Re: [stir] PASSporT extensions: order of claims

"Politz, Ken" <> Tue, 13 March 2018 21:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 56DDD120713 for <>; Tue, 13 Mar 2018 14:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RqmE7CiP0gDG for <>; Tue, 13 Mar 2018 14:35:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8B437120454 for <>; Tue, 13 Mar 2018 14:35:32 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id w2DLXmh8029818; Tue, 13 Mar 2018 17:35:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=selector1; bh=AZRrWUBnjHxDQUv+YdjvLSbixGx0+ClEwMjKSSMNO8I=; b=dwcg9VOT0M0B9TfWOMsXVxWns3lwmZGazG1rYwcYQWTjxsvhAFCnzsrQb677Yw9aMTdh sL8+SVpL2KKRfU2h4qUK88UgiT4NLP4wA0QVT16XShB/xVOoJjYtnm3AUmiz3xVo+qnK xKO9MvHQMfP/vb1PtY0eci+UXvNnB8+3QykjBel4Y6PKp7X8T9VRAYfFvzN9lRJmTkc8 UXgtD0C4SN+ITL4ddIC7N0xCXp8paHZVaulcczItJZ/FSw6qhG1uiGlPdiObAkcvneDd BvYWSZqDSnJCszZ3+C5GNP2f7TQybUOrMJ00SUTJMw8AvH5H3IK6wXyNXTZ32wb2EfbH /g==
Received: from ([]) by with ESMTP id 2gmaw34uet-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 13 Mar 2018 17:35:28 -0400
Received: from ([]) by ([]) with mapi id 14.03.0279.002; Tue, 13 Mar 2018 17:35:26 -0400
From: "Politz, Ken" <>
To: Christer Holmberg <>, Chris Wendt <>
CC: "" <>, "" <>
Thread-Topic: [stir] PASSporT extensions: order of claims
Thread-Index: AQHTuvvKLoGLTt5520aG5ALLxR8fX6POigGAgABOTgCAABsrQA==
Date: Tue, 13 Mar 2018 21:35:25 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_46946849EEFF3043A8FBCC3D102A2C1A3FCAE30Dstntexmb13cisne_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-13_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803130240
Archived-At: <>
X-Mailman-Approved-At: Tue, 13 Mar 2018 14:50:44 -0700
Subject: Re: [stir] PASSporT extensions: order of claims
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Mar 2018 21:35:34 -0000

That, I can’t answer ☺

From: Christer Holmberg []
Sent: Tuesday, March 13, 2018 3:58 PM
To: Politz, Ken <>;; Chris Wendt <>;
Subject: Re: [stir] PASSporT extensions: order of claims


>Try RFC 8225, Section 9, perhaps?

Ok, so if that’s a generic rule, why the statement saying that PASSporT extensions must specify the order?



From: Christer Holmberg []
Sent: Tuesday, March 13, 2018 2:47 PM
To: Chris Wendt <<>>
Subject: Re: [stir] PASSporT extensions: order of claims


>I would agree with the text, the only caveat i would point out is that the extension definition has
>no choice to the order other than alphabetic order, so the order is essentially implied.  So, it’s sort
>of a technicality that maybe we didn’t anticipate, but i think technically you are correct.

Not sure I understand the has-no-choice part. Where is it said that the claims must be ordered in alphabetic order? We could for sure specify it that way, but based on your e-mail it seems like it is already specified somewhere?



On Mar 10, 2018, at 8:27 AM, Christer Holmberg <<>> wrote:

Section 8.3 of RFC 8225, that is.

From: stir [] On Behalf Of Christer Holmberg
Sent: 10 March 2018 15:26
Subject: [stir] PASSporT extensions: order of claims


Section  says:

   “Specifications that define extensions to the PASSporT mechanism MUST
   explicitly specify what claims they include beyond the base set of
   claims from this document, the order in which they will appear,…”

When looking at the extensions we are currently working on:


…I don’t see anything about the order in any of the documents.

I think it would be good to have a dedicated “Order of claims” section, or something similar, in each extension specification.

When looking at the examples in the drafts above, it seems like even the base claims are in different orders. Not sure whether there is an explicit requirement that they need to be in order, thought.



stir mailing list<><>