Re: [jose] way forward for two remaining drafts
Matias Woloski <matiasw@gmail.com> Sat, 18 July 2015 16:59 UTC
Return-Path: <matiasw@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5C81A1BAE for <jose@ietfa.amsl.com>; Sat, 18 Jul 2015 09:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ja3367a1SMrS for <jose@ietfa.amsl.com>; Sat, 18 Jul 2015 09:58:56 -0700 (PDT)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C73CD1A1BB0 for <jose@ietf.org>; Sat, 18 Jul 2015 09:58:55 -0700 (PDT)
Received: by igcqs7 with SMTP id qs7so57054410igc.0 for <jose@ietf.org>; Sat, 18 Jul 2015 09:58:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=KvQzIOsdOPP++DnVhOCH+m5TWPdX7V17SiZyDGwtsM8=; b=nZoipVfSDNgQijX/M5jhguZva9j90TbzIvlUMkFfPLme4QlJh0EI5wDeyu4NqyTxD3 18CAUk5o325SScqtCalWHW5iMSgrr/3CIKZ3+PZYGMtp8smZvrOnPd10Y5zXYDfnbNY0 NX6n/qzN+0eZIABEoKQBKn1eWe5tuNGznVQ6+nMlAup6bFfdwgHuuhW2n/yoDqbu3oFF PQw688FB1GHyOzQPTA1kbt03JXtu8NdZG40tYlQmmsVDgKtHMNvuPZGVNqffvMp7vXBx 3pS+arENZ5BIUT2nt82UhGgHaueQnpP7BrpbXLbcT6kVneHb+npdL76uReeCMRl42zkE vQfg==
X-Received: by 10.107.8.212 with SMTP id h81mr25569080ioi.125.1437238735239; Sat, 18 Jul 2015 09:58:55 -0700 (PDT)
MIME-Version: 1.0
References: <CABzCy2A_yxx+WFSLJiw5ZBPfGaR5de5Lf0uaPFbaMGOnzWSnpg@mail.gmail.com> <1984212955.1265704.1436807438162.JavaMail.yahoo@mail.yahoo.com> <9823EFCA-CE49-4AD5-BC6A-BCD15A1C765E@gmail.com> <CE8995AB5D178F44A2154F5C9A97CAF4028D07DBA788@HE111541.emea1.cds.t-internal.com> <00bf01d0c05b$91bf3a90$b53dafb0$@nri.co.jp> <BY2PR03MB44293CAEA621E6ED27FE2FBF5980@BY2PR03MB442.namprd03.prod.outlook.com>
In-Reply-To: <BY2PR03MB44293CAEA621E6ED27FE2FBF5980@BY2PR03MB442.namprd03.prod.outlook.com>
From: Matias Woloski <matiasw@gmail.com>
Date: Sat, 18 Jul 2015 16:58:45 +0000
Message-ID: <CAK+KdNXQYKWvKjsDHJ7Zij7f27tkMYYx8V6nD2NpLpT27jjBoA@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Nat Sakimura <n-sakimura@nri.co.jp>, "Axel.Nennker@telekom.de" <Axel.Nennker@telekom.de>, "kathleen.moriarty.ietf@gmail.com" <kathleen.moriarty.ietf@gmail.com>, "ejay@mgi1.com" <ejay@mgi1.com>
Content-Type: multipart/alternative; boundary="001a113f97a44580b6051b29381b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/vaMhPj8y91rmAhVKjkIwq4Z-6iw>
Cc: "odonoghue@isoc.org" <odonoghue@isoc.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] way forward for two remaining drafts
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2015 16:59:00 -0000
I was reading the spec and I think detached signature has certainly a space, so b64: true/false makes sense to me. However I have to say that I found a bit strecht the use of sph flag. It sounds to me like a premature optimization. I would keep it out for now to keep things simple. On Fri, Jul 17, 2015 at 2:34 PM Mike Jones <Michael.Jones@microsoft.com> wrote: > Thanks, Nat. When I wrote the draft, I was intentionally being as clear > as possible at first about the semantics by using two separate parameters, > while also recognizing that we would probably want to collapse these to a > single parameter for brevity. My thinking was that we could define a “sio” > (signing input options) parameter and three or four values for it. I just > hadn’t come up with great names for the values. (You’re using integers, > which are short but non-meaningful values.) > > > > Here’s an initial stab for people to suggest better alternatives to: > > > > *"sph"* > > *"b64"* > > *“sio”* > > true > > true > > (parameter to be omitted when defaults used) > > false > > true > > “b64o” (base64url encoded payload only) > > true > > false > > “plain” (plaintext payload) > > false > > false > > “min” (plaintext payload and no protected header) > > > > -- Mike > > > > *From:* Nat Sakimura [mailto:n-sakimura@nri.co.jp] > *Sent:* Thursday, July 16, 2015 11:41 PM > *To:* Axel.Nennker@telekom.de; kathleen.moriarty.ietf@gmail.com; > ejay@mgi1.com > *Cc:* Mike Jones; odonoghue@isoc.org; jose@ietf.org > *Subject:* RE: [jose] way