[secdir] JOSE -32 and JWT -26 drafts addressing IETF Last Call comments

Mike Jones <Michael.Jones@microsoft.com> Tue, 23 September 2014 22:51 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5750B1A1BB0; Tue, 23 Sep 2014 15:51:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kg1zLtjp1sZ; Tue, 23 Sep 2014 15:51:22 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0102.outbound.protection.outlook.com [65.55.169.102]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D093E1A1B3F; Tue, 23 Sep 2014 15:51:21 -0700 (PDT)
Received: from BN3PR0301CA0081.namprd03.prod.outlook.com (25.160.152.177) by DM2PR0301MB1214.namprd03.prod.outlook.com (25.160.219.155) with Microsoft SMTP Server (TLS) id 15.0.1034.13; Tue, 23 Sep 2014 22:51:24 +0000
Received: from BL2FFO11FD049.protection.gbl (2a01:111:f400:7c09::122) by BN3PR0301CA0081.outlook.office365.com (2a01:111:e400:401e::49) with Microsoft SMTP Server (TLS) id 15.0.1034.13 via Frontend Transport; Tue, 23 Sep 2014 22:51:20 +0000
Received: from mail.microsoft.com (131.107.125.37) by BL2FFO11FD049.mail.protection.outlook.com (10.173.161.211) with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 23 Sep 2014 22:51:20 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.23]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.03.0195.002; Tue, 23 Sep 2014 22:51:09 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: JOSE -32 and JWT -26 drafts addressing IETF Last Call comments
Thread-Index: Ac/XgNa19S8xdv/2R86jWszcWuzHlw==
Date: Tue, 23 Sep 2014 22:51:08 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BA6EB43@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BA6EB43TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(199003)(189002)(87936001)(15975445006)(2656002)(106466001)(81156004)(95666004)(21056001)(4396001)(97736003)(85306004)(19300405004)(69596002)(84676001)(120916001)(55846006)(19580395003)(68736004)(84326002)(6806004)(44976005)(81542003)(46102003)(2501002)(80022003)(104016003)(83322001)(74502003)(81342003)(19617315012)(90102001)(79102003)(110136001)(50986999)(54356999)(15202345003)(71186001)(229853001)(107046002)(512954002)(2351001)(16297215004)(77982003)(99396002)(66066001)(86362001)(16236675004)(19625215002)(92726001)(85852003)(76482002)(83072002)(33656002)(31966008)(74662003)(77096002)(64706001)(20776003)(86612001)(92566001)(10300001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1214; H:mail.microsoft.com; FPR:; MLV:sfv; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1214;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0343AC1D30
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/NkaLfP5y3MHQwhAYhkECFAmfBow
Cc: Roni Even <ron.even.tlv@gmail.com>, "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>
Subject: [secdir] JOSE -32 and JWT -26 drafts addressing IETF Last Call comments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 22:51:24 -0000

New versions of the JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) specifications have been published incorporating feedback received in IETF Last Call comments.  Thanks to Russ Housley and Roni Even for their Gen-ART reviews, to Tero Kivinen, Scott Kelly, Stephen Kent, Charlie Kaufman, and Warren Kumari for their secdir reviews, to Tom Yu for his individual review, and to James Manger and Chuck Mortimore who provided feedback based on deployment experiences, as well as to the many JOSE and OAuth working group members who pitched in to discuss resolutions.  Many clarifications resulted.  No breaking changes were made.

The specifications are available at:

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-32

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-32

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-key-32

*         http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-32

*         http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-26

HTML formatted versions are available at:

*         http://self-issued.info/docs/draft-ietf-jose-json-web-signature-32.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-32.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-key-32.html

*         http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-32.html

*         http://self-issued.info/docs/draft-ietf-oauth-json-web-token-26.html

                                                                -- Mike

P.S. This notice was also posted at http://self-issued.info/?p=1284 and as @selfissued.