[GNAP] Re: [Technical Errata Reported] RFC9635 (8198)
Justin Richer <jricher@mit.edu> Sat, 07 December 2024 02:13 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 181C7C14F5EF for <txauth@ietfa.amsl.com>; Fri, 6 Dec 2024 18:13:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.983
X-Spam-Level:
X-Spam-Status: No, score=-1.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, TRACKER_ID=0.1, T_MIME_MALF=0.01, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWnGzRIdwZpc for <txauth@ietfa.amsl.com>; Fri, 6 Dec 2024 18:13:43 -0800 (PST)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2125.outbound.protection.outlook.com [40.107.220.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49F1EC14F5ED for <txauth@ietf.org>; Fri, 6 Dec 2024 18:13:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wXV1MfyGqjZ0gkPnjuwo5PVm7wPn9Zwx1WtbIN8iVgXhRmw2FQgdCvcmxBHpcG8aOgfLSyYzAc1qeznR+/NxAcvg0iGJzaBUIYtj0pEg4YH9onw5tjleCTESULtX/bmDrF0omvN60hA4oH66a5WhOodJrljFtV7Ug9SbNf/SAF9DtQGfB9iXGEFgdqE1okngCjHdw0NGeFd67K5kreqjv4XInupwzFvW8zs3LQvglxdrmUSxQEhbfCf7fT0EWcY2VJxEfCWSBddyYsH+YkUvZNBp+UT8XEHv+vtWVsa0EDD1XtGBQPu9yC/rctIRAiu7JWQZkKZxDapQ8Blap1IsYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ec/jvt38DI5VxQPNzYelH1kjMmnk4jaqavFp2WVJlUQ=; b=IHczdnkpZZW9wVflBNSYkcs2kf2EF1n9rYP0lgI9C5OXbqEkkC8Q7z9JO0THD+KdEwvAXBNRel0Y0XM1/QRYn0x1Xe3YUrAZjOhazohSlCwYiPEphWgCFW5R/U8P8k0cL8WqwI/1GMmvyNS3pbXHiKHkuz76hKROWV+TZJSw8Hc+1JT5YYyqL84rh84sBanKy0/cjoQe5ZHIu/kLegZMGPy3pCWyfsmm+iyrWn1OTZJTxIAZVpeOeoG4IR5A2mP1sLA99rdF6zpias/jGqlAbo+xlbEtjUkA/iR0pwdXc08BbeOzxsxrUCi5ZDy01S50EIgk+md1VD1BcaNUEFVpdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ec/jvt38DI5VxQPNzYelH1kjMmnk4jaqavFp2WVJlUQ=; b=UxRm4PT+b8vbR4a9gkvaDPqpX//X+8Ea0jAabLOsaFjhAdhM2IZLZtGZjpJx8QfBNZcWhzRdAK4XnbulYTCNFaOeZ3xXU//6Dh+oao7FDgnIgBVO5k1idh8KzSamJ9/9iOASyU7IYn9H1mz5o7IdOqyTLik30d1Ejt29daTx1oY=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by LV8PR01MB8551.prod.exchangelabs.com (2603:10b6:408:193::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8251.8; Sat, 7 Dec 2024 02:13:40 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%7]) with mapi id 15.20.8251.008; Sat, 7 Dec 2024 02:13:37 +0000
From: Justin Richer <jricher@mit.edu>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "ietf@justin.richer.org" <ietf@justin.richer.org>, "fabien.imbault@acert.io" <fabien.imbault@acert.io>, "debcooley1@gmail.com" <debcooley1@gmail.com>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "leifj@sunet.se" <leifj@sunet.se>
Thread-Topic: Re: [Technical Errata Reported] RFC9635 (8198)
Thread-Index: AQHbR+9pevV49I9uJk6y1+06rIXHYrLaCzey
Date: Sat, 07 Dec 2024 02:13:37 +0000
Message-ID: <LV8PR01MB8677E733C7AD14144D9F820BBD322@LV8PR01MB8677.prod.exchangelabs.com>
References: <20241204173035.8748E1BE96E@rfcpa.rfc-editor.org> <649964B1-A6B2-7B41-9AF7-BA59F069E04E@hxcore.ol>