forward for two remaining drafts > > > > Axel wrote: > > Is it an argument for not base64url encoding payloads that they remain > human/developer readable? > > This argument would make draft-jones-jose-jws-signing-input-options useful > for small payloads too. > > > > > > Indeed. It is one of my use case – small and I want to keep it readable. > > > > For the case the headers are not needed to be protected, the readability > extends to the headers as well. > > > > Re: header parameters, for the sake of size, I am inclined to combine > “sph” and “b64” to “pb” or something and represent the value as a number. > > So: (Sorry for an HTML table) > > > > *"sph"* > > *"b64"* > > *“pb”* > > true > > true > > 3 > > false > > true > > 1 > > true > > false > > 2 > > false > > false > > 0 > > > > > > -- > > Nat Sakimura <n-sakimura@nri.co.jp> > > Nomura Research Institute, Ltd. > > > > PLEASE READ: > > The information contained in this e-mail is confidential and intended for > the named recipient(s) only. > > If you are not an intended recipient of this e-mail, you are hereby > notified that any review, dissemination, distribution or duplication of > this message is strictly prohibited. If you have received this message in > error, please notify the sender immediately and delete your copy from your > system. > > > > *From:* jose [mailto:jose-bounces@ietf.org <jose-bounces@ietf.org>] *On > Behalf Of *Axel.Nennker@telekom.de > > > *Sent:* Thursday, July 16, 2015 2:55 PM > *To:* kathleen.moriarty.ietf@gmail.com; ejay@mgi1.com > *Cc:* Michael.Jones@microsoft.com; sakimura@gmail.com; odonoghue@isoc.org; > jose@ietf.org > *Subject:* Re: [jose] way forward for two remaining drafts > > > > Will review and probably implement this. > > > > Nits: s/some of have/some have/ > > While this > > cryptographically binds the protected Header Parameters to the > > integrity protected payload, some of have described use cases in > > which this binding is unnecessary and/or an impediment to adoption, > > especially when the payload is large and/or detached. > > Should read: > > While this > > cryptographically binds the protected Header Parameters to the > > integrity protected payload, some have described use cases in > > which this binding is unnecessary and/or an impediment to adoption, > > especially when the payload is large and/or detached. > > > > Is it an argument for not base64url encoding payloads that they remain > human/developer readable? > > This argument would make draft-jones-jose-jws-signing-input-options useful > for small payloads too. > > > > -Axel > > > > *From:* jose [mailto:jose-bounces@ietf.org <jose-bounces@ietf.org>] *On > Behalf Of *Kathleen Moriarty > *Sent:* Montag, 13. Juli 2015 20:25 > *To:* Edmund Jay > *Cc:* Mike Jones; Nat Sakimura; jose@ietf.org; Karen O'Donoghue > *Subject:* Re: [jose] way forward for two remaining drafts > > > > Hello, > > > > It's good too see that a few people do support these drafts. Will each of > you be sending reviews and comments to the list shortly on these drafts? > If the chairs think it's reasonable to accept the drafts, they will also > need to know there will be active support. > > > > Thanks, > > Kathleen > > Sent from my iPhone > > > On Jul 13, 2015, at 1:10 PM, Edmund Jay <ejay@mgi1.com> wrote: > > +1 > > > > > > ------------------------------ > > *From:* Nat Sakimura <sakimura@gmail.com> > *To:* Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> > *Cc:* Mike Jones <Michael.Jones@microsoft.com>; Karen O'Donoghue < > odonoghue@isoc.org>; "jose@ietf.org" <jose@ietf.org> > *Sent:* Sunday, July 12, 2015 10:32 AM > *Subject:* Re: [jose] way forward for two remaining drafts > > Sorry to chime in so late. I have been completely under water for > sometime now. > > > > Like Phil, I do see that draft-jones-jose-jws-signing-input-options sort > of thing can be very useful, though I may want to have slightly different > way of encoding