IETF
jose@jabber.ietf.org
Monday, April 29, 2013< ^ >
stpeter has set the subject to: JOSE WG | https://datatracker.ietf.org/wg/jose/
Room Configuration
Room Occupants

GMT+0
[15:00:06] jimsch1 joins the room
[15:03:35] richard.barnes joins the room
[15:03:47] <richard.barnes> <yawn>
[15:17:02] Sean Turner joins the room
[15:17:48] Karen O'Donoghue joins the room
[15:26:31] richard.barnes leaves the room
[15:26:36] tux joins the room
[15:26:41] <tux> why hello there!
[15:26:50] <tux> jaeger shots, anyone?
[15:29:46] m&m joins the room
[15:45:59] <Karen O'Donoghue> so… i was thinking we would use the webex chat for primary conversations and i would monitor this room for anyone having issues with the webex… do we want to move all the chat over to here… (I'm fine either way...)
[15:46:34] <tux> oh, oops
[15:46:46] <tux> i'm just not a huge fan of the webex chat interface :)
[15:48:18] <tux> OCTET STRING json
[15:50:25] sftcd joins the room
[16:20:15] stpeter joins the room
[16:20:29] <stpeter> are we using etherpad for minutes?
[16:27:57] <sftcd> where be etherpad?
[16:28:48] <stpeter> Jim is taking notes via emacs, which is clearly wrong because vi is superior :P
[16:29:10] <Sean Turner> wait vim is better I heard ;)
[16:29:27] <sftcd> so yes, someone in the room having a pad would be good for us remotees
[16:33:54] <stpeter> we can do http://etherpad.tools.ietf.org:9003/p/notes-interim-jose?useMonospaceFont=true
[16:36:12] <sftcd> now all's needed is a pad-scribe:-)
[16:36:58] sftcd leaves the room
[16:37:09] sftcd joins the room
[16:42:23] <stpeter> sftcd: I'm scribing to some extent
[16:42:35] <sftcd> seeing and appreciating
[16:42:57] <sftcd> will be handy for me in a while as i'll have to drop out for a bit
[16:43:03] <sftcd> so thanks!
[16:43:10] <stpeter> oh
[16:43:17] <stpeter> Karen created http://tid.isoc.org:9001/p/jose-interim-apr2013 in parallenl
[16:43:19] <stpeter> parallel
[16:44:44] <Karen O'Donoghue> ignore me… go with peter… always good advice… :-)
[16:44:53] <stpeter> using http://etherpad.tools.ietf.org:9003/p/notes-interim-jose?useMonospaceFont=true
[16:45:04] <stpeter> just for you folks keeping track at home
[16:45:23] stpeter has set the subject to: JOSE WG | https://datatracker.ietf.org/wg/jose/ | Interim meeting April 29-30, pad at http://etherpad.tools.ietf.org:9003/p/notes-interim-jose
[16:46:31] <stpeter> Hannes references http://tools.ietf.org/html/rfc4962
[16:47:47] <stpeter> http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-http-mac/
[17:07:47] resnick joins the room
[17:11:46] Hannes Tschofenig joins the room
[17:12:09] <Hannes Tschofenig> Btw, there is more noise on the line; is the microphone next to a laptop fan?
[17:12:15] <Sean Turner> btw - there was a glare at richard wrt to json path
[17:12:47] <Karen O'Donoghue> hows that? (re sound)
[17:15:22] <Hannes Tschofenig> I think it is better now
[17:18:36] <Hannes Tschofenig> It would be interesting to survey some libraries to see what they have actually implemented.
[17:19:42] <Hannes Tschofenig> Regarding the key store: As long as we do not assume that the keys are fetched from some other servers.
[17:29:37] <Hannes Tschofenig> Now, the noise is back
[17:29:40] <Hannes Tschofenig> Did you change anything?
[17:29:50] <m&m> hrmph … no
[17:30:06] <m&m> sound: any better?
[17:30:09] <resnick> Much.
[17:30:10] <Hannes Tschofenig> better
[17:34:03] <tux> SHOULD include a key identifier, unless pre-negotiated
[17:34:10] <tux> Recipient MUST fail if no key identifier and no externally provided key
[17:34:49] <Hannes Tschofenig> I would indeed like to have the example with kid
[17:36:19] <stpeter> Hannes Tschofenig: yes, and Mike said he would include some
[17:37:07] sftcd leaves the room
[17:37:20] sftcd joins the room
[17:37:35] <tux> http://trac.tools.ietf.org/wg/jose/trac/ticket/11
[17:39:07] <Hannes Tschofenig> noise again
[17:39:20] <resnick> Especially with Mike.
