IETF Logo Mail Archive

Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31

Tim Bray <tbray@textuality.com> Tue, 16 September 2014 15:51 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF3E1A0B7B for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 08:51:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DlkuCXGKFyXV for <secdir@ietfa.amsl.com>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
Received: from mail-vc0-f170.google.com (mail-vc0-f170.google.com [209.85.220.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFFC01A0AD3 for <secdir@ietf.org>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
Received: by mail-vc0-f170.google.com with SMTP id hy4so48837vcb.1 for <secdir@ietf.org>; Tue, 16 Sep 2014 08:51:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=gslieT6tTLvcHNakFHipgrCWkZQveUhgR34rET5cmD8=; b=hXcliig1ko+yKaYYz52cYRp/E3nEpp2Y9YAIq/DrWsuV9W614sN7EJO6pDDi/wxnhe rozNOkosovYBPA8jRjG6/IhMxCHsbjKzPMkRXsCBvjRRV0q4o/6SC9Q4REL3X98640o8 P5L6I5E6BNdBQEMs+LGRQxDu24o0sanZKu8tibq/8UVii9/H9Gf90ULUmlGK8W+pUIdP oBIJW0PhgkM34ZhUVV3vi560w7sGPKGywqod6QWk0c2e5JKTUCd4NcFkxf05qnQkMrpR fvivZjo4kRtrLTyH/EE9tPYPjP5RC6DdsG6u6tWzRAsF/l27UYRxvBXy+z4l4hbT7+eM SmoA==
X-Gm-Message-State: ALoCoQmsXKr1xXAPVe0JjZJ+l/vKQIOhXxvprtAcwZd3yfy1IUoST0Y+vc1mTS6q3EwTHitmrwwj
X-Received: by 10.52.239.108 with SMTP id vr12mr25167392vdc.30.1410882707963; Tue, 16 Sep 2014 08:51:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.214.4 with HTTP; Tue, 16 Sep 2014 08:51:27 -0700 (PDT)
X-Originating-IP: [24.84.235.32]
In-Reply-To: <848240CC-F68C-4559-91B4-82174E732888@ve7jtb.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com> <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com> <EB1515F8-95D4-4F9F-B2EC-F6B0D54C1CC2@ve7jtb.com> <21527.61076.59689.574833@fireball.kivinen.iki.fi> <848240CC-F68C-4559-91B4-82174E732888@ve7jtb.com>
From: Tim Bray <tbray@textuality.com>
Date: Tue, 16 Sep 2014 08:51:27 -0700
Message-ID: <CAHBU6itbooGqNhRXC7F0zU25Q8gvJwbxhaC-RHK1RooYutOQEg@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="001a1135f066a0f62f050330bae1"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/kGXk8ezaeymuCgJergZFALB3Z04
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Michael Jones <Michael.Jones@microsoft.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 15:51:54 -0000

On Tue, Sep 16, 2014 at 8:35 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> ​​
>
> ​​
> As Tim stated in a later message most of them don't reject or report
> duplicate keys.
> ​​
> He is proposing a new JSON profile I-JSON that changes that.
>

​Actually, the JSON working group is under no illusion that shipping I-JSON
as an RFC is going to magically cause existing JSON software to fix this
issue (although I’m optimistic that implementations will pop up pretty
quickly, because it’s not hard).

The value of I-JSON is that it takes all the things that we’ve observed to
cause interop problems in practical JSON, that in some cases have had to be
explicitly argued-over in other contexts (like we’re doing here), and in a
short simple document says “don’t do any of these things”.​  So it’ll be
handy as a spec-writer’s tool even before the software catches up.
​​

v2.23.0 | Report a Bug | By Email