Re: [woes] "Basing" on CMS

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 14 July 2011 20:34 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B640F11E8087 for <woes@ietfa.amsl.com>; Thu, 14 Jul 2011 13:34:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level:
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h46vVQA75WYP for <woes@ietfa.amsl.com>; Thu, 14 Jul 2011 13:34:04 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 813AB11E8079 for <woes@ietf.org>; Thu, 14 Jul 2011 13:34:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 3B6CB171BFA; Thu, 14 Jul 2011 21:33:51 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1310675626; bh=wRDzD3v3xyAV/t CaahIWKgWStdJL0TGH1d570Uzxyow=; b=3Yx3+9ioCdck/p/gEToOjIzYi9Qkuq /af1BLyNIRM4PskxC6ZhGA5ohoz/qzXMhfNAAuoxN62OaOQ3BeqGYcK9OO0pxfBw y+lgjSi5kYLSrB4pBlMeUrAP+0W0ZVHl9RTHvLDsjlfBJhnBkxBwy8qhlVD2tTkv hmw29oxHy3q7uP5y6J4hFv9o5/7xAZnbGDj2N9Y4yFgUYBXDvBfWApZGAzs8hBY2 1tSVaioKCjo7X4EoCna6pUEa5/XA/RPN2E/lyPf5Xcg6Pzxc9/GSxZrnk+lNVFgE tk6nlDC4p+ls7CZ5JP7xsum2oNHj/qE/xKF9LA66gDbIqse+TPcHVX8A==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id YuPILcZbdcXG; Thu, 14 Jul 2011 21:33:46 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.42.18.81]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 8B6B6171BF9; Thu, 14 Jul 2011 21:33:45 +0100 (IST)
Message-ID: <4E1F529E.9090601@cs.tcd.ie>
Date: Thu, 14 Jul 2011 21:33:34 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <13E17156-7FC8-47DB-B04C-52F4EF6E68E1@vpnc.org> <4E1F6AAD24975D4BA5B168042967394348D47567@TK5EX14MBXC201.redmond.corp.microsoft.com> <85740676-D5A7-4809-A583-B5892EDAB6E8@vpnc.org>
In-Reply-To: <85740676-D5A7-4809-A583-B5892EDAB6E8@vpnc.org>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "woes@ietf.org" <woes@ietf.org>
Subject: Re: [woes] "Basing" on CMS
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2011 20:34:11 -0000

On 13/07/11 18:42, Paul Hoffman wrote:
> On Jul 13, 2011, at 10:27 AM, Mike Jones wrote:
> 
>> I strongly disagree with the "basing on CMS" wording.  I'd be OK with wording more like "drawing upon existing inputs such as CMS, XMLDSIG, and XMLENC".
>>
>> There's a lot to reuse from these documents.  But it's prejudicial to have a discussion that starts from the assumption that we are basing this work on CMS.
> 
> As someone who participated in the early XMLDSIG and XMLENC work, I have to ask: what do they have for this JSON work that CMS doesn't? That is, there was a conscious attempt to mirror CMS structures in them. Where they strayed (such as on namespaces), they went to hell.
> 
> One or two examples here would really help.

Indeed. I think the KeyInfo from XMLDSIG is maybe a
slightly better model than (almost) forcing
IssuerAndSerialNumber from 5280 as is done in CMS.
That's the level at which I think we need to have
the discussion to understand what people are claiming
is wrong with basing on CMS.

For me, other than that example, I really fail to
see anything wrong with basing on CMS, so some
examples would be very good, even if they only
come two weeks after I first asked.

(Or, maybe all the disquiet on this topic is
really format-wars yet again and from the security
p-o-v, content-free;-)

S.

> 
> --Paul Hoffman
> 
> _______________________________________________
> woes mailing list
> woes@ietf.org
> https://www.ietf.org/mailman/listinfo/woes
>