[17:39:22] <stpeter> Hannes Tschofenig: only noise?
[17:39:37] <sftcd> sounds like someone leaning on mic
[17:39:49] <resnick> I think what you're hearing is the mic trying to pick up far away sounds.
[17:39:50] <Hannes Tschofenig> I can still hear people talking but there is more noise than previously
[17:40:03] <stpeter> Hannes Tschofenig: the air conditioning kicked in
[17:40:08] <stpeter> Hannes Tschofenig: that might be part of the problem
[17:40:51] <Sean Turner> yeah it's definitely on and we need it
[17:41:22] <Hannes Tschofenig> heated discussions, I understnd
[17:41:32] <stpeter> :)
[17:59:51] tux leaves the room
[18:00:20] <Karen O'Donoghue> we're taking a lunch break…
[18:00:22] <Sean Turner> okay so we're going to come back shortly after 1pm mountain
[18:00:28] <Sean Turner> utc -6
[18:00:36] <resnick> Excellent. I will seek out food as well.
[18:00:38] <sftcd> have fun then be too late for me, sounds like good progress
[18:01:21] <Hannes Tschofenig> I am not sure I will stay that long...
[18:01:33] sftcd leaves the room
[18:01:44] jimsch1 leaves the room
[18:02:16] <Hannes Tschofenig> 1 pm — that's in 2 hours!
[18:02:31] <Hannes Tschofenig> Is that correct?
[18:02:38] <stpeter> 1 hour
[18:02:46] Sean Turner leaves the room
[18:02:53] <stpeter> so restart 1 hour from now
[18:11:20] stpeter leaves the room
[18:13:46] stpeter joins the room
[19:05:43] stpeter waits for activity in the chatroom before returning to the physical room...
[19:07:43] <resnick> Are we running late back from lunch?
[19:07:52] <stpeter> it seems
[19:08:03] <stpeter> I stayed at my desk and worked on what they pay me to do ;-)
[19:08:48] <stpeter> guess I'll wander over to the conference room and see what's happening
[19:23:06] <Karen O'Donoghue> we're just back… slow service at lunch…
[19:23:16] <stpeter> resnick: are you AFK? sent you some IMs in another window :-)
[19:23:31] <Karen O'Donoghue> we'll start in a couple of minutes…
[19:26:10] <resnick> I'm here.
[19:26:22] <resnick> Sounds like our jabber servers are not playing well together again.
[19:26:37] Sean Turner joins the room
[19:28:50] Sean Turner leaves the room
[19:28:58] Sean Turner joins the room
[19:29:23] ekr joins the room
[19:31:38] tux joins the room
[19:34:33] <resnick> Once everyone is settled, can you just run through (here or by voice) who is in the physical room?
[19:35:28] <resnick> Thanks.
[19:43:42] jimsch1 joins the room
[19:52:47] <Hannes Tschofenig> I am wondering why we need this functionality at all
[19:53:03] <Hannes Tschofenig> What is the use case for it?
[19:53:11] <resnick> Which functionality? Multiple recipients?
[19:53:21] <ekr> what functionality?
[19:53:29] <Hannes Tschofenig> Multiple recipients
[19:54:28] <resnick> For any use case where I am sending a hunk of data (XMPP, etc.), not having to encrypt the same data twice is good.
[19:55:04] <Hannes Tschofenig> Is XMPP the use case?
[19:55:18] <Hannes Tschofenig> These cases sound good but are rarely used.
[19:56:04] <resnick> Are you asking for specific cases where we know that someone currently wants to write code?
[19:56:12] <resnick> Or classes of use cases?
[19:57:02] <Hannes Tschofenig> Yes, I would like to know whether there is a real use case or whether this is one of those "wouldn't it be nice to" features
[19:58:06] <resnick> Well, there are things in between those two extremes. There are certainly easily imaginable important use cases for which I know of nobody currently writing code. That's not just "wouldn't it be nice".
[19:59:32] <Hannes Tschofenig> I am not sure what you are saying. Why we are writing a use case document when we randomly put features together. Then, why don't we just copy the functionality of CMS over to JSON entirely
[20:00:46] <resnick> Use case documents normally have use cases we are designing for, not necessarily ones we already know of coders ready-and-waiting for.
