Re: [stir] Proposal for update of erratum #6519

Roman Shpount <> Tue, 20 April 2021 01:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 09FCC3A0918 for <>; Mon, 19 Apr 2021 18:57:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xkrNvGb3pSGn for <>; Mon, 19 Apr 2021 18:57:22 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0AF743A0928 for <>; Mon, 19 Apr 2021 18:57:21 -0700 (PDT)
Received: by with SMTP id y136so5865413qkb.1 for <>; Mon, 19 Apr 2021 18:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EhrbvFwvCuWeMAHkqmvyvEL7l685gJWJaB5PndVphXY=; b=LOOTaVPqvyUarJw5j4u4h2WQhh2c9nRVU5KdbFp2RsE64mF5+NTuwrfxQ48I1G+lRr 2AD6PbcVd3uEeVUm1lChYaq7lxS33i4QLW4Vbc+nJi08trowlMj8yotXwUwFk0ePk16u psZaRhe2ffdk837dYIP+xZM7fRSttD1zm0asEzx5sgv2MALBOUWa3kNYm1A8pmXrym5J nNjPB/zrxCGXShABRLuI9CXI28tIZy7VMYyKqrsXWZBNLcnqWfapUJgYj7Ndtpf1ycY7 KX8/EmwoTJUsMGgkBq+rCt/My07n4ZLs9AhUzH6esIcGqZYgRHuGmELgPpShuAD6I5Li VVvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EhrbvFwvCuWeMAHkqmvyvEL7l685gJWJaB5PndVphXY=; b=V/CsY46UWvL9miPt05ATsYBaFhXCKgBsuBiIbVwFYhCThrRtwKpYe60TxaI+dF1X5A pEQugz12rIYSbKBG4uqQ3MBJSfIaIf3vfjdIxI47+wywEvD0xjqkU/mXIkKIp5+xM6bU A+gpn/nPwy0MFNQ3jJzjfEC/bCEho3PMP2aje4x7HhBzuI6usQholmmDntkNSiR0kHPN l/VXxdL/C9Kjbqv9bZQXzxQ1ypqNg4+NSfdRkFmTSifC47x8xdgHDsFfTq8BFcMpx/4v PesT2N0OgqCHea5/Z7ciRtTbOOhf/rdRfCFL5hfeuiPrxwbfZbrEwc/l52amSWbyUb5O 5V1g==
X-Gm-Message-State: AOAM533PnFM9OtLphcQ5PaS/gugiUooNT7LlHyW/zWUqBZy8Dp1x5a5q 0N9BIMl4zpodnRyapTwufvjwUgwAFTS0GQ==
X-Google-Smtp-Source: ABdhPJyc2e2idlWBCGa6RlBawqsK7l2s0s61gs2AZ1fryHuJ7lx3jZGp/+Hym0YB2eSW+lLIxkXUvw==
X-Received: by 2002:a37:ad0:: with SMTP id 199mr15110398qkk.283.1618883839510; Mon, 19 Apr 2021 18:57:19 -0700 (PDT)
Received: from ( []) by with ESMTPSA id d11sm10652077qto.59.2021. for <> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
Received: by with SMTP id v3so38796907ybi.1 for <>; Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
X-Received: by 2002:a25:ba06:: with SMTP id t6mr13638170ybg.459.1618883838373; Mon, 19 Apr 2021 18:57:18 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
From: Roman Shpount <>
Date: Mon, 19 Apr 2021 21:57:06 -0400
X-Gmail-Original-Message-ID: <>
Message-ID: <>
To: Marc Petit-Huguenin <>
Cc: Russ Housley <>, IETF STIR Mail List <>, Christer Holmberg <>
Content-Type: multipart/alternative; boundary="0000000000001e764a05c05dc46d"
Archived-At: <>
Subject: Re: [stir] Proposal for update of erratum #6519
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Apr 2021 01:57:27 -0000

On Mon, Apr 19, 2021 at 7:56 PM Marc Petit-Huguenin <>

> A literalist.  Fantastic.

I did not know we are supposed to judge this errata on artistic merits.

Now, can we go back to fix that text ?

This is exactly what I am doing.

My understanding was that grammar was defined as ident-type = "ppt" EQUAL (
token / ( LDQUOT token RDQUOT ) ) explicitly to avoid these sorts of
issues. I agree with your note that the new syntax does not allow for
spaces immediately before or immediately after the token when quoted and I
think it should be present in the errata. I also think that we should add a
note that even though the ppt value is case insensitive, a normalized
version as defined in (or all lower case
version) should be used when constructing a JWT header.

> >
> > Also, I thought the group decision was endpoints MUST accept ppt value
> as a
> > token with or without quotes. Endpoints MUST send a token in quotes. I
> have
> > explicitly asked if the group wanted SHOULD in either place, and the
> > preference was for the MUST level requirements. I think the errata should
> > say this unless there is a good reason to change it.
> That was not my understanding.

We can go back to the recording to check on the decision.

More importantly, what is the normative strength of "be tolerant to the
absence of quotes when receiving"? Is this MUST accept quotes? SHOULD
accept quotes?

In the sentence "Implementations SHOULD use quotes around the token when
sending", what would be the valid use cases when implementations are
allowed not to use quotes?

My understanding is that SHOULD implies well know exceptions.

Best Regards,
Roman Shpount