Re: [woes] New WOES charter proposal

Dave CROCKER <dhc2@dcrocker.net> Mon, 25 July 2011 18:19 UTC

Return-Path: <dhc2@dcrocker.net>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6E321F8B77 for <woes@ietfa.amsl.com>; Mon, 25 Jul 2011 11:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASC59uDQUUpv for <woes@ietfa.amsl.com>; Mon, 25 Jul 2011 11:19:51 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id F260D21F8B66 for <woes@ietf.org>; Mon, 25 Jul 2011 11:19:50 -0700 (PDT)
Received: from [130.129.85.251] ([130.129.85.251]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id p6PIJitk009338 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <woes@ietf.org>; Mon, 25 Jul 2011 11:19:50 -0700
Message-ID: <4E2DB3BF.5050006@dcrocker.net>
Date: Mon, 25 Jul 2011 14:19:43 -0400
From: Dave CROCKER <dhc2@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: woes@ietf.org
References: <B2ABF893-10E6-496A-8F63-FFA2C9C89541@vpnc.org> <0DE0E2DE-A2FC-40DF-978B-594658571658@vpnc.org> <B26C1EF377CB694EAB6BDDC8E624B6E723160841@CH1PRD0302MB115.namprd03.prod.outlook.com> <23656536-E4BA-41BE-AA61-A23654246826@gmx.net> <A42506AF-BE66-4308-AD7B-03B4323D87CE@vpnc.org> <4E1F6AAD24975D4BA5B168042967394348D3F7F1@TK5EX14MBXC201.redmond.corp.microsoft.com> <4E164455.9020309@cs.tcd.ie> <4E171C20.8000305@dcrocker.net> <4E1F557F.8030500@cs.tcd.ie> <4E20DA1E.1020201@bbiw.net> <4E20DD0B.2080106@cs.tcd.ie> <4E1F6AAD24975D4BA5B168042967394348D4C6D2@TK5EX14MBXC201.redmond.corp.microsoft.com> <428F491B-718F-4B5D-BF96-C82CE0777A53@bbn.com> <1311613198.28852.54.camel@dynamo> <4E2DA4D5.90309@mnt.se>
In-Reply-To: <4E2DA4D5.90309@mnt.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Mon, 25 Jul 2011 11:19:50 -0700 (PDT)
Subject: Re: [woes] New WOES charter proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 18:19:51 -0000

On 7/25/2011 1:16 PM, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/25/2011 06:59 PM, Paul C. Bryan wrote:
>> I now find myself hoping this is not the beginning someone making a case
>> for ASN.1 encoding in WOES.
>>
>> For my edification, can someone comment on how CMS would likely be
>> referenced in WOES? Would it likely be a normative reference (i.e. key
>> transport/wrapping, as it is in xmlenc-core), or otherwise would it
>> probably be just informational?
>
> We seem to be bike-shedding on the words "based on" in the charter.
> Perhaps it helps if we say something to the effect that WOES draws
> upon experience from CMS and XML-dsig/enc and leave it at that.


1. There is considerably more than a bikeshedding difference between

    a) normative dependence on a protocol, where the new exercise is merely a 
syntactic re-coding"

vs, for example

    b) "take the ideas from the existing work and use them as a basis for 
writing a new protocol."

2. There is a significant constituency in the current topic that are using 
language that sounds very much like option a) above.

That is, I believe there is a meaningful split between an established security 
community view for this topic, versus the views of the json-oriented folk.

What is perhaps missing is a clear and shared understanding of the exact uses 
that are intended for the current work.

For example "must be able to encode it in a URL" is a rather meaningful and 
substantial constraint.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net