the things. Being able to do detached signature is quite > attractive. > > > > Best, > > > > Nat > > 2015-07-10 2:37 GMT+09:00 Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com>: > > > > Hi, > > Sent from my iPhone > > > On Jul 9, 2015, at 1:16 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > About > https://tools.ietf.org/html/draft-jones-jose-jws-signing-input-options-00 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-jose-jws-signing-input-options-00&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=uGAAosD5aGeonSPFNfYJnr8Eg8lR%2bYJXY8fmq87w%2f7k%3d>, > I’ll add that this addresses the requests make by Jim Schaad and Richard > Barnes in JOSE Issues #26 “Allow for signature payload to not be base64 > encoded” and #23 http://trac.tools.ietf.org/wg/jose/trac/ticket/23 > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftrac.tools.ietf.org%2fwg%2fjose%2ftrac%2fticket%2f23&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=CzGoDiV%2brrDZzEN6gX95zdOkkZENLSHj3m0jqitSDJU%3d> > “Make crypto independent of binary encoding (base64)”. > > > > About > https://tools.ietf.org/html/draft-jones-jose-key-managed-json-web-signature-01 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-jose-key-managed-json-web-signature-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=76KRQQOO11ElDqxjBNLqfmpCVQUnN%2ffc13lqOmMN1Z8%3d>, > I’ll add that this addresses the request made by Jim Schaad in JOSE Issue > #2 http://trac.tools.ietf.org/wg/jose/trac/ticket/2 > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftrac.tools.ietf.org%2fwg%2fjose%2ftrac%2fticket%2f2&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=8ZukCNBEmC2FAYaqOnXZmy%2ffs7YH0TtKC01aFiR%2fHYI%3d> > “No key management for MAC”. > > > > Also, there’s a highly relevant discussion about key management for MACs > going on in the COSE working group. See the thread “[Cose] Key > management for MACs (was Re: Review of draft-schaad-cose-msg-01)” – > especially > https://mailarchive.ietf.org/arch/msg/cose/aUehU6O7Ui8CXcGxy3TquZOxWH4 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailarchive.ietf.org%2farch%2fmsg%2fcose%2faUehU6O7Ui8CXcGxy3TquZOxWH4&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=xXRr%2fMEhBlRzUJCohPEIxrOQBl06BJIbWF4p14i19Wc%3d> > and https://mailarchive.ietf.org/arch/msg/cose/ouOIdAOe2P-W8BjGLJ7BNvvRr10 > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailarchive.ietf.org%2farch%2fmsg%2fcose%2fouOIdAOe2P-W8BjGLJ7BNvvRr10&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Wgowj5vYeOBshmm3FoMlIwuuG2qsuHzZ6XUXoVI%2fagk%3d> > . > > > > One could take the view that our decision on the JOSE key management draft > should be informed by the related decision in COSE. Specifically, that if > COSE decides to support key management for MACs, the same reasoning likely > should apply to our decision on whether to define a standard mechanism for > supporting key management for MACs in JOSE. > > > > Key management is explicitly out-of-scope for COSE as stated in the > charter. The discussion referenced had this point at the close of that > discussion. > > > > I'm not seeing much support for these drafts moving forward in JOSE. I'm > also not seeing enough to justify standards track and AD sponsored. If you > think these are important to have move forward in the WG or as standards > track, please say so soon. They can still go forward through the > Independent submission process through the ISE. > > > > Thank you, > > Kathleen > > -- Mike > > > > *From:* jose [mailto:jose-bounces@ietf.org <jose-bounces@ietf.org>] *On > Behalf Of *Karen O'Donoghue > *Sent:* Wednesday, July 01, 2015 8:38 AM > *To:* jose@ietf.org > *Subject:* [jose] way forward for two remaining drafts > > > > Folks, > > > > With the thumbprint draft progressing through the process, we have two > remaining individual drafts to decide what to do with. The options include: > 1) adopt as working group drafts; 2) ask