Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

Tim Bray <tbray@textuality.com> Tue, 16 September 2014 20:13 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27A3E1A039A for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 13:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvrzhLuGaK5c for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 13:13:27 -0700 (PDT)
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4794E1A00E8 for <secdir@ietf.org>; Tue, 16 Sep 2014 13:13:27 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id le20so408403vcb.41 for <secdir@ietf.org>; Tue, 16 Sep 2014 13:13:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Q5Gu9ycGjoLcWYYXoQM+PBguJOduvucSzjIYR3CosiM=; b=Wm7tKesa7gq6abWJBt4Iys4OIHvqQ2W5KQ3xxVfIbFMYtkqEDRS0W0qrVNd3H/IDY7 XthZxOfiXlg4qoxSKuNQqjswdCsWMZq3LAA35M/1gO7OaMYnSXoRsv6GW5AFcmPB4O0w Lk0kyY7H/WHdB66kms4khsLePNb9VZrMJBxZ97+nkbxaDTNvzzI/PFcJw5yjG8SLDyez fxFgnceG5NNXmHhVIDPcH1pCt+0l5EvEnnAEmoa7/ZCVEXholITsyfQvxlL7YqxyUGee N0p05fHs9NaBuecLtMwVz2ORW/xRyQqdNFzZZ1lg1zAxnhAzNWdKWmfCHhcpx8uG514D op8g==
X-Gm-Message-State: ALoCoQnXMPCsJxSGdN3egQSI6KMoiZYOYpKBlUT6G0Q+wk8vIL5jciqAWTIU0Mq+SJ8e/XSBrV20
X-Received: by 10.52.179.161 with SMTP id dh1mr138093vdc.78.1410898406345; Tue, 16 Sep 2014 13:13:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.214.4 with HTTP; Tue, 16 Sep 2014 13:13:05 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <5418987E.1060307@bbn.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com> <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECE40B@TK5EX14MBXC292.redmond.corp.microsoft.com> <54184EBA.3010109@bbn.com> <4E1F6AAD24975D4BA5B16804296739439AED1727@TK5EX14MBXC292.redmond.corp.microsoft.com> <5418987E.1060307@bbn.com>
From: Tim Bray <tbray@textuality.com>
Date: Tue, 16 Sep 2014 13:13:05 -0700
Message-ID: <CAHBU6isCe0t+7poj2xoqL+dpiyeLc7BVf-mecPTPSVdA14a4kQ@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary=bcaec51a8e565324ec0503346224
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/j4pZ1uq7sbqI7wYwznJ5TMSyNW8
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 20:13:32 -0000

On Tue, Sep 16, 2014 at 1:07 PM, Stephen Kent <kent@bbn.com> wrote:

> What is the impediment to requiring a receiver of a JWK object to reject
> the object if
> it contains more than one instance of a key?
>
> Is it a limitation of a parser that are completely independent of the JOSE
> work that defines
> the JWK objects, or is it the result of how folks have written code to
> parse such objects?
>

​Yes and no, respectively.  Existing parsers which are being used all the
time on every computing device within your reach to generate and parse JSON
for purposes which have nothing to with JOSE.  JSON has been the dominant
message format for HTTP for some time now.




>
> If the answer is the first clause, then I understand the reluctance to
> impose that requirement.
>
> If the answer is the latter, then this is an argument based on early
> implementation
> of an IETF spec, and that is not an good reason to accommodate such
> sloppiness.
>
> Steve
>



-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)