Re: [stir] draft-ietf-stir-passport
Chris Wendt <chris-ietf@chriswendt.net> Mon, 31 October 2016 12:22 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FA1129518 for <stir@ietfa.amsl.com>; Mon, 31 Oct 2016 05:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfEOiu8A83gg for <stir@ietfa.amsl.com>; Mon, 31 Oct 2016 05:22:02 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 485F61294CA for <stir@ietf.org>; Mon, 31 Oct 2016 05:22:02 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id q130so39012941qke.1 for <stir@ietf.org>; Mon, 31 Oct 2016 05:22:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MqViu/8CIUhFONWTdf4zcAqTT02QFUog14EpbRrK0Cc=; b=QS87A8F3EHltf8EDMu3sjgWpOpUih28wWYS+Yllp7IbK+swX9Dlbd9rGku7jePKm+M DdUPb7cqAJtL/Icg4ev29hEPryZBbT0C7MdQq81hWcCbD5LRZYwobj2ibOFaAIlnqZqu BzlylIkKCZwzN7zlX4E/yIRageyLJqiaTk7AfRWdHYlu57ePx77QuBYYqhF8Ct0Vfrxs ZLukTdj4U81jWPhfQSlvCUWc5slXWQ580tclUOqoqc0qOqKT6+OsoYnSbvakO23v8nvv UJGyLQwDF97X0xIRrGzQ/WBC6uVXyH2NOoCvqopoGPsf+IzivKh+XwYsd9UQKqNwlz6d /VNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MqViu/8CIUhFONWTdf4zcAqTT02QFUog14EpbRrK0Cc=; b=YfMyEMNHXZJUVphq6vsCc2QtV2WUZv/lHA83Z6NPgOYuUSiFk1/Au7aE/oBdaK4/wB JG9dXeQ/ziyTQ2jpS1SA9yU6C2aBrjJ8PoX7f37EyOjV0D+xijL8cjoVlDfLWBf9cxG8 7INQKVrnGZTjy7ku4TRX3xXtvBkJKhHOQIUWDuHEpUccuRS7AO4B3Pavr8X+KoRJ2XUD EI9dejviSz8DavyCLK9FRRU+OijVfcu4VADRLmu2ePuzeYOkb2Cs/8s1S5G3aTAxLg9G e5AQ8WKwQklh4HkwNsEvWV17HdxCHoTiCYCJ8F3VJlFjq8TAmDDQsv5jZoxQtHopSidd yBdg==
X-Gm-Message-State: ABUngvfYmCMpgLaeAi0//LajRnEB7OXthxx69Vm3bgnBhCRfox6YNjrD0U6DlJBx5J6K5Q==
X-Received: by 10.55.78.70 with SMTP id c67mr14613740qkb.270.1477916521346; Mon, 31 Oct 2016 05:22:01 -0700 (PDT)
Received: from ?IPv6:2601:a40:100:d3:39bb:f74d:cd2c:e52e? ([2601:a40:100:d3:39bb:f74d:cd2c:e52e]) by smtp.gmail.com with ESMTPSA id 126sm13128893qkl.12.2016.10.31.05.21.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Oct 2016 05:22:00 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <001701d22d7c$ea604ce0$bf20e6a0$@augustcellars.com>
Date: Mon, 31 Oct 2016 08:21:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <406B44A2-6BA2-4D31-84EB-405F961407A8@chriswendt.net>
References: <001701d22d7c$ea604ce0$bf20e6a0$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/KvehHfAQ9D2iI-_9hYXNOxXebiY>
Cc: stir@ietf.org, draft-ietf-stir-passport@ietf.org
Subject: Re: [stir] draft-ietf-stir-passport
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 12:22:05 -0000
Hi Jim, Inline. > On Oct 23, 2016, at 6:29 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > I have started looking at implementation of this and I have two suggestions > for changes to the document which I think will make the code easier to > implement. I think that, with one exception, this will generate exactly the > same output for all of the current cases. > > Change #1 in section 5.2.2 > > I suggest that the text be modified to say that the algorithm is: > > 1. Take the a=fingerprint lines from the SIP header. > 2. Sort the lines based on the UTF8 encoding of the strings > 3. Encode the array in the order of the sorted lines. > - Each element in the array is a map > - Each map contains two elements constructed as follows .... > > I think that this will be the same as the current sorting order. Agree could be a little clearer. I did variation on a theme: >> The "mky" claim is a JSON object with a claim name of "mky" and a claim value of a JSON array denoted by brackets. The "mky" claim value JSON array MUST be constructed as follows: 1. Take each "a=fingerprint" lines carried in the SDP. 2. Sort the lines based on the UTF8 encoding of the concatenation of the "alg" and "dig" claim value strings. 3. Encode the array in the order of the sorted lines, where each "mky" array element is a JSON object with two elements corresponding to the "alg" and "dig" objects, with "alg" first and "dig" second. >> > > > Change #2 in section 9 > > The current text in JWK-Thumbprint does not cover the cases that you need. > > The JSON object MUST following the following rules. These rules are based > on the thumbprint of a JSON Web Key (JWK) as defined in Section 3 of > [RFC7638]. They cover some additional cases that [RFC7638] did not need to > document. > > 1. The JSON object contains no whitespace or line breaks before or after any > syntactic elements. > 2. Map objects have the keys ordered lexicographically by the Unicode > [UNICODE] code points of the member names. If two member names are equal, > then the JSON serialization fails. > 3. JSON value literals are lowercase > 4. JSON numbers are to be encoded as integers unless the field is defined to > be encoded otherwise. > 5. Encoding rules are applied recursively to member values and array values. > > The rule on two key names is new, but is implicit as JWKs are not supposed > to have two keys of the same name. Having a generic rule on maps means that > one will not have a miss someplace if a new element is defined. New Text: >> The JSON object MUST follow the following rules. These rules are based on the thumbprint of a JSON Web Key (JWK) as defined in Section 3 Step 1 of {{RFC7638}}. 1. The JSON object MUST contain no whitespace or line breaks before or after any syntactic elements. 2. JSON objects MUST have the keys ordered lexicographically by the Unicode {{UNICODE}} code points of the member names. 3. JSON value literals MUST be lowercase. 4. JSON numbers are to be encoded as integers unless the field is defined to be encoded otherwise. 5. Encoding rules MUST be applied recursively to member values and array values. Note: For any PASSporT extension claims, member names within the scope of a JSON object MUST NOT be equal to other member names, otherwise serialization will not be deterministic. >> > > Jim > > >
- [stir] draft-ietf-stir-passport Jim Schaad
- [stir] draft-ietf-stir-passport Jim Schaad
- Re: [stir] draft-ietf-stir-passport Chris Wendt
- Re: [stir] draft-ietf-stir-passport Jim Schaad