IETF Logo Mail Archive

Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 05 August 2016 06:45 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F35BC12B01D for <stir@ietfa.amsl.com>; Thu, 4 Aug 2016 23:45:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJBisOE4oAMm for <stir@ietfa.amsl.com>; Thu, 4 Aug 2016 23:45:35 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C041F127071 for <stir@ietf.org>; Thu, 4 Aug 2016 23:45:34 -0700 (PDT)
X-AuditID: c1b4fb2d-bd3fb70000000190-c9-57a4360b0688
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by (Symantec Mail Security) with SMTP id 27.74.00400.B0634A75; Fri, 5 Aug 2016 08:45:33 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.142]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.03.0301.000; Fri, 5 Aug 2016 08:45:30 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>, Paul Kyzivat <pkyzivat@alum.mit.edu>
Thread-Topic: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
Thread-Index: AQHR7nIUk69kv+WAF0qaS4iCLGS8A6A5ASuAgADr2rw=
Date: Fri, 05 Aug 2016 06:45:29 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B47723C55@ESESSMB209.ericsson.se>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net> <cfd714ce-6145-1b60-aca2-ae702a8c133d@dcrocker.net> <7594FB04B1934943A5C02806D1A2204B4771FF73@ESESSMB209.ericsson.se> <5fdf4ad3-1528-3d79-6bdb-b5eb350e5c2a@alum.mit.edu>, <dbb24381-55fd-fa64-d32b-fcc50265ccab@dcrocker.net>
In-Reply-To: <dbb24381-55fd-fa64-d32b-fcc50265ccab@dcrocker.net>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B47723C55ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIIsWRmVeSWpSXmKPExsUyM2K7li6v2ZJwg8Nd7Ba/P31gs1ix4QCr xfK125gcmD3+vv/A5HFp50k2jyVLfjIFMEdx2aSk5mSWpRbp2yVwZSxrP8xU8FezouvMK9YG xt/KXYycHBICJhLdd/+zdDFycQgJrGeUeLfwEZSzmFFiWdNcIIeDg03AQqL7nzZIg4hAsMSe E7vYQMLMAsoS/3bbg4SFBQIlmnrbGCFKgiReH/zLDmFbSfzc3cIGYrMIqEjs+LeeGcTmFfCV uPmxmRFi1UtmiVl73rGDzOQUcJC4dkIQpIZRQEzi+6k1TCA2s4C4RNOXlawQNwtILNlznhnC FpV4+fgfK0RNvsT+t90sEPMFJU7OfMIygVF4FpL2WUjKZiEpg4gbSHx5fxvK1pZYtvA1M4St L9H9/jQTsvgCRvZVjKLFqcXFuelGxnqpRZnJxcX5eXp5qSWbGIERdXDLb90djKtfOx5iFOBg VOLhXdC0OFyINbGsuDL3EKMEB7OSCK+v0ZJwId6UxMqq1KL8+KLSnNTiQ4zSHCxK4rz+LxXD hQTSE0tSs1NTC1KLYLJMHJxSDYxrhV4FfH54S2eb15mFATFbI9e3zhcpFqgKkeWwW9Yns33Z yodTWiZvf6tcmW95hell1p6HZ6vDfq7uMJ6+bt4hvSfsl2ZbTqjnOlxys8V8wqH9xhVRDnq9 qddZP67n/KHi+zbkWJum4T7lMxPFTvx7teE4c2hz9Z29Dw7LPC4+yN20e8qtCyLBSizFGYmG WsxFxYkA0m7x7qQCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/es8WdbuK6fTOu4Qd664pL6QuiWE>
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2016 06:45:37 -0000

Hi,

The receiver needs to be able to parse JSON if the sender includes the claims, in order to verify the signature.

Also, whatever headers we include, I assume the receiver should be able to parse them.

But, parsing JSON is not a difficult thing to do, and there are available libraries for those who don't want to implement the parser themselves.

Regards,

Christer

Sent from my Windows Phone
________________________________
From: Dave Crocker<mailto:dhc@dcrocker.net>
Sent: ‎04/‎08/‎2016 21:41
To: Paul Kyzivat<mailto:pkyzivat@alum.mit.edu>
Cc: stir@ietf.org<mailto:stir@ietf.org>
Subject: Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)

On 8/4/2016 10:03 AM, Paul Kyzivat wrote:
> I have been loosely following this discussion. IIUC, one of Dave's
> arguments is that SIP implementations don't currently involve JSON, so
> introducing it with STIR will further complicate those implementations.
>
> But, again IIUC, the use of JSON with passport doesn't require anyone to
> *parse* JSON. It is only necessary to *generate* a very special purpose
> JSON and then generate a signature over it.


Clever point.  I think you are correct, except for the contents of the
so-called "ppt" parameter, which does require parsing.

Now about JWT...?  From my reading, so far, I suspect the answer for JWT
is the same as for JSON?



d/
--

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

_______________________________________________
stir mailing list
stir@ietf.org
https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email