FWIW, I believe that John Bradley's, Ryo Ito's, and Dick Hardt's responses are
also incorrectly tallied below, the caveats on Breno de Medeiros' "B" are
missing, and Chuck Mortimore's response is missing. I believe that their
responses were:
N Y A Campbell
N Y A Bradley
N Y A Ito
Y Y C Hardt (Dick changed his answer on 3)
Y Y B* de Medeiros (*B if the new header can be omitted,
so that 3-component JWTs are still valid. I don't support this option if
backwards-incompatible.)
Y Y A Mortimore
By my count, this would bring the answers to date on the first question to:
16 "yes"
10 "no"
FWIW
And yes, the IETF doesn't vote... :) I'm sure we'll have an interesting
discussion after the polling period is over on Monday. As for me, I have been
actively thinking about how to meet everyone's perceived needs, but will hold
off on that until after Monday.
Take care,
-- Mike
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Brian Campbell
Sent: Friday, February 08, 2013 3:35 PM
To: Richard Barnes
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [jose] Header criticality -- hidden consensus?
FWIW, I didn't see my name on the tabulation but I did 'vote'
http://www.ietf.org/mail-archive/web/jose/current/msg01461.html
On Fri, Feb 8, 2013 at 4:11 PM, Richard Barnes
<[email protected]<mailto:[email protected]>> wrote:
We're 24 votes into the header criticality poll, so I thought I would go ahead
and take a look at how the results are shaping up. My initial tabulation is
below. The result on the FIRST POLL (the main one) is as follows:
No: 10
Yes: 14
What I find striking, however, is that every single person that voted "Yes" on
the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody who thinks that
all headers should be critical thinks that a JOSE library should actually be
required to enforce this constraint. And that means that enforcing that all
headers are supported cannot be a MUST according to RFC 2119.
So I wonder if there's consensus to remove the following text from JWE and JWS:
-----BEGIN-JWE-----
4. The resulting JWE Header MUST be validated to only include
parameters and values whose syntax and semantics are both
understood and supported.
-----END-JWE-----
-----BEGIN-JWS-----
4. The resulting JWS Header MUST be validated to only include
parameters and values whose syntax and semantics are both
understood and supported.
-----END-JWS-----
Otherewise, a JOSE library conforming to these specifications would be REQUIRED
(a synonym to MUST in 2119) to reject a JWE/JWS that contains an unknown
header, contradