IETF Logo Mail Archive

Re: [stir] Proposal for update of erratum #6519

Roman Shpount <roman@telurix.com> Tue, 20 April 2021 01:57 UTC

Return-Path: <roman@telurix.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09FCC3A0918 for <stir@ietfa.amsl.com>; Mon, 19 Apr 2021 18:57:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xkrNvGb3pSGn for <stir@ietfa.amsl.com>; Mon, 19 Apr 2021 18:57:22 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AF743A0928 for <stir@ietf.org>; Mon, 19 Apr 2021 18:57:21 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id y136so5865413qkb.1 for <stir@ietf.org>; Mon, 19 Apr 2021 18:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EhrbvFwvCuWeMAHkqmvyvEL7l685gJWJaB5PndVphXY=; b=LOOTaVPqvyUarJw5j4u4h2WQhh2c9nRVU5KdbFp2RsE64mF5+NTuwrfxQ48I1G+lRr 2AD6PbcVd3uEeVUm1lChYaq7lxS33i4QLW4Vbc+nJi08trowlMj8yotXwUwFk0ePk16u psZaRhe2ffdk837dYIP+xZM7fRSttD1zm0asEzx5sgv2MALBOUWa3kNYm1A8pmXrym5J nNjPB/zrxCGXShABRLuI9CXI28tIZy7VMYyKqrsXWZBNLcnqWfapUJgYj7Ndtpf1ycY7 KX8/EmwoTJUsMGgkBq+rCt/My07n4ZLs9AhUzH6esIcGqZYgRHuGmELgPpShuAD6I5Li VVvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EhrbvFwvCuWeMAHkqmvyvEL7l685gJWJaB5PndVphXY=; b=V/CsY46UWvL9miPt05ATsYBaFhXCKgBsuBiIbVwFYhCThrRtwKpYe60TxaI+dF1X5A pEQugz12rIYSbKBG4uqQ3MBJSfIaIf3vfjdIxI47+wywEvD0xjqkU/mXIkKIp5+xM6bU A+gpn/nPwy0MFNQ3jJzjfEC/bCEho3PMP2aje4x7HhBzuI6usQholmmDntkNSiR0kHPN l/VXxdL/C9Kjbqv9bZQXzxQ1ypqNg4+NSfdRkFmTSifC47x8xdgHDsFfTq8BFcMpx/4v PesT2N0OgqCHea5/Z7ciRtTbOOhf/rdRfCFL5hfeuiPrxwbfZbrEwc/l52amSWbyUb5O 5V1g==
X-Gm-Message-State: AOAM533PnFM9OtLphcQ5PaS/gugiUooNT7LlHyW/zWUqBZy8Dp1x5a5q 0N9BIMl4zpodnRyapTwufvjwUgwAFTS0GQ==
X-Google-Smtp-Source: ABdhPJyc2e2idlWBCGa6RlBawqsK7l2s0s61gs2AZ1fryHuJ7lx3jZGp/+Hym0YB2eSW+lLIxkXUvw==
X-Received: by 2002:a37:ad0:: with SMTP id 199mr15110398qkk.283.1618883839510; Mon, 19 Apr 2021 18:57:19 -0700 (PDT)
Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com. [209.85.219.170]) by smtp.gmail.com with ESMTPSA id d11sm10652077qto.59.2021.04.19.18.57.18 for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
Received: by mail-yb1-f170.google.com with SMTP id v3so38796907ybi.1 for <stir@ietf.org>; Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
X-Received: by 2002:a25:ba06:: with SMTP id t6mr13638170ybg.459.1618883838373; Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
MIME-Version: 1.0
References: <42e964d3-2a16-660b-f8b4-fd9daedad115@petit-huguenin.org> <AM0PR07MB38604255784FF9E621257B2D93499@AM0PR07MB3860.eurprd07.prod.outlook.com> <3d8e2fce-d124-99b9-e295-734a36ad564a@petit-huguenin.org> <7558AA11-A7F9-4091-BFD3-F42C742AABAE@vigilsec.com> <167dde10-f242-2b6f-a7ce-96991158589a@petit-huguenin.org> <CAD5OKxvkN+BSY0XuBmfApDDWOLhqCLLFuQgVQryE+yHUftWs4w@mail.gmail.com> <15fc4a20-b5c8-cd27-b30e-76e1f479b4ff@petit-huguenin.org>
In-Reply-To: <15fc4a20-b5c8-cd27-b30e-76e1f479b4ff@petit-huguenin.org>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 19 Apr 2021 21:57:06 -0400
X-Gmail-Original-Message-ID: <CAD5OKxvmvmotpxB8BGJfqRrVTjEGKQkQRow37gmwRMFaBGjEoA@mail.gmail.com>
Message-ID: <CAD5OKxvmvmotpxB8BGJfqRrVTjEGKQkQRow37gmwRMFaBGjEoA@mail.gmail.com>
To: Marc Petit-Huguenin <marc@petit-huguenin.org>
Cc: Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="0000000000001e764a05c05dc46d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/fsMAXA_v225ttRo0PrmHCCxeB6o>
Subject: Re: [stir] Proposal for update of erratum #6519
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 01:57:27 -0000

On Mon, Apr 19, 2021 at 7:56 PM Marc Petit-Huguenin <marc@petit-huguenin.org>
wrote:

> A literalist.  Fantastic.
>

I did not know we are supposed to judge this errata on artistic merits.

Now, can we go back to fix that text ?
>

This is exactly what I am doing.

My understanding was that grammar was defined as ident-type = "ppt" EQUAL (
token / ( LDQUOT token RDQUOT ) ) explicitly to avoid these sorts of
issues. I agree with your note that the new syntax does not allow for
spaces immediately before or immediately after the token when quoted and I
think it should be present in the errata. I also think that we should add a
note that even though the ppt value is case insensitive, a normalized
version as defined in
https://www.iana.org/assignments/passport/passport.xhtml (or all lower case
version) should be used when constructing a JWT header.


> >
> > Also, I thought the group decision was endpoints MUST accept ppt value
> as a
> > token with or without quotes. Endpoints MUST send a token in quotes. I
> have
> > explicitly asked if the group wanted SHOULD in either place, and the
> > preference was for the MUST level requirements. I think the errata should
> > say this unless there is a good reason to change it.
>
> That was not my understanding.
>

We can go back to the recording to check on the decision.

More importantly, what is the normative strength of "be tolerant to the
absence of quotes when receiving"? Is this MUST accept quotes? SHOULD
accept quotes?

In the sentence "Implementations SHOULD use quotes around the token when
sending", what would be the valid use cases when implementations are
allowed not to use quotes?

My understanding is that SHOULD implies well know exceptions.

Best Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email