Re: [stir] draft-ietf-stir-passport JOSE Registrations
"Peterson, Jon" <jon.peterson@neustar.biz> Fri, 30 September 2016 16:45 UTC
Return-Path: <prvs=30811d7aec=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E9F12B199; Fri, 30 Sep 2016 09:45:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Je2rqjXwVt8w; Fri, 30 Sep 2016 09:45:46 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A52912B1B4; Fri, 30 Sep 2016 09:45:46 -0700 (PDT)
Received: from pps.filterd (m0078668.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u8UGhM3Y008370; Fri, 30 Sep 2016 12:45:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar.biz; bh=9WEsGZkLlIuz7LkGq+B1Z9Rptl8o2HYzer0jnGPiHDU=; b=poRiCTzGzv0M+aOyvQazxTb3ij7rWs1tpgc5N/hSHE0CR/UYJZRhni0/10EysoVr9X1X qNg50GFXeDoj0urwQxP3HWEh3WWhNLtGxpNdVPVZN+Hmlnwq1t9wpFEl+fcMJD/rsanm ryryGCjgqlMhSYlKuaNrHEVEJrSgOotPfKYAQ7lax5IXAuCFQ6C1nd81+K8idzQ72TLF UsCFp0u6o1MHkdn7ic04Yw8b01GrpJ6Fqy66lPf7kxSEHa63VrdPyAB4VQQioleZvbYk BcqNEECPIe3yYkuOO3+G1biiTsUV4wTD4aaWyZAJ9h3RT8mA3GccGNeigpADY/2iS/i7 Vw==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0b-0018ba01.pphosted.com with ESMTP id 25s8svxqr0-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Fri, 30 Sep 2016 12:45:29 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Fri, 30 Sep 2016 12:45:28 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Jim Schaad <ietf@augustcellars.com>, "draft-ietf-stir-passport@ietf.org" <draft-ietf-stir-passport@ietf.org>
Thread-Topic: draft-ietf-stir-passport JOSE Registrations
Thread-Index: AdIYS5+SiTYckaDWTLCy18rq4kpv4AC7mcIA
Date: Fri, 30 Sep 2016 16:45:28 +0000
Message-ID: <D4140D3B.1BB670%jon.peterson@neustar.biz>
References: <01fe01d2184d$46f75b50$d4e611f0$@augustcellars.com>
In-Reply-To: <01fe01d2184d$46f75b50$d4e611f0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.24]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6C8522DCEB7D4244B21084E977205257@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-09-30_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609280000 definitions=main-1609300304
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/G6LOXWHCrLbZ1cZKePsZd5-iY7E>
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] draft-ietf-stir-passport JOSE Registrations
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2016 16:45:48 -0000
First of all, beware, as there were some changes to the "ppt" text in the -08 version of PASSporT that fell out of the new specification of the "full" and "compact" (that is, Appendix F of 7515 as we spec it) form of the token. But speaking to the -08: the purpose of "ppt" is to subtype PASSporT with an indication that there are additional claims in the payload of the JWT beyond those specified in the baseline draft-ietf-stir-passport spec, and that support for this extension is mandatory for relying parties. If you just want to put a few extra optional claims in the JWT payload and you don't care if relying parties support them or not, you don't use "ppt" (though you do need to use the full as opposed to the compact form of PASSporT). You just stick in the claims and ship the object. You are correct that the spec only supports one mandatory extension per PASSporT, and that you'd have to send multiple PASSporTs (which in SIP would mean multiple Identity headers, which is permitted) if you wanted to use multiple mandatory extensions. We aren't envisioning a lot of extensions that would need to be mandatory today, but the ones that are will probably be profiles that specify multiple additional claims that will be present in the PASSporT payload. But we do understand that if you want to mandate relying party support for both profile A and profile B with a single PASSporT, that isn't possible in the current syntax - you'd have to send multiple PASSporTs. We're cool with that. Jon Peterson Neustar, Inc. On 9/26/16, 7:25 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: >So I just got this pointed to me > >I am unsure of what the value of "ppt" is supposed to be in one case. Is >the intention that extensions will only be done serially or can they be >done >in parallel? The first case allows for a high water mark to be used until >the next one. In the second case the question comes up if one wants to >use >both extension 'a' and extension 'b' in some sense. (Consider the case >where the extensions are orthogonal to each other by requiring different >JWT >claims to be present.) > >In the second case it does not appear to be expressible in the current >syntax. > >Jim > >
- [stir] draft-ietf-stir-passport JOSE Registrations Jim Schaad
- Re: [stir] draft-ietf-stir-passport JOSE Registra… Peterson, Jon
- Re: [stir] draft-ietf-stir-passport JOSE Registra… Jim Schaad