Re: [woes] Proposed charter, post-Quebec edition

Paul Hoffman <paul.hoffman@vpnc.org> Thu, 04 August 2011 16:02 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B64CC21F850B for <woes@ietfa.amsl.com>; Thu, 4 Aug 2011 09:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.614
X-Spam-Level:
X-Spam-Status: No, score=-102.614 tagged_above=-999 required=5 tests=[AWL=-0.015, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-AD-5bkyHlf for <woes@ietfa.amsl.com>; Thu, 4 Aug 2011 09:02:38 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 05F8D21F8508 for <woes@ietf.org>; Thu, 4 Aug 2011 09:02:37 -0700 (PDT)
Received: from [10.20.30.101] (50-0-66-4.dsl.dynamic.fusionbroadband.com [50.0.66.4]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p74G2WFS031395 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 4 Aug 2011 09:02:32 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset=iso-8859-1
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CABcZeBNTyoXco921v8zG=0owfTYUwgxYm4FDMDhv2uuOrf_tAA@mail.gmail.com>
Date: Thu, 4 Aug 2011 09:02:51 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F29C631-D1A7-4113-9DCE-2BF86B649884@vpnc.org>
References: <4F25253E-A870-4956-AAB1-20890B655984@vpnc.org> <4E3A9885.50600@ieca.com> <1312472487.3264.35.camel@dynamo> <F1F8D912-8437-4A6E-B34C-53C7EEAD96A1@vpnc.org> <CABcZeBNTyoXco921v8zG=0owfTYUwgxYm4FDMDhv2uuOrf_tAA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1244.3)
Cc: woes@ietf.org
Subject: Re: [woes] Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2011 16:02:38 -0000

On Aug 4, 2011, at 8:52 AM, Eric Rescorla wrote:

> IMO, symmetric integrity protection is a useful primitive, and it's
> already part of the
> JWT spec. I think all that's required here in the charter is to
> wordsmith it to separate
> out symmetric from asymmetric integrity algorithms,

Current:
1) A Standards Track document specifying how to apply a JSON-structured digital signature to data, including (but not limited to) JSON data structures. "Digital signature" is defined as a hash operation followed by a signature operation using asymmetric keys.

It sounds like you would prefer something like:
1) A Standards Track document specifying how to apply integrity protection to data, including (but not limited to) JSON data structures. This integrity protection can be achieved with both symmetric and asymmetric algorithms.

Is that right?

--Paul Hoffman