5/Jr0/+q hpng==
X-Gm-Message-State: ALoCoQn9dyDWBph4WNtrqzlC38/l+dpd2v30op2Vv5yx0FJOOnMn4ah3B7++l8pN1FaoflLy5C3t
X-Received: by 10.220.2.133 with SMTP id 5mr16095686vcj.48.1410807289966; Mon, 15 Sep 2014 11:54:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.214.4 with HTTP; Mon, 15 Sep 2014 11:54:28 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <54173546.5000400@bbn.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com>
From: Tim Bray <tbray@textuality.com>
Date: Mon, 15 Sep 2014 11:54:28 -0700
Message-ID: <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=001a11c3dbe45d8b7905031f2baf
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/FeZq2zYJO48Swvd7p8PHxkG1P7U
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 19:04:28 -0000

​When I talk about existing software I’m referring to generic JSON parsers
such as are included in the basic library set of every programming language
now, and which are unfortunately idiosyncratic and inconsistent in their
handling of dupe keys, but in almost no cases actually inform the calling
software whether or not dupe keys were encountered.

On Mon, Sep 15, 2014 at 11:51 AM, Stephen Kent <kent@bbn.com> wrote:

> OK, I'm a bit confused.
>
> I thought the JOSE specs were intended to create standards for transport
> of keys, and for sigs,
> MACs, and encryption of JSON objects.
>
> What is the existing software to which you and Tim refer, when referring
> to keys (vs.
> JSON parsing in general)?
>
> Steve
>
>


-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)