Re: [woes] New WOES charter proposal

Sean Turner <turners@ieca.com> Fri, 08 July 2011 01:03 UTC

Return-Path: <turners@ieca.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5300E21F8A36 for <woes@ietfa.amsl.com>; Thu, 7 Jul 2011 18:03:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.39
X-Spam-Level:
X-Spam-Status: No, score=-102.39 tagged_above=-999 required=5 tests=[AWL=0.208, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUHcWerOyCzL for <woes@ietfa.amsl.com>; Thu, 7 Jul 2011 18:02:59 -0700 (PDT)
Received: from nm13.bullet.mail.sp2.yahoo.com (nm13.bullet.mail.sp2.yahoo.com [98.139.91.83]) by ietfa.amsl.com (Postfix) with SMTP id AAC5021F893B for <woes@ietf.org>; Thu, 7 Jul 2011 18:02:59 -0700 (PDT)
Received: from [98.139.91.66] by nm13.bullet.mail.sp2.yahoo.com with NNFMP; 08 Jul 2011 01:02:56 -0000
Received: from [98.139.91.29] by tm6.bullet.mail.sp2.yahoo.com with NNFMP; 08 Jul 2011 01:02:56 -0000
Received: from [127.0.0.1] by omp1029.mail.sp2.yahoo.com with NNFMP; 08 Jul 2011 01:02:56 -0000
X-Yahoo-Newman-Id: 103696.39412.bm@omp1029.mail.sp2.yahoo.com
Received: (qmail 72728 invoked from network); 8 Jul 2011 01:02:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1310086975; bh=+1zcyAsrAXqbB2uZlhmdI37j7pHdO+VGVTmM2IJoPmw=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ARspmFh2v8MscLbpJ5uAef9TzCAb2dGvPuiwehbKoEAhj33MNIe4q0obN1rUjecJbyTPKWf9IfbMEtyu/NbMKB8kKE8tF1vR6qPopFyk9oUew6cfyTUuMAn6x2WLk4XdlTaxQuwwrKPjr4VWK/jHIqofnTGALQuFackVr0ykQM8=
Received: from thunderfish.westell.com (turners@71.191.12.140 with plain) by smtp111.biz.mail.sp1.yahoo.com with SMTP; 07 Jul 2011 18:02:55 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: .cTZX3AVM1m6VasGUoV_3_TiMAj90YbK7OVr2K046VBGFx5 qXvRDiGR0kH5jaKxGhZIKoFyX3ESqe3DGHxlTK80zGgMVhVu3a2e4TeTCqF4 1ISw_GWGMmUjvmu7scxq590wbce7.4xDpNrYHzH0bogJbbA2KvwzXtFeFmN. shjlksi1LDnZqxgAn_tNTS7lwU4PyWO9uh1hPYw_Xdi0SZqlE9pwjt8A_Ctn LCr_HjwrHDnsMpsFl0_V95nLu1IhAZycGtPq2hAF2bEz0vq1Xkg9FHrT4EzH mQOpddmeVxAaHEHdgurPVsh6VKAdnYp65dkZ1DfvoOMgkBktF0.VNkmE_CLs mRHuYp59jS2h3zmc4a017u8_j7PV_g9qcnp6heIrl
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4E16573E.1040604@ieca.com>
Date: Thu, 07 Jul 2011 21:02:54 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: "woes@ietf.org" <woes@ietf.org>
References: <B2ABF893-10E6-496A-8F63-FFA2C9C89541@vpnc.org> <0DE0E2DE-A2FC-40DF-978B-594658571658@vpnc.org> <B26C1EF377CB694EAB6BDDC8E624B6E723160841@CH1PRD0302MB115.namprd03.prod.outlook.com> <23656536-E4BA-41BE-AA61-A23654246826@gmx.net>
In-Reply-To: <23656536-E4BA-41BE-AA61-A23654246826@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [woes] New WOES charter proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 01:03:00 -0000

I'm always reminded by the warning found in RFC 5406:

   Security protocols are very hard to design;

Trying to get a new security protocol through the standardization hoops 
is much harder than starting with a known protocol profiling it down to 
what you want.  If you start from scratch, you end up in the whole let's 
pick from one of the competing options, but before you can do that you 
need to generate some requirements.

spt

On 7/7/11 7:06 PM, Hannes Tschofenig wrote:
> And what does it mean to "base it on CMS"?
>
> It could, for example, mean that
> 1) the same functionality as CMS has to be provided (but with a JSON encoding)
> 2) folks should look at CMS to get inspired
> 3) for a chosen subset of CMS that the JSON-based realization must be semantically equivalent (for example, to make translation easy or so)
> 4) re-use of parts is encouraged (such as registries, etc.)
>
> What did you had in mind, Paul?
>
> On Jul 8, 2011, at 12:17 AM, Anthony Nadalin wrote:
>
>> Why do we need to base this on CMS, that should be an open.
>>
>> -----Original Message-----
>> From: Paul Hoffman [mailto:paul.hoffman@vpnc.org]
>> Sent: Thursday, July 07, 2011 10:55 AM
>> To: woes@ietf.org
>> Subject: Re: [woes] New WOES charter proposal
>>
>> More comments, please.
>>
>> On Jul 5, 2011, at 1:44 PM, Paul Hoffman wrote:
>>
>>> Greetings again. After discussion with our ADs about having a much more limited charter than what was initially proposed, Richard Barnes and I have come up with the following. We would like this discussed as much as possible on the list before the Quebec meeting so that the meeting can be about finalizing the charter. Thus, comments are welcome.
>>>
>>> We also note that the WG might want to change its name to JOES (JavaScript Object Encryption and Signing) to make its work clearer to people who don't read the first paragraph of the charter.
>>>
>>> Web Object Encryption and Signing (woes)
>>> ========================================
>>>
>>> Background
>>> ----------
>>>
>>> JSON is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services such as object encryption and message signing for data that is being carried in JSON format.
>>>
>>> Different proposals for providing such security services have already been defined and implemented. This Working Group's task is to standardize two security services, encrypting and digitally signing, in order to increase interoperability of security features between protocols that use JSON. The Working Group will base its work on the Cryptographic Message Syntax (CMS), and will solicit input from the rest of the IETF Security Area to be sure that the security functionality in the JSON format is correct.
>>
>>>
>>> This group is chartered to work on one or two documents:
>>>
>>> 1) A Standards Track document specifying how to apply a JSON-structured digital signature to data, including (but not limited to) JSON data structures.
>>>
>>> 2) A Standards Track document specifying how to apply a JSON-structured encryption to data, including (but not limited to) JSON data structures.
>>>
>>> The working group may decide to address both of these goals in a single document, in which case the concrete milestones for signing/encryption below will both be satisfied by the single document.
>>>
>>> Goals and Milestones
>>> --------------------
>>>
>>> Aug 2011    Submit JSON object signing document as a WG item.
>>>
>>> Aug 2011    Submit JSON object encryption document as a WG item.
>>>
>>> Jan 2012    Start Working Group Last Call on JSON object signing document.
>>>
>>> Jan 2012    Start Working Group Last Call on JSON object encryption document.
>>>
>>> Feb 2012    Submit JSON object signing document to IESG for consideration as
>>> Standards Track document.
>>>
>>> Feb 2012    Submit JSON object encryption document to IESG for consideration
>>> as Standards Track document.
>>>
>>> --Paul Hoffman
>>>
>>> _______________________________________________
>>> woes mailing list
>>> woes@ietf.org
>>> https://www.ietf.org/mailman/listinfo/woes
>>>
>>>
>>
>> --Paul Hoffman
>>
>>
>>
>> _______________________________________________
>> woes mailing list
>> woes@ietf.org
>> https://www.ietf.org/mailman/listinfo/woes
>
> _______________________________________________
> woes mailing list
> woes@ietf.org
> https://www.ietf.org/mailman/listinfo/woes
>