IETF Logo Mail Archive

Re: [woes] WOES Charter Proposal

Mike Jones <Michael.Jones@microsoft.com> Thu, 16 June 2011 18:47 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CFB421F849E for <woes@ietfa.amsl.com>; Thu, 16 Jun 2011 11:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MD8YNj+i+ttG for <woes@ietfa.amsl.com>; Thu, 16 Jun 2011 11:47:04 -0700 (PDT)
Received: from smtp.microsoft.com (mail3.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id EB0EC21F8499 for <woes@ietf.org>; Thu, 16 Jun 2011 11:47:03 -0700 (PDT)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (157.54.80.25) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 16 Jun 2011 11:47:03 -0700
Received: from TK5EX14MBXC203.redmond.corp.microsoft.com ([169.254.3.57]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.01.0289.008; Thu, 16 Jun 2011 11:47:03 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [woes] WOES Charter Proposal
Thread-Index: AcwqjhBHtkjJjf0ySWeO6EHazLfdBwAXRIiAABIF2QAADeBKgAA3rbfAAACBLzIAD1MHAAAOCVXg//+eGACAAHTIIA==
Date: Thu, 16 Jun 2011 18:47:02 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739433812ABD0@TK5EX14MBXC203.redmond.corp.microsoft.com>
References: <CA1F9A77.58EE4%joe.hildebrand@webex.com> <4DFA42BE.5040505@cs.tcd.ie> <4E1F6AAD24975D4BA5B16804296739433812AA92@TK5EX14MBXC203.redmond.corp.microsoft.com> <15965152-6956-41F7-AC3E-978C0274B37E@cs.tcd.ie>
In-Reply-To: <15965152-6956-41F7-AC3E-978C0274B37E@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "woes@ietf.org" <woes@ietf.org>, "kris@sitepen.com" <kris@sitepen.com>
Subject: Re: [woes] WOES Charter Proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 18:47:06 -0000

For what it's worth, the HMAC and signature output representations to use *are* explicitly specified in the JWS and JWT specs (which is necessary to achieve interoperability).

				-- Mike

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Thursday, June 16, 2011 11:43 AM
To: Mike Jones
Cc: Joe Hildebrand; Tschofenig, Hannes (NSN - FI/Espoo); extManger, James H; Sean Turner; woes@ietf.org; kris@sitepen.com
Subject: Re: [woes] WOES Charter Proposal



On 16 Jun 2011, at 19:14, Mike Jones <Michael.Jones@microsoft.com> wrote:

> About (3), you sign and encrypt things with keys.  The header/envelope often references the key, which must have a known representation.  In a JSON-based world, it's often simpler to represent public keys as JSON rather than ASN.1 (for the same reasons that we're considering JSON signatures and encryption when we already have CMS).  It's not creep - it's providing a complete JSON-based signing/encryption solution.

And you need algorithm ids and parameters and a way to represent hmac outputs etc but those are not called out specifically which makes (3) look like a slippery slope.

> 
> I personal agree that (4) schemas is creep, but I support Joe's desire to have it considered as an input document.

I'm thinking in charter terms, this is the first I think I've heard of non crypto work being proposed here (sorry if I missed that).

Simpler, more tightly scoped, charters seem to get approved easier,

Cheers 
S


> 
>                -- Mike
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
> Sent: Thursday, June 16, 2011 10:52 AM
> To: Joe Hildebrand
> Cc: Mike Jones; Tschofenig, Hannes (NSN - FI/Espoo); ext Manger, James H; Sean Turner; woes@ietf.org; kris@sitepen.com
> Subject: Re: [woes] WOES Charter Proposal
> 
> 
> 3 & 4 there look a bit like scope-creep to me
> 
> Why are they absolutely needed?
> 
> S.
> 
> On 16/06/11 18:33, Joe Hildebrand wrote:
>> Slight tweaks
>> 
>> 
>> On 6/16/11 11:26 AM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:
>> 
>>>    1) A JSON-based method of applying digital signatures and keyed 
>>> message digests to data that may represent JSON data structures.
>> 
>> ... may represent arbitrary data, including JSON data structures and 
>> text
>> 
>>>    2) A JSON-based method of applying encryption to data that may 
>>> represent JSON data structures.
>> 
>> Same as 1) above.  Not just for JSON.
>> 
>>> Separately, we may want to consider whether the following should be in scope:
>>> 
>>>    3) A JSON-based method of representing public keys.
>>> 
>>> Also, please update and/or add these references (some were out of 
>>> date, some were missing):
>> 
>> Let's also add:
>> 
>> 4) Any JSON-specific prerequisite tooling such as JSON Schema
>> 
>> And add draft-zyp-json-schema as a reference.  I CC'd Kris Zyp to see 
>> if he's ok with that.  Kris: this might be a chance for a WG to pick 
>> up JSON Schema if you like.
>> 
>

v2.23.0 | Report a Bug | By Email