Re: [stir] draft-ietf-stir-passport
Jim Schaad <ietf@augustcellars.com> Mon, 31 October 2016 16:22 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCB512985C; Mon, 31 Oct 2016 09:22:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.398
X-Spam-Level:
X-Spam-Status: No, score=-3.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-FRnPYVzIUv; Mon, 31 Oct 2016 09:22:43 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F739129873; Mon, 31 Oct 2016 09:22:41 -0700 (PDT)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 31 Oct 2016 09:38:39 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Chris Wendt' <chris-ietf@chriswendt.net>
References: <001701d22d7c$ea604ce0$bf20e6a0$@augustcellars.com> <406B44A2-6BA2-4D31-84EB-405F961407A8@chriswendt.net>
In-Reply-To: <406B44A2-6BA2-4D31-84EB-405F961407A8@chriswendt.net>
Date: Mon, 31 Oct 2016 09:22:27 -0700
Message-ID: <042201d23392$fa18d960$ee4a8c20$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFOfmeddTlv/UfcEf0IWttmvFVsYAIC269FoboSPnA=
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/ZwFSbBSMllsdLqGl2LEQZJyoej8>
Cc: stir@ietf.org, draft-ietf-stir-passport@ietf.org
Subject: Re: [stir] draft-ietf-stir-passport
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 16:22:45 -0000
Looks good to me > -----Original Message----- > From: Chris Wendt [mailto:chris-ietf@chriswendt.net] > Sent: Monday, October 31, 2016 5:22 AM > To: Jim Schaad <ietf@augustcellars.com> > Cc: draft-ietf-stir-passport@ietf.org; stir@ietf.org > Subject: Re: draft-ietf-stir-passport > > Hi Jim, > > Inline. > > > On Oct 23, 2016, at 6:29 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > > > I have started looking at implementation of this and I have two > > suggestions for changes to the document which I think will make the > > code easier to implement. I think that, with one exception, this will > > generate exactly the same output for all of the current cases. > > > > Change #1 in section 5.2.2 > > > > I suggest that the text be modified to say that the algorithm is: > > > > 1. Take the a=fingerprint lines from the SIP header. > > 2. Sort the lines based on the UTF8 encoding of the strings 3. Encode > > the array in the order of the sorted lines. > > - Each element in the array is a map > > - Each map contains two elements constructed as follows .... > > > > I think that this will be the same as the current sorting order. > > Agree could be a little clearer. > > I did variation on a theme: > > >> > The "mky" claim is a JSON object with a claim name of "mky" and a > claim value of a JSON array denoted by brackets. The "mky" claim > value JSON array MUST be constructed as follows: > > 1. Take each "a=fingerprint" lines carried in the SDP. > > 2. Sort the lines based on the UTF8 encoding of the concatenation of > the "alg" and "dig" claim value strings. > > 3. Encode the array in the order of the sorted lines, where each > "mky" array element is a JSON object with two elements > corresponding to the "alg" and "dig" objects, with "alg" first > and "dig" second. > >> > > > > > > > Change #2 in section 9 > > > > The current text in JWK-Thumbprint does not cover the cases that you need. > > > > The JSON object MUST following the following rules. These rules are > > based on the thumbprint of a JSON Web Key (JWK) as defined in Section > > 3 of [RFC7638]. They cover some additional cases that [RFC7638] did > > not need to document. > > > > 1. The JSON object contains no whitespace or line breaks before or > > after any syntactic elements. > > 2. Map objects have the keys ordered lexicographically by the Unicode > > [UNICODE] code points of the member names. If two member names are > > equal, then the JSON serialization fails. > > 3. JSON value literals are lowercase > > 4. JSON numbers are to be encoded as integers unless the field is > > defined to be encoded otherwise. > > 5. Encoding rules are applied recursively to member values and array values. > > > > The rule on two key names is new, but is implicit as JWKs are not > > supposed to have two keys of the same name. Having a generic rule on > > maps means that one will not have a miss someplace if a new element is > defined. > > New Text: > >> > The JSON object MUST follow the following rules. These rules are based on the > thumbprint of a JSON Web Key (JWK) as defined in Section 3 Step 1 of > {{RFC7638}}. > > 1. The JSON object MUST contain no whitespace or line breaks before or after > any syntactic elements. > 2. JSON objects MUST have the keys ordered lexicographically by the Unicode > {{UNICODE}} code points of the member names. > 3. JSON value literals MUST be lowercase. > 4. JSON numbers are to be encoded as integers unless the field is defined to be > encoded otherwise. > 5. Encoding rules MUST be applied recursively to member values and array > values. > > Note: For any PASSporT extension claims, member names within the scope of a > JSON object MUST NOT be equal to other member names, otherwise > serialization will not be deterministic. > >> > > > > > Jim > > > > > >
- [stir] draft-ietf-stir-passport Jim Schaad
- [stir] draft-ietf-stir-passport Jim Schaad
- Re: [stir] draft-ietf-stir-passport Chris Wendt
- Re: [stir] draft-ietf-stir-passport Jim Schaad