[20:01:50] <ekr> q+
[20:07:44] <resnick> <snark>And figuring this out is easier than just doing the JSON canonicalization?</snark?> :-)
[20:07:47] <m&m> Michael Jones is drawing on the whiteboard ...
[20:08:47] <resnick> brb
[20:08:48] <jimsch1> But everyone except me says canonicalization is really evil
[20:08:48] <stpeter> Karen O'Donoghue: I stopped sharing and made you the presenter again
[20:11:26] <resnick> back
[20:12:07] <resnick> What did I miss?
[20:12:17] <Sean Turner> still on the same thing
[20:12:22] <jimsch1> rehash of
[20:27:09] <ekr> the restrictions I proposed on #2 are: (1) a list of attributes which MUST be in the integrity-protected list (2) no attribute may appear on both lists and the recipient MUST fail verification if one does.
[20:27:54] <tux> ekr: (2) could also be "integrity protected list overwrites non-protected"
[20:29:04] <ekr> tux: it could be.
[20:29:12] <ekr> but my preference would to fail fast
[20:30:20] ekr leaves the room
[20:31:55] ekr joins the room
[20:41:09] <stpeter> {
    data: "..."
    signatures: {
        [
            jwk: "..."
            sig: "..."
            signed_attributes: base64({"alg":"PSS+SHA256"})
        ]
    }
[20:41:18] <stpeter> that is what's on the whiteboard
[20:41:53] <stpeter> the etherpad is http://etherpad.tools.ietf.org:9003/p/notes-interim-jose
[20:42:00] <ekr> I am here
[20:49:49] <ekr> are we discussion 2 or 2+ (With my modifications)
[20:50:07] <stpeter> 2+
[20:50:26] <ekr> Did I hear a proposal to profile down the compact serialization?
[20:50:30] <stpeter> ekr: the chat is about what's on the whiteboard here
[20:50:34] <ekr> Like maybe multiple signatures?
[20:50:40] <ekr> sorry, maybe ban
[20:50:44] <stpeter> corrected syntax:
{
    data: "...",
    signatures: {
        [{
            jwk: "...",
            sig: "...",
            signed_attributes: base64({"alg":"PSS+SHA256"})
        }]
    }
}
[20:50:49] <ekr> s/signatures/recipients/
[20:51:06] <Sean Turner> yeah for the compact that would maybe do it
[20:51:37] tux leaves the room
[20:51:57] <resnick> So do you need any signed attributes in the encryption case?
[20:53:24] <Karen O'Donoghue> header —> authenticated_attrs
[20:54:51] <resnick> No, I was asking: For JWE case, are there any attributes that need to be protected?
[20:55:08] <jimsch1> Potentially things like the inner content type, audience, issuer
[20:55:18] tux joins the room
[20:55:52] <resnick> ack
[20:56:00] <Karen O'Donoghue> sorry… i was typing richard's board stuff… but stopped because peter is doing it in ether pad..
[20:56:49] <stpeter> actually Matt typed that (he's green, I'm orange or coral or whatever you'd call that)
[20:57:21] <Karen O'Donoghue> true… (thanks Matt…)
[20:57:54] <resnick> @karen: No worries. Being momentarily confused is not an unfamiliar state to me.
[21:18:05] ekr leaves the room
[21:32:25] tux leaves the room
[21:42:36] resnick leaves the room
[21:47:14] ekr joins the room
[21:47:25] resnick joins the room
[21:47:32] ekr leaves the room
[21:48:36] <resnick> I'm jumping off the call soon. Anything for which y'all want me present? Nothing else on the agenda jumps out at me.
[21:49:07] tux joins the room
[21:59:34] Hannes Tschofenig leaves the room
[22:22:37] Hannes Tschofenig joins the room
[22:28:59] <tux> All keys in a JWK set MUST have distinct "kid" values, except if the JWKs represent equivalent keys in different formats
[22:29:05] <tux> If a "jku" value refers to a JWK set with more than one key, then the object MUST also include a "kid" value indicating which keyis in use
[22:32:43] stpeter leaves the room
[22:40:54] ekr joins the room
[22:51:25] Hannes Tschofenig leaves the room
[22:52:53] jimsch1 leaves the room
[22:54:58] tux leaves the room
[22:55:11] Karen O'Donoghue leaves the room
[22:58:35] Sean Turner leaves the room
[23:09:12] m&m leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!