for AD sponsorship of individual > drafts; or 3) recommend that they not be published. Please express your > thoughts on what we should do with these drafts. Jim, Kathleen, and I would > like to make a decision in the Prague timeframe, so please respond by 15 > July. > > > > > https://tools.ietf.org/id/draft-jones-jose-jws-signing-input-options-00.txt > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fid%2fdraft-jones-jose-jws-signing-input-options-00.txt&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=PQVZxAOr28bkgjwqjjtnN5r%2f%2fB9JEnsd8JGWkdE%2fc1E%3d> > > > > > https://tools.ietf.org/id/draft-jones-jose-key-managed-json-web-signature-01.txt > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fid%2fdraft-jones-jose-key-managed-json-web-signature-01.txt&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JjKwmnM113pD8JBnlLyEUam5O%2fVYeoFdhi%2ff0xgsH5I%3d> > > > > Thanks, > > Karen > > _______________________________________________ > jose mailing list > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=QToiRUC5bprgKcShT345YDZoEXMsk7YFhJZnWUNUJCc%3d> > > > _______________________________________________ > jose mailing list > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=QToiRUC5bprgKcShT345YDZoEXMsk7YFhJZnWUNUJCc%3d> > > > > > > -- > > Nat Sakimura (=nat) > > Chairman, OpenID Foundation > http://nat.sakimura.org/ > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fnat.sakimura.org%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=FPRICyKxNVxCJjahArzhl0zIXhtTl6mXUDFXCv%2fzXgw%3d> > @_nat_en > > > > _______________________________________________ > jose mailing list > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fjose&data=01%7c01%7cMichael.Jones%40microsoft.com%7c38da69e6a267492c07c408d28e72b608%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=QToiRUC5bprgKcShT345YDZoEXMsk7YFhJZnWUNUJCc%3d> > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- Re: [jose] way forward for two remaining drafts Brian Campbell
- [jose] way forward for two remaining drafts Karen O'Donoghue
- Re: [jose] way forward for two remaining drafts Anders Rundgren
- Re: [jose] way forward for two remaining drafts Phillip Hallam-Baker
- Re: [jose] way forward for two remaining drafts Martin Thomson
- Re: [jose] way forward for two remaining drafts Mike Jones
- Re: [jose] way forward for two remaining drafts Mike Jones
- Re: [jose] way forward for two remaining drafts Kathleen Moriarty
- Re: [jose] way forward for two remaining drafts Nat Sakimura
- Re: [jose] way forward for two remaining drafts John Bradley
- Re: [jose] way forward for two remaining drafts Axel.Nennker
- Re: [jose] way forward for two remaining drafts nov matake
- Re: [jose] way forward for two remaining drafts Prabath Siriwardena
- Re: [jose] way forward for two remaining drafts Edmund Jay
- Re: [jose] way forward for two remaining drafts Kathleen Moriarty
- Re: [jose] way forward for two remaining drafts Anders Rundgren
- Re: [jose] way forward for two remaining drafts Phillip Hallam-Baker
- Re: [jose] way forward for two remaining drafts Edmund Jay
- Re: [jose] way forward for two remaining drafts Salvatore D'Agostino
- Re: [jose] way forward for two remaining drafts George Fletcher
- Re: [jose] way forward for two remaining drafts Prabath Siriwardena
- Re: [jose] way forward for two remaining drafts Prabath Siriwardena
- Re: [jose] way forward for two remaining drafts Axel.Nennker
- Re: [jose] way forward for two remaining drafts hideki nara
- Re: [jose] way forward for two remaining drafts HAYASHI, Tatsuya
- Re: [jose] way forward for two remaining drafts Nat Sakimura
- Re: [jose] way forward for two remaining drafts Mike Jones
- Re: [jose] way forward for two remaining drafts Matias Woloski
- Re: [jose] way forward for two remaining drafts Wendy Seltzer
- Re: [jose] way forward for two remaining drafts Mike Jones
- [jose] Consensus calls for signing-input-options … Karen O'Donoghue