In-Reply-To: <649964B1-A6B2-7B41-9AF7-BA59F069E04E@hxcore.ol>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|LV8PR01MB8551:EE_
x-ms-office365-filtering-correlation-id: 3ecc08bc-b947-4855-32e5-08dd1664c2e0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|8096899003|7053199007|38070700018;
x-microsoft-antispam-message-info: 7THRVF1LVh4NOlzYMtuhOGIiVQe6/0Eo4dcvjmswadMzPQxwPxXBkeTXW/cUh1TlEHlA6Et1FkCcs4LQEj/oYH/TR4zgDK/MkeNslxiEt+u/PQpr6vcEq6k0CK9AmA4aJn4g46SxN+HjwsBOQr1dd8oVDSPi/KBXZ5+dduHurK9TDGZswihktcBgT5OTSHWf3RLcJT7iAUqJCKySDg1rJ4Lh1mWX2DSLiJpEcBTjw+Nk1FcMT17+G6AuoMeXBAfm5/nNqyFUhkK8sX/nXQ+SAmVQKQR+rjASn7SQ3o2fwrSZF73LG/8O2U/U+KQvTE9ULuQm3yeAC1p8N11cFnLdUIKPPl6KQneFTmA7scL7HkiJvM4kfRWdGyMAMPFnzttKT8CVEatwlkmZ3jODnBt+ZNTYsKPF+glzgSg4fXvpHhe74ZK0zVZsevO491znUJvPDKZH4ybAUBmVYX+MBmEeQORVuhowoZSivCvZILkhS8AWTe5J5lQ1/DMcRQF/pPyM63CLBmpGyM/bLj1V43ucsCi5TPe/fGNVbsc2ox65C9My2tvdSV90a+ZzO2rsfJpIZPE3hzmoEHt3thBntt/lrGeN6vemGFQYwtE2qAr4oDoEGzEVvS3OZDGiEfm9Xq2AIdofmb7d0g9VUiapLYuvpK9qbeDehZi8XuUHbtETAQNF4FBcgfIKf1NhIBSVomXi4/IvyNo8rVxqh8P6DxH1oHSgddjWmva2T19vwUpwpXq2RRRO5jZR5JZcm3FG06bQSlouPgm1TuXnSdexlwkxYQ4MDPceA6svIZc62k/meWnvL4BuCZpJIOEy46S0E1H65OXKWoIr8arCrArTQxc14VYvvOYQ7A/bzDcxibj2+QZ42bDAoKeXR1OuOfowLCMNUe27RVSc1H+3KWGvVmhxfbY8Nm5omYr/THUN3hbAEOYD82nUhgrCdk1vEBWMZkfavK3rNYMFqR+nvHemXq2sc9Kjh0hcnetguAOjV6IP9nXDuCqZlyS1lCldhZFg0PzWClUvghvlQo5LWJCAfAY3+RMvdVLbYFKO/LgN1gJm8c++MwlJlMiQ1t/TAnjl0KnDmvmPJ5WhjmV4ZbblhV8iBqWWgtHbQw0xEecc3EHrp3G0jK5vdEyD3XdI4qdDMD1HzqSuY7Ixr4eSRh/3YRiJ3Xm2hCnUpIs8fbE2VgcplnKNIk8WpRZhS+vbQczA5z6ICvEdUO0Srp1mXT2Nt3uMB9NzPw8g0X6uwctpozAAzRBtOmvSgCPWrDBm1RAstItj9M7sNtYr7YsVmtsaf9MUj4Kp1B3ERH+BWGEFAvi2aDDj1wzXBmbhuUY5Fvsm1/H+O5bI6Kl4l5CoogLiE3F18A==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(8096899003)(7053199007)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NUt51L16oquXKBFccqjW6ln7Me4PomwtUGnfubnad6aO2tP3zqzzTey4+shDGys6CVqyUjkKPtiw0+tLiYxD3ziOHowIHCRzSQe3ePk9XoSR+cxnJXpmDfeiXnFNHWZ6gXGI3rCDvz5qT8LUhN5F8SiRfRDmyftCHXfjTJ2uU7lnrTN0yoIuPkCVuWYfcFLC71KXp6eCUGx6YUi0SnWsGEMWM/Ju7ccJr1sioqdtzkK5wP+FZxRNKQ9MVVWZrXXdVYRo7mKc2sqlJCBXvcCozWmJTHgZSWesu4uNBj175/ZkNtvcx1LNxBoaaGAGOawZYQse7OEtFOnZxTSJb7ExFtwv6o/2KC7+Ja6dlNnCXpo4P4qGATnWoeIgjs38UzI3C2dip8auNoCgah8oXn1JrxvJr5SjvEoxVLAWp+8ZfNWHByBCd9cbsGIPsjLLC6vFsoqPLnVfySKEPvdqdVf5KNGlAbHWE2Spt8oTBvniCeUR5jqn7fvgWeXt7Y12m9n0vaFeFWVF3s+18rVcWdWCxfPc5bnHMiUVPfOCObN/H29IVsZJtEN6jDuZCq4V0enl5u5LNXFkQ3rGPmFJ5ID/EfYRhemmEe05tXCd/TLLLYEAkx7/n1vOUwv7yytJ4h3ywAo1ftMyFHmztbe+cpL6buGZQFJxHpEkDyhEsZuQxSiO2pVoVZsr+I5DmD9zGanienNIhIN18cUOD1WFMa6ASSxuCbfOgPMpPsUn5rWejgwjVqXX2MAdni+9cdRIeVZMVPxBdBDxKxqpTAoDA/1dDnqkdfmOw9sWxs0FzBDLa4EnJfm7vuzvKD9UWNk+Sr20VuGM3bmV9t2t3sDluxZezDst8iUz24NVOiY0cP2sYOsmVK5MwLZcf4ImUSmAfFLgQo39aj4AKn9KXY/TdBsURCzyTsKd/PSzgNzJNfWNY6I7FF/jmprcK5ho1yJsDnHQz9pzBbEBitMhZSnyvtqnFPl4pct0o9o42hT3mPziFuJxj8Kyk7qgRz6FhUIlPMIRjnTHbPaQLeR3d0TIoi5MIbUZwweJ86wK+1ep9Cd/y+kSMF68595JeX8O4oG3Z3vjxPVAWLGD1irX2mpYCXxNcGpXUCS4Z7uAyvne/ZctYaMGwPwk6V51DQky1Cl0YxJOiZSR/Vw01yfslxn46KjU3bgBnf4owu2Qak7t61OC4XxE4Ijl1HWePrPxznCUYGQH03Ob0PIZzNN1pPS5/MEKtrHU6JboKLnD3YHsOmXGPye5NJWcsY3wAbI03qB9qF2Vp9P5cio8+53zALd6evpsm8FXuPhwJX4RivCHe75lTFJ1a0k8FEniwushCvrOfDiYH70p8Y8TC+7QrCEJc+gXOnto81P64ur3zrZFwYk67A8p1bW/8Xkcmo8dFqB8XofAjt8NKv6HccWk4OYqXUxzBvK5hCArUe6VEfmauir5b5aBx7a5gvECgTlSi98i5krc2ApGUQgQb1pRQUj3szk8XIVO9xFXD94dJPH8zwefbDVzhsGzCh/vQowGMnZwSXNhxsLvpHaNGd3qYbGPibYtiWDTibJC6iqrsZ4LJZlwAbs=
Content-Type: multipart/alternative; boundary="_000_LV8PR01MB8677E733C7AD14144D9F820BBD322LV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ecc08bc-b947-4855-32e5-08dd1664c2e0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2024 02:13:37.8389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m6lUTL7EgNdcZKSHkWmCqWPcxDG6cZ2bUaJgmRBR1JkQjZZce6q+atw/NiokGyva
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR01MB8551
Message-ID-Hash: U7MPLAQHJKID4PPBYSJ635DQCNA4MQS6
X-Message-ID-Hash: U7MPLAQHJKID4PPBYSJ635DQCNA4MQS6
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "iana@erinshepherd.net" <iana@erinshepherd.net>, "txauth@ietf.org" <txauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [GNAP] Re: [Technical Errata Reported] RFC9635 (8198)
List-Id: GNAP <txauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/T1fKUBU2ueU4b_D2W6_sM70c24U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Owner: <mailto:txauth-owner@ietf.org>
List-Post: <mailto:txauth@ietf.org>
List-Subscribe: <mailto:txauth-join@ietf.org>
List-Unsubscribe: <mailto:txauth-leave@ietf.org>
It's defined in the document in a stable way but the registration wasn't requested, I don't think we need another document just to make the request. Perhaps the AD can chime in on the required process. ________________________________ From: Yaron Sheffer <yaronf.ietf@gmail.com> Sent: Friday, December 6, 2024 9:55 AM To: RFC Errata System <rfc-editor@rfc-editor.org>; ietf@justin.richer.org <ietf@justin.richer.org>; fabien.imbault@acert.io <fabien.imbault@acert.io>; debcooley1@gmail.com <debcooley1@gmail.com>; paul.wouters@aiven.io <paul.wouters@aiven.io>; leifj@sunet.se <leifj@sunet.se> Cc: iana@erinshepherd.net <iana@erinshepherd.net>; txauth@ietf.org <txauth@ietf.org>; rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org> Subject: [GNAP] Re: [Technical Errata Reported] RFC9635 (8198) I believe this errata should be marked Verified. But we also have to deal with the unregistered header field. Normally I would say, let’s submit an IANA registration request [1] and be done with it. But registering a new header field is somewhat painful, see [2], and seems to require a stable reference. So, do we need a -bis document? Or maybe a short AD-sponsored draft for this one purpose? Thanks, Yaron [1] https://www.iana.org/form/protocol-assignment [2] https://httpwg.org/specs/rfc7231.html#considerations.for.new.header.fields On 04/12/2024, 19:30, "RFC Errata System" <rfc-editor@rfc-editor.org> wrote: The following errata report has been submitted for RFC9635, "Grant Negotiation and Authorization Protocol (GNAP)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8198 -------------------------------------- Type: Technical Reported by: Erin Shepherd <iana@erinshepherd.net<mailto:iana@erinshepherd.net>> Section: 7.3.3. Original Text ------------- The signer presents the signed object in compact form [RFC7515] in the Detached-JWS header field. In the following non-normative example, the JOSE header contains the following parameters: { "alg": "RS256", "kid": "gnap-rsa", "uri": "https://server.example.com/gnap"<https://server.example.com/gnap%22>, "htm": "POST", "typ": "gnap-binding-jwsd", "created": 1618884475 } The request content is the following JSON object: NOTE: '\' line wrapping per RFC 8792 { "access_token": { "access": [ "dolphin-metadata" ] }, "interact": { "start": ["redirect"], "finish": { "method": "redirect", "uri": "https://client.foo/callback"<https://client.foo/callback%22>, "nonce": "VJLO6A4CAYLBXHTR0KRO" } }, "client": { "key": { "proof": "jwsd", "jwk": { "kid": "gnap-rsa", "kty": "RSA", "e": "AQAB", "alg": "RS256", "n": "hYOJ-XOKISdMMShn_G4W9m20mT0VWtQBsmBBkI2cmRt4Ai8Bf\ YdHsFzAtYKOjpBR1RpKpJmVKxIGNy0g6Z3ad2XYsh8KowlyVy8IkZ8NMwSrcUIBZG\ YXjHpwjzvfGvXH_5KJlnR3_uRUp4Z4Ujk2bCaKegDn11V2vxE41hqaPUnhRZxe0jR\ ETddzsE3mu1SK8dTCROjwUl14mUNo8iTrTm4n0qDadz8BkPo-uv4BC0bunS0K3bA_\ 3UgVp7zBlQFoFnLTO2uWp_muLEWGl67gBq9MO3brKXfGhi3kOzywzwPTuq-cVQDyE\ N7aL0SxCb3Hc4IdqDaMg8qHUyObpPitDQ" } } "display": { "name": "My Client Display Name", "uri": "https://client.foo/"<https://client.foo/%22> }, } } This is hashed to the following base64-encoded value: PGiVuOZUcN1tRtUS6tx2b4cBgw9mPgXG3IPB3wY7ctc This leads to the following full HTTP request message: NOTE: '\' line wrapping per RFC 8792 POST /gnap HTTP/1.1 Host: server.example.com Content-Type: application/json Content-Length: 983 Detached-JWS: eyJhbGciOiJSUzI1NiIsImNyZWF0ZWQiOjE2MTg4ODQ0NzUsImh0b\ SI6IlBPU1QiLCJraWQiOiJnbmFwLXJzYSIsInR5cCI6ImduYXAtYmluZGluZytqd3\ NkIiwidXJpIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20vZ25hcCJ9.PGiVuO\ ZUcN1tRtUS6tx2b4cBgw9mPgXG3IPB3wY7ctc.fUq-SV-A1iFN2MwCRW_yolVtT2_\ TZA2h5YeXUoi5F2Q2iToC0Tc4drYFOSHIX68knd68RUA7yHqCVP-ZQEd6aL32H69e\ 9zuMiw6O_s4TBKB3vDOvwrhYtDH6fX2hP70cQoO-47OwbqP-ifkrvI3hVgMX9TfjV\ eKNwnhoNnw3vbu7SNKeqJEbbwZfpESaGepS52xNBlDNMYBQQXxM9OqKJaXffzLFEl\ -Xe0UnfolVtBraz3aPrPy1C6a4uT7wLda3PaTOVtgysxzii3oJWpuz0WP5kRujzDF\ wX_EOzW0jsjCSkL-PXaKSpZgEjNjKDMg9irSxUISt1C1T6q3SzRgfuQ { "access_token": { "access": [ "dolphin-metadata" ] }, "interact": { "start": ["redirect"], "finish": { "method": "redirect", "uri": "https://client.foo/callback"<https://client.foo/callback%22>, "nonce": "VJLO6A4CAYLBXHTR0KRO" } }, "client": { "key": { "proof": "jwsd", "jwk": { "kid": "gnap-rsa", "kty": "RSA", "e": "AQAB", "alg": "RS256", "n": "hYOJ-XOKISdMMShn_G4W9m20mT0VWtQBsmBBkI2cmRt4Ai8Bf\ YdHsFzAtYKOjpBR1RpKpJmVKxIGNy0g6Z3ad2XYsh8KowlyVy8IkZ8NMwSrcUIBZG\ YXjHpwjzvfGvXH_5KJlnR3_uRUp4Z4Ujk2bCaKegDn11V2vxE41hqaPUnhRZxe0jR\ ETddzsE3mu1SK8dTCROjwUl14mUNo8iTrTm4n0qDadz8BkPo-uv4BC0bunS0K3bA_\ 3UgVp7zBlQFoFnLTO2uWp_muLEWGl67gBq9MO3brKXfGhi3kOzywzwPTuq-cVQDyE\ N7aL0SxCb3Hc4IdqDaMg8qHUyObpPitDQ" } } "display": { "name": "My Client Display Name", "uri": "https://client.foo/"<https://client.foo/%22> }, } } When the verifier receives the Detached-JWS header, it MUST parse and validate the JWS object. The signature MUST be validated against the expected key of the signer. If the HTTP message request contains content, the verifier MUST calculate the hash of the content just as the signer does, with no normalization or transformation of the request. All required fields MUST be present, and their values MUST be valid. All fields MUST match the corresponding portions of the HTTP message. For example, the htm field of the JWS header has to be the same as the HTTP verb used in the request. Note that this proofing method depends on a specific cryptographic algorithm, SHA-256, in two ways: 1) the ath hash algorithm is hardcoded and 2) the payload of the detached/attached signature is computed using a hardcoded hash. A future version of this document may address crypto-agility for both these uses by replacing ath with a new header that upgrades the algorithm and possibly defining a new JWS header that indicates the HTTP content's hash method. 7.3.3.1. Key Rotation Using Detached JWS When rotating a key using detached JWS, the message, which includes the new public key value or reference, is first signed with the old key as described above using a JWS object with typ header value "gnap-binding-rotation-jwsd". The value of the JWS object is then taken as the payload of a new JWS object, to be signed by the new key using the parameters above. The value of the new JWS object is sent in the Detached-JWS header. Corrected Text -------------- N/A Notes ----- This section standardises the use of the Detached-JWS HTTP header. This header was not registered in the IANA Considerations section and is not a registered HTTP header. I am unsure what the best way to correct this ommission is. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9635 (draft-ietf-gnap-core-protocol-19) -------------------------------------- Title : Grant Negotiation and Authorization Protocol (GNAP) Publication Date : October 2024 Author(s) : J. Richer, Ed., F. Imbault Category : PROPOSED STANDARD Source : Grant Negotiation and Authorization Protocol Stream : IETF Verifying Party : IESG
- [GNAP] [Technical Errata Reported] RFC9635 (8198) RFC Errata System
- [GNAP] Re: [Technical Errata Reported] RFC9635 (8… Yaron Sheffer
- [GNAP] Re: [Technical Errata Reported] RFC9635 (8… Justin Richer
- [GNAP] Re: [Technical Errata Reported] RFC9635 (8… Deb Cooley