[stir] draft-ietf-stir-passport

Jim Schaad <ietf@augustcellars.com> Tue, 18 October 2016 21:46 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id DDF83129492 for <stir@ietfa.amsl.com>; Tue, 18 Oct 2016 14:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.225
X-Spam-Status: No, score=-1.225 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id BzsvofZigGVJ for <stir@ietfa.amsl.com>; Tue, 18 Oct 2016 14:46:38 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9156B1295C5 for <stir@ietf.org>; Tue, 18 Oct 2016 14:46:37 -0700 (PDT)
Received: from hebrews ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 15:02:48 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-stir-passport@tools.ietf.org
Date: Tue, 18 Oct 2016 14:46:29 -0700
Message-ID: <058a01d22989$173a70d0$45af5270$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdIpfPi0KAWT0nA5Ty2Kj6HUFw9zZw==
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/9CfzwGsUt7iwdcnvjI1DSB5x5qg>
Cc: stir@ietf.org
Subject: [stir] draft-ietf-stir-passport
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 21:46:39 -0000

First, it is a much improved spec to the last version.

I had hoped that I would do better reading section 8.3 a second time around,
however I seem to have failed.

The section appears to have things which make no sense, and doesn't match
the example.

1.  claims may only be appended to the claims object specified.
2.  cannot be removed or re-ordered
3.  The example defines a new claim, "bar" which is placed correctly in
lexigraphic order but does not match rule #1 above.


Grammar Issues:

Section 5.1.1 - As defined the "iat" should be set to the date and
   time of issuance of the JWT and MUST the origination of the personal

Section 7 - For a using protocol of PASSporT

Section 9 - JSON, as a canonical format - not sure that canonical is
appropriate here