I'm going to push back on combining this draft with other COSE-related drafts.
In my experience, drafts that are focused and do one thing well progress more
quickly to RFCs than drafts that try to do multiple things, even if related.
I will commit to following and commenting on the related work.
Best wishes,
-- Mike
-----Original Message-----
From: Henk Birkholz <[email protected]>
Sent: Monday, July 10, 2023 10:12 AM
To: Thomas Fossati <[email protected]>; Orie Steele <[email protected]>
Cc: rats <[email protected]>; scitt <[email protected]>; cose <[email protected]>; Michael
Jones <[email protected]>
Subject: Re: [COSE] [Rats] `typ` header parameter for cose
I can nothing but to reinforce that notion! :-)
On 10.07.23 19:07, Thomas Fossati wrote:
> Hi Orie,
>
> very interesting. I think there is a strong overlap with the COSE
> profiles I-D that Henk presented in Yokohama. Is there maybe a way to
> merge the two efforts?
>
> cheers, t
>
> On Mon, Jul 10, 2023 at 2:37 PM Orie Steele
> <[email protected]>
> wrote:
>
> Hello RATs & SCITT friends,
>
> I wanted to share a fresh draft with both lists.
>
>
> https://datat/
> racker.ietf.org%2Fdoc%2Fdraft-jones-cose-typ-header-parameter%2F&data=
> 05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf9f%7C84df9e7fe9f640afb435aa
> aaaaaaaaaa%7C1%7C0%7C638246059402849721%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C
> %7C%7C&sdata=vepuQ%2F79xASK5AXwX3p4AQSZ1G3T5GGXyF972cTXOuU%3D&reserved
> =0
> <https://data/
> tracker.ietf.org%2Fdoc%2Fdraft-jones-cose-typ-header-parameter%2F&data
> =05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf9f%7C84df9e7fe9f640afb435a
> aaaaaaaaaaa%7C1%7C0%7C638246059402849721%7CUnknown%7CTWFpbGZsb3d8eyJWI
> joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> C%7C%7C&sdata=vepuQ%2F79xASK5AXwX3p4AQSZ1G3T5GGXyF972cTXOuU%3D&reserve
> d=0>
>
> This draft is related to several topics that have been recently
> discussed:
>
> - structured suffixes such as +cwt and +cose
> -
>
> https://mailarchive.ietf.org/arch/msg/media-types/WYpYmm8kOuATyx7vSbjmpp7Xa4k
> <https://mailarchive.ietf.org/arch/msg/media-types/WYpYmm8kOuATyx7vSbjmpp7Xa4k/>
> -
>
> https://mailarchive.ietf.org/arch/msg/media-types/11DZ2sHMIy-4E52MrCp1Dy7IQg4
> <https://mailarchive.ietf.org/arch/msg/media-types/11DZ2sHMIy-4E52MrCp1Dy7IQg4/>
> - multiple suffixes -
> https://datatracker.ietf.org/doc/draft-ietf-mediaman-suffixes
> <https://datatracker.ietf.org/doc/draft-ietf-mediaman-suffixes/>
> - JWT BCP - https://datatracker.ietf.org/doc/html/rfc8725
> <https://datatracker.ietf.org/doc/html/rfc8725>
> - EAT -
>
> https://datat/
> racker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-rats-eat%23section-4.3&data=
> 05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf9f%7C84df9e7fe9f640afb435aa
> aaaaaaaaaa%7C1%7C0%7C638246059403318390%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C
> %7C%7C&sdata=mEIHQRMITIxJrDeu3czic4ft8D1dPHgAfARG9tYiqNA%3D&reserved=0
> <https://data/
> tracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-rats-eat%23section-4.3&data
> =05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf9f%7C84df9e7fe9f640afb435a
> aaaaaaaaaaa%7C1%7C0%7C638246059403318390%7CUnknown%7CTWFpbGZsb3d8eyJWI
> joiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> C%7C%7C&sdata=mEIHQRMITIxJrDeu3czic4ft8D1dPHgAfARG9tYiqNA%3D&reserved=
> 0>
>
> In particular, this section on explicit typing is relevant:
> https://datatracker.ietf.org/doc/html/rfc8725#section-3.11
>
> <https://data/
> tracker.ietf.org%2Fdoc%2Fhtml%2Frfc8725%23section-3.11&data=05%7C01%7C
> %7C3217fa06a8aa4f9f7e6408db8168cf9f%7C84df9e7fe9f640afb435aaaaaaaaaaaa
> %7C1%7C0%7C638246059403318390%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sda
> ta=z7Zguo5RR308PbJ%2F6EZmmcZte1IuyeqOBk1hY0udR5Y%3D&reserved=0>
>
> > Note that the use of explicit typing may not achieve
> disambiguation from existing kinds of JWTs,
> > as the validation rules for existing kinds of JWTs often do not
> use the "typ" Header Parameter value.
> > Explicit typing is RECOMMENDED for new uses of JWTs.
>
> There are cases where you might have used +jwt as a structured
> suffix to accomplish this for a new JWT type, but then not been able
> to do the same with +cwt.
>
> For example, imagine new token media types:
>
> application/foo+bar+jwt
> application/foo+bar+cwt
>
> If the `typ` draft above is successful,
>
> Processors will be able to rely on `typ: application/foo+bar+jwt`
> and `typ: application/foo+bar+cwt` consistently in both JOSE and COSE.
>
> This is probably more relevant to processors that have a high chance
> of confusing one token type for another, or that process many
> different token types.
>
> It's also possible this `typ` property might be used to secure none
> token formats, for example:
>
> application/foo+bar+jose
> application/foo+bar+cose
>
> Where the payload might already be using `cty` or `content_type`,
> for example,
> imagine you have an envelope format that secure a JSON or YAML payload,
> but has headers that need to be processed consistently, you might
> see this:
>
> typ: application/foo+yaml+jose
> cty: application/yaml
>
> typ: application/foo+json+cose
> content_type: application/json
>
> `typ` is for the type of the envelope, whereas `cty` and
> `content_type` are for the type of the `payload`.
>
> Ensuring similar interfaces exist on both sides makes upgrading to
> COSE easier.
>
> We welcome any feedback, including comments about why the JWT BCP's
> guidance should not be translated to CWT or other details we may
> have missed so far.
>
> Regards,
>
> OS
>
>
> --
>
>
> ORIE STEELE
> Chief Technology Officer
>
> http://www.tr/
> ansmute.industries%2F&data=05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf
> 9f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638246059403318390%7CU
> nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
> WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qFtRXhhaGfq6BgsvzwLRrWlXgEw2x1
> nGGJ6KnVnm3nU%3D&reserved=0
>
>
> <https://tran/
> smute.industries%2F&data=05%7C01%7C%7C3217fa06a8aa4f9f7e6408db8168cf9f
> %7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638246059403318390%7CUnk
> nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
> iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=BBM6a%2FWYRTgAjvuEG2zdjsPIL1R%2B
> 8fwiQk5V1Lattj0%3D&reserved=0>
>
> _______________________________________________
> RATS mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/rats
>
> <https://www/.
> ietf.org%2Fmailman%2Flistinfo%2Frats&data=05%7C01%7C%7C3217fa06a8aa4f9
> f7e6408db8168cf9f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6382460
> 59403318390%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMz
> IiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bfU4jPrkNQuRxv3
> Jgs%2Fui2VBNFHD4R%2BLi8%2BMnyVO5o4%3D&reserved=0>
>
>
>
> --
> Thomas
>
> _______________________________________________
> COSE mailing list
> [email protected]
> https://www.i/
> etf.org%2Fmailman%2Flistinfo%2Fcose&data=05%7C01%7C%7C3217fa06a8aa4f9f
> 7e6408db8168cf9f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63824605
> 9403318390%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
> iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1f4l9Pm%2BhxoNiT
> G37Qyq9iAN4si1GUhkVUj6%2F3fTwxY%3D&reserved=0
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
