Re: [stir] Alexey Melnikov's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
"Peterson, Jon" <jon.peterson@neustar.biz> Thu, 03 November 2016 13:46 UTC
Return-Path: <prvs=41151910e3=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BAF2129A0E; Thu, 3 Nov 2016 06:46:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E6v7htz4aq5J; Thu, 3 Nov 2016 06:46:52 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F7451299FD; Thu, 3 Nov 2016 06:46:40 -0700 (PDT)
Received: from pps.filterd (m0049401.ppops.net [127.0.0.1]) by m0049401.ppops.net-0018ba01. (8.16.0.17/8.16.0.17) with SMTP id uA3DgQa6022358; Thu, 3 Nov 2016 09:46:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar-biz; bh=dSh7YQoj53r518RTFSbFZIzEhKQJOhpAVl9YBHZihGw=; b=DkUo/bAvHWfBxUpRS5rz3C6E1tNrHY2nF9vw83qjn6zF/VR5D7d7yaQ5rV21kMuQsQWD 7DNjV7XscoWhdS1TdLJ99SJ4o0QxgJ8qe704Ig6x9ToMyWVOUxMSzPgJqP9uW4lNeAfs 6/Hn5fdjyn0szR0fwVBcsaK4CJDPdvon//GNiFddMxFBoh1XdvVtanZb2xb221cKsefN wvXCKcJS0laahpDppMW0GzjUEiymw46EQYV0PZnQJ9XJxHHktwIXT62BpviQuvhevBb9 y/el95UYA4PeipNiDbzDM/dMM4fu5cqPS2m9hL1md56uNJmjE6+8lltq/0dpG37s9obc 6A==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by m0049401.ppops.net-0018ba01. with ESMTP id 26crj18vx4-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 03 Nov 2016 09:46:37 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Thu, 3 Nov 2016 09:46:36 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Alexey Melnikov <aamelnikov@fastmail.fm>, Alissa Cooper <alissa@cooperw.in>
Thread-Topic: [stir] Alexey Melnikov's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
Thread-Index: AQHSNETBIbFPfH2f1UG8GHOmj7Q5JKDEf/KAgAGbwoCAAAGQgIAALsAAgAAKEwCAAOk/gIAASfOA//+/jYA=
Date: Thu, 03 Nov 2016 13:46:36 +0000
Message-ID: <D440B612.1C1FFA%jon.peterson@neustar.biz>
References: <147800730286.23932.1515952198717955239.idtracker@ietfa.amsl.com> <BE53511C-3C37-4C94-8C01-681EB413C670@sn3rd.com> <1478101725.216255.775166569.1BD2E379@webmail.messagingengine.com> <58F5F6BD-02E0-4DC9-8A69-D918AB5A4B65@vigilsec.com> <26856EBB-3272-4D70-A60E-2714E8B1FB15@cooperw.in> <1478114264.260284.775416225.782F8598@webmail.messagingengine.com> <D440AC6C.1C1F3D%jon.peterson@neustar.biz> <1478180233.490936.776249657.710E2360@webmail.messagingengine.com>
In-Reply-To: <1478180233.490936.776249657.710E2360@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.147]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3C5FBEB0554C034AA2CDD67E54CC07CD@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-11-03_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1611030258
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/TGjkbWDIipv0ZB7rk7mDGoFUjpU>
Cc: Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-stir-certificates@ietf.org" <draft-ietf-stir-certificates@ietf.org>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, Robert Sparks <rjsparks@nostrum.com>
Subject: Re: [stir] Alexey Melnikov's Discuss on draft-ietf-stir-certificates-11: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 13:46:54 -0000
>> >> >Are claim tokens likely to be allocated by IANA? >> >> ... PASSporT simply reuses the IANA allocation method of JWT, so yes, >>the >> claims are allocated by IANA. This is the registry. > >I think this document should say so. I mean, the thing in stir-certs is called "JWT Claim Constraints". I think it would be clear that to figure out how you register claims, you look at JWT. The section also refers you to PASSporT, which pretty quickly drops you back to JWT, like stir-passport Section 8.3: "Specifying new claims follows the baseline JWT procedures ([RFC7519] Section 10.1)." Do you just want us to put another copy of that sentence in stir-certs? > >> http://www.iana.org/assignments/jwt/jwt.xhtml >> >> >> To your more recent question, "I was also wondering if any of these >>value >> can possible contain non ASCII Unicode characters, and if they do, how >> can >> they be encoded as IA5String." If the question is "can possibly" then >>I'm >> not sure JWS/JWT specifically bars it (someone likely knows better than >> me, this may just devolve back to how JSON member strings are defined). >> However, I don't think any of the existing or planned registered values >> fall outside of ASCII ranges. I don't think I'd lose much sleep over it, >> given what the review processes are like and what the likely constraints >> are CAs would want to apply. > >I would just add a warning about possibility to alert future readers and >Expert Reviewers. Makes sense, we can do that - though again I might ask the reviewers (Jim Schaad etc) whether their reading of the existing procedures wouldn't make that warning redundant. Jon Peterson Neustar, Inc.
- [stir] Alexey Melnikov's Discuss on draft-ietf-st… Alexey Melnikov
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Sean Turner
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Russ Housley
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alissa Cooper
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Dave Crocker
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Peterson, Jon
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Peterson, Jon
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Peterson, Jon
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Alissa Cooper
- Re: [stir] Alexey Melnikov's Discuss on draft-iet… Dave Crocker