Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Phillip Hallam-Baker <> Fri, 05 August 2011 20:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C50AD11E80C1 for <>; Fri, 5 Aug 2011 13:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.452
X-Spam-Status: No, score=-3.452 tagged_above=-999 required=5 tests=[AWL=0.146, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HL8xuU7GRlxW for <>; Fri, 5 Aug 2011 13:53:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DC47711E80C9 for <>; Fri, 5 Aug 2011 13:53:17 -0700 (PDT)
Received: by yie12 with SMTP id 12so317843yie.31 for <>; Fri, 05 Aug 2011 13:53:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0ZTohesbSMI+BFBOfyZDKTro3mtvEvJkufqd4Hr4cpg=; b=u1p0bFIwavxa5cutWOB7XrcOOuK9OB4KTnd0CDC655AWnNaC7AkvcyKbWlmU0e+8dR PSHoU0kg/IWlWbW2JkUKjJSnvlW3wchK/BmAlJBqmw1XCJ9Qdp5aiJ2LWnnY30NHohrI nDJxUr5yrazxe3fuzYfwgeFlt6wqLUSosgHpw=
MIME-Version: 1.0
Received: by with SMTP id b3mr2390846ani.116.1312577615958; Fri, 05 Aug 2011 13:53:35 -0700 (PDT)
Received: by with HTTP; Fri, 5 Aug 2011 13:53:35 -0700 (PDT)
In-Reply-To: <>
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <> <> <> <> <> <>
Date: Fri, 5 Aug 2011 16:53:35 -0400
Message-ID: <>
From: Phillip Hallam-Baker <>
To: Sean Turner <>
Content-Type: multipart/alternative; boundary=00163691ff518a13d304a9c84ab0
Cc: "" <>
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 05 Aug 2011 20:53:23 -0000

On Fri, Aug 5, 2011 at 4:23 PM, Sean Turner <> wrote:

> I have no problem with adding something along the line of:
> OLD:
> The resulting solutions will support both JSON-encoded public keys and
> X.509 public key certificates.

Works for me.

> I purposely choose "support" and didn't specify which is the MTI.  We can
> have that debate when writing the spec.
> do others have an issue with this?

I would prefer not to specify an MTI at all.

One of the neat features of C# is that you can now specify List <Foo> and
get a strongly typed list of type Foo. Unlike in C where the list container
is generic, you can specify a structure with a List <foo> and know that
nothing else will be put in it.

What I would like to end up with with Woes is scheme where a specification
using Woes can specify Woes <PKIX> or Woes <Raw>.

I think it is a mistake for every IETF security WG to get into discussions
on which algorithms to make mandatory for the same reason. We should have
one set of algorithms that is the preferred IETF set across the board and
those should apply unless a particular WG has a very particular reason to do

In fact that is the reason I want WOES in the first place. I can write out a
way to sign this stuff in a few hours and make it work for my stuff. I can
even write up a spec. What I greatly dislike is a situation where we get
into a committee and spend two years making a series of design decisions
en-bank and then join another group and go through the whole set all over
again, often with many of the same people.