[stir] A few comments on the PASSporT Document
Russ Housley <housley@vigilsec.com> Thu, 21 April 2016 17:45 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15DF712E1FC for <stir@ietfa.amsl.com>; Thu, 21 Apr 2016 10:45:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuP1__n9P-jm for <stir@ietfa.amsl.com>; Thu, 21 Apr 2016 10:45:03 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id B437D12DE1A for <stir@ietf.org>; Thu, 21 Apr 2016 10:45:03 -0700 (PDT)
Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id E17F0F2401F for <stir@ietf.org>; Thu, 21 Apr 2016 13:45:02 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id 3h8bvWoe41eO for <stir@ietf.org>; Thu, 21 Apr 2016 13:29:20 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 7643BF24013 for <stir@ietf.org>; Thu, 21 Apr 2016 13:44:51 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D68E244-1E03-4FF1-8343-F661FF3D629D@vigilsec.com>
Date: Thu, 21 Apr 2016 13:44:37 -0400
To: IETF STIR Mail List <stir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/OyaCIduI1TNV_tPXiWbOpYhBr9s>
Subject: [stir] A few comments on the PASSporT Document
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 17:45:05 -0000
I needed to chase a bunch of references to figure out what really goes in the iat claim. This leads me to two comments. (1) Let’s help the reader and tell them that the iat claim contains a JSON numeric value representing the number of seconds from 1970-01-01 00:00:00 UTC. (2) The iat claim carries the time that the token was issued. Section 7 tells that the token should be handled in a "reasonable for clock drift and transmission time.” This makes sense, but neither Section 3.2.1.1 nor Section 7 tells what ought to happen if it is determined to be stale. The syntax of the mky claim seems to go against a JOSE design principle. JOSE used very compact representations for everything. However, the mky claim uses a whole lot of colons. This leads to a third comment. (3) To align with the JOSE principle, should the mky claim syntax use a hex string or a base64 string to carry the hash values. Thanks, Russ
- [stir] A few comments on the PASSporT Document Russ Housley
- Re: [stir] A few comments on the PASSporT Document Peterson, Jon
- Re: [stir] A few comments on the PASSporT Document Russ Housley
- Re: [stir] A few comments on the PASSporT Document Chris Wendt
- Re: [stir] A few comments on the PASSporT Document Richard Shockey
- Re: [stir] A few comments on the PASSporT Document Robert Sparks