Re: [jose] Header criticality -- hidden consensus?

[Mike Jones]

I think you're missing the point of the second poll question.  It's there to 
clarify that the requirement to validate the headers is one placed on the 
system as a whole - not solely on particular pieces of an implementation.  
Indeed, it's my understanding that IETF specs almost universally place 
requirements only on the protocol behaviors - not on how implementations must 
be factored.  In other words, it's normal for IETF specs to place constraints 
on the behavior of the system as a whole.  The text in the second poll question 
would just reinforce that this is so in this particular case.

Hope everyone has a good weekend!

                                                                -- Mike

From: jose-boun...@ietf.org [mailto:jose-boun...@ietf.org] On Behalf Of Richard 
Barnes
Sent: Friday, February 08, 2013 3:12 PM
To: jose@ietf.org
Subject: [jose] Header criticality -- hidden consensus?

We're 24 votes into the header criticality poll, so I thought I would go ahead 
and take a look at how the results are shaping up.  My initial tabulation is 
below.  The result on the FIRST POLL (the main one) is as follows:

No: 10
Yes: 14

What I find striking, however, is that every single person that voted "Yes" on 
the FIRST POLL also voted "Yes" on the SECOND POLL.  So nobody who thinks that 
all headers should be critical thinks that a JOSE library should actually be 
required to enforce this constraint.  And that means that enforcing that all 
headers are supported cannot be a MUST according to RFC 2119.

So I wonder if there's consensus to remove the following text from JWE and JWS:
-----BEGIN-JWE-----
   4.   The resulting JWE Header MUST be validated to only include
        parameters and values whose syntax and semantics are both
        understood and supported.
-----END-JWE-----
-----BEGIN-JWS-----
   4.  The resulting JWS Header MUST be validated to only include
       parameters and values whose syntax and semantics are both
       understood and supported.
-----END-JWS-----

Otherewise, a JOSE library conforming to these specifications would be REQUIRED 
(a synonym to MUST in 2119) to reject a JWE/JWS that contains an unknown 
header, contradicting all those "Yes" votes on the SECOND POLL.

--Richard



-----BEGIN-Tabulation-----
1       2       3    Name:
N       -       -    Bradley
N       -       -    Ito
N       N       A    Yee
N       N       B    Barnes
N       N       B    Rescorla
N       N       C    Manger
N       N       C    Octman
N       Y       A    Fletcher
N       Y       A    Miller
N       Y       A    Sakimura
Y       Y       -    D'Agostino
Y       Y       A    Biering
Y       Y       A    Brault
Y       Y       A    Hedberg
Y       Y       A    Jay
Y       Y       A    Jones
Y       Y       A    Marais
Y       Y       A    Nadalin
Y       Y       A    Nara
Y       Y       A    Nennker
Y       Y       A    Solberg
Y       Y       B    Hardt
Y       Y       B    Medeiros
Y       Y       C    Matake
Y       Y       C    Mishra
-----END-Tabulation-----

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose