Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 15DF712E1FC
 for <stir@ietfa.amsl.com>; Thu, 21 Apr 2016 10:45:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level: 
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100]
 autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id OuP1__n9P-jm for <stir@ietfa.amsl.com>;
 Thu, 21 Apr 2016 10:45:03 -0700 (PDT)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146])
 by ietfa.amsl.com (Postfix) with ESMTP id B437D12DE1A
 for <stir@ietf.org>; Thu, 21 Apr 2016 10:45:03 -0700 (PDT)
Received: from localhost (ronin.smetech.net [209.135.209.5])
 by odin.smetech.net (Postfix) with ESMTP id E17F0F2401F
 for <stir@ietf.org>; Thu, 21 Apr 2016 13:45:02 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4])
 by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024)
 with ESMTP id 3h8bvWoe41eO for <stir@ietf.org>;
 Thu, 21 Apr 2016 13:29:20 -0400 (EDT)
Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net
 [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (No client certificate requested)
 by odin.smetech.net (Postfix) with ESMTP id 7643BF24013
 for <stir@ietf.org>; Thu, 21 Apr 2016 13:44:51 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D68E244-1E03-4FF1-8343-F661FF3D629D@vigilsec.com>
Date: Thu, 21 Apr 2016 13:44:37 -0400
To: IETF STIR Mail List <stir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/OyaCIduI1TNV_tPXiWbOpYhBr9s>
Subject: [stir] A few comments on the PASSporT Document
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>,
 <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>,
 <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 17:45:05 -0000

I needed to chase a bunch of references to figure out what really goes =
in the iat claim.  This leads me to two comments.

(1)  Let=92s help the reader and tell them that the iat claim contains a =
JSON numeric value representing the number of seconds from 1970-01-01 =
00:00:00 UTC.

(2) The iat claim carries the time that the token was issued.  Section 7 =
tells that the token should be handled in a "reasonable for clock drift =
and transmission time.=94  This makes sense, but neither Section 3.2.1.1 =
nor Section 7 tells what ought to happen if it is determined to be =
stale.

The syntax of the mky claim seems to go against a JOSE design principle. =
 JOSE used very compact representations for everything.  However, the =
mky claim uses a whole lot of colons.  This leads to a third comment.

(3) To align with the JOSE principle, should the mky claim syntax use a =
hex string or a base64 string to carry the hash values.

Thanks,
  Russ