IETF Logo Mail Archive

Re: [woes] New WOES charter proposal

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 16 July 2011 01:56 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C19621F8504 for <woes@ietfa.amsl.com>; Fri, 15 Jul 2011 18:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOs4DkbU9-+j for <woes@ietfa.amsl.com>; Fri, 15 Jul 2011 18:56:35 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 40F0221F86D2 for <woes@ietf.org>; Fri, 15 Jul 2011 18:56:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 773E9171C05; Sat, 16 Jul 2011 02:56:22 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1310781380; bh=qihj2tb30LuWFK J4oNmqEB3ahoAy9qcfMI7A/+WS2q4=; b=scDfKxQT6wDDgZPj0zsL90oAVVoyRF 5vxMs0roJl68zWoVT5Sxh+ad2lOn62ZayZIeQQHCJ/NpaZrxmcH5oKsIIWpOv4Gv UJBoVwD72Mn3wuz2kHZF9sQHOJ+H0CjLO4cdFWsH8VvhaBPpV9cVZ0j3cBGc6TsF dSqjgHY34zYXqxo8KFX5+DL2FWVbxVOTwnKcgXo7Z96AF4oG7NJsC6Av6iC31+GN F+g0AhTvmb97gDs5DHTZxpw3vIi9hD1UM8KitSsvmhxCurOyHYkSPxgA0VruEQFe JeG5ofWirdrJ+rREKgBW1n0O4iX86aISYo2S1Qvf3lcej537Zfoafxpw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 0qVOG7QAhumQ; Sat, 16 Jul 2011 02:56:20 +0100 (IST)
Received: from [10.87.48.6] (unknown [86.41.15.89]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id C19FE171C04; Sat, 16 Jul 2011 02:56:19 +0100 (IST)
Message-ID: <4E20EFB9.3040309@cs.tcd.ie>
Date: Sat, 16 Jul 2011 02:56:09 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <B2ABF893-10E6-496A-8F63-FFA2C9C89541@vpnc.org> <0DE0E2DE-A2FC-40DF-978B-594658571658@vpnc.org> <B26C1EF377CB694EAB6BDDC8E624B6E723160841@CH1PRD0302MB115.namprd03.prod.outlook.com> <23656536-E4BA-41BE-AA61-A23654246826@gmx.net> <A42506AF-BE66-4308-AD7B-03B4323D87CE@vpnc.org> <4E1F6AAD24975D4BA5B168042967394348D3F7F1@TK5EX14MBXC201.redmond.corp.microsoft.com> <4E164455.9020309@cs.tcd.ie> <4E171C20.8000305@dcrocker.net> <4E1F557F.8030500@cs.tcd.ie> <4E20DA1E.1020201@bbiw.net> <4E20DD0B.2080106@cs.tcd.ie> <4E1F6AAD24975D4BA5B168042967394348D4C6D2@TK5EX14MBXC201.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394348D4C6D2@TK5EX14MBXC201.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "woes@ietf.org" <woes@ietf.org>, Dave CROCKER <dcrocker@bbiw.net>
Subject: Re: [woes] New WOES charter proposal
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jul 2011 01:56:36 -0000

Hi Mike,

On 16/07/11 02:13, Mike Jones wrote:
> Some use cases require a compact, URL-safe data representation.  For instance, this is needed when the data is passed in a URL query parameter - particularly for feature phone browsers that may limit URLs to 1024 or sometimes even 256 characters.  That's one concrete example of something not covered by CMS.

Note that no-one afaik is suggesting using ASN.1 encoding, so
any JSON specific payload encoding stuff has to be work for woes
to do. I would assume that that's up for debate all right, but
don't see that it has anything to do with CMS, same as CMS
doesn't itself say anything about MIME body parts which is
handled in another S/MIME RFC entirely.

So, unless I'm missing something this is not a missing bit
of CMS but rather an additional, payload-related (from the
crypto p-o-v) requirement that you're expressing.

> Some end-to-end use cases require a JSON key representation and ways of referring to them.  That's another concrete example of something not covered in CMS.

So some way to identify keys is clearly needed all right and I tend
to agree that that's an area where CMS is too X.509 specific in that
CMS dives inside the X.509 structure.

But there are well known choices, as I mentioned in a mail yesterday,
so I still don't see that there's a real need for a JSON
representation for keys, (though it might still be sensible), can
you clarify when you'd need to say refer to an RSA public exponent
specifically, or to an ECC parameter?

While I think XMLDSIG's KeyInfo is better than IssuerAndSerialNumber,
I'm not at all sure anyone really uses the <Exponent> element for
anything that wouldn't work just as well with the base64 encoding
of an X.509 blob. But its been a while, so maybe RSAKeyValue is more
useful than I recall.

If there's never a need to refer to the RSA public exponent or
equivalents for other algorithms, then you don't need a way to
represent keys in JSON, but rather a way to put some key
representation or key identifier inside square brackets in a
well defined way. The latter, done smartly, should take a whole
lot less effort to get right would be my guess.

S.

> 
> 				-- Mike
> 
> -----Original Message-----
> From: woes-bounces@ietf.org [mailto:woes-bounces@ietf.org] On Behalf Of Stephen Farrell
> Sent: Friday, July 15, 2011 5:36 PM
> To: Dave CROCKER
> Cc: woes@ietf.org
> Subject: Re: [woes] New WOES charter proposal
> 
> 
> 
> On 16/07/11 01:23, Dave CROCKER wrote:
>>
>> On 7/14/2011 1:45 PM, Stephen Farrell wrote:
>>>> The first requirement is for proponents to provide much more 
>>>> explicit details about what is being proposed in the use of CMS.
>> ...
>>> Well, I don't really follow your logic there, but we're not aiming to 
>>> do a new thing here.
>> ...
>>> Anyway the path for developing yet another crypto format is a pretty 
>>> well trodden one and IMO CMS is the best current starting point for 
>>> that process, so I think its entirely reasonable to ask people why 
>>> they disagree with that.
>>>
>>> It does of course presume familiarity with CMS, but then that should 
>>> be a prerequisite for working on woes, really.
>>
>>
>> Steve,
>>
>> Oh.  This working group is merely a CMS encoding exercise?  That was 
>> not at all clear previously.
>>  
>> I suspect I am not the only one who missed this as the anchoring and 
>> inflexible premise to the work.  (For reference, that requires even 
>> stronger language than is in the current draft.)
> 
> Maybe you could put [] around the sarcasm, given that this is JSON related? :-)
> 
> I asked for examples of what's not covered by CMS but is needed here. I did that actually wanting to get an answer since I may well be missing something. (So far, no substantive answer has been offered.) I was not trying to score some rhetorical points.
> 
> S.
> _______________________________________________
> woes mailing list
> woes@ietf.org
> https://www.ietf.org/mailman/listinfo/woes
> 
>

v2.23.0 | Report a Bug | By Email