Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
Tero Kivinen <kivinen@iki.fi> Tue, 16 September 2014 08:03 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6251A0456; Tue, 16 Sep 2014 01:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.773
X-Spam-Level:
X-Spam-Status: No, score=-2.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.652, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uE1jRQFKitus; Tue, 16 Sep 2014 01:03:18 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 446A41A0422; Tue, 16 Sep 2014 01:02:36 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id s8G82TDd017404 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 16 Sep 2014 11:02:29 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id s8G82S1x022194; Tue, 16 Sep 2014 11:02:28 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21527.61076.59689.574833@fireball.kivinen.iki.fi>
Date: Tue, 16 Sep 2014 11:02:28 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <EB1515F8-95D4-4F9F-B2EC-F6B0D54C1CC2@ve7jtb.com>
References: <CAHbuEH4Ccn2Z=8kEECzvgjmtshwsFoa-EH_NpkJPos7zirGeaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AEC00DB@TK5EX14MBXC292.redmond.corp.microsoft.com> <5416FE10.3060608@bbn.com> <CAHBU6iu3GfsLCAint3z7risZUnVW4EK0WrGVW6Dv=gvppiHSxQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439AECCCDD@TK5EX14MBXC292.redmond.corp.microsoft.com> <54173546.5000400@bbn.com> <CAHBU6ivb3BeEufcnJB+eSk8wgETMx+qzH3miE6Z1jtrQkXNR3w@mail.gmail.com> <EB1515F8-95D4-4F9F-B2EC-F6B0D54C1CC2@ve7jtb.com>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 8 min
X-Total-Time: 7 min
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/trrecVe3hQyUebmgR4-046MxzeE
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-jose-json-web-key.all@tools.ietf.org" <draft-ietf-jose-json-web-key.all@tools.ietf.org>, Michael Jones <Michael.Jones@microsoft.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Tim Bray <tbray@textuality.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [secdir] [jose] JWK member names, was: SECDIR review of draft-ietf-jose-json-web-key-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 08:03:21 -0000
John Bradley writes: > Are you recommending that: > That receivers MUST reject JOSE objects with duplicate keys. > > This would require compliant implementations to write there own parsers > (perhaps not a good idea), or wait for I-JSON parsers (perhaps sometime > soonish) I do not understand this. Why would they need to write their own parsers? I would expect they would require the existing parsers to be fixed to reject objetcs with duplicate keys. If I understand correctly that would already be allowed, as you said some implementations do that, some return the last key. If we make it MUST reject JW* items with duplicate keys, that would make changes to parsers high priority items for the users of the JW*, thus that would most likely get those changes done quite soon. Of course there would still be some broken implementations allowing broken JW* items to be parsed, but the only thing would been that those implementations cannot claim to be complient with the RFC we are publishing now. If they want to clam to be complient with RFC xxxx, they would have to make sure their parser is also fixed... I mean how many lines of code it would be in the parser to reject the object if there is duplicate keys? I would expect the change to be quite small (in order of few to few tens of lines). If we do not mandate this now, then nothing is going to change. There is no demand to the existing parsers to be fixed, which means they will not get fixed, and we will be stuck with bad parsers forever... Ps. Following and participating this thread has been almost impossible to me because some people write text inline without any indication which is quoted text and which is original text. Only after going to the secdir archives I noticed there are some color differences to indicate quoted text, and on my text only screen session all that information is lost... It would be nice to people actually do something else than rely on some html-formatted colors to indidate quoted text vs new text. -- kivinen@iki.fi
- [secdir] JWK member names, was: [jose] SECDIR rev… Kathleen Moriarty
- Re: [secdir] JWK member names, was: [jose] SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] JWK member names, was: [jose] SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] JWK member names, was: [jose] SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Mike Jones
- Re: [secdir] JWK member names, was: [jose] SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… John Bradley
- Re: [secdir] [jose] JWK member names, was: SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… John Bradley
- Re: [secdir] [jose] JWK member names, was: SECDIR… Jim Schaad
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tero Kivinen
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… John Bradley
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… John Bradley
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tim Bray
- Re: [secdir] [jose] JWK member names, was: SECDIR… Richard Barnes
- Re: [secdir] [jose] JWK member names, was: SECDIR… Stephen Kent
- Re: [secdir] [jose] JWK member names, was: SECDIR… Tero Kivinen
- Re: [secdir] [jose] JWK member names, was: SECDIR… Richard Barnes
- Re: [secdir] [jose] JWK member names, was: SECDIR… Mike Jones
- Re: [secdir] [jose] JWK member names, was: SECDIR… Kathleen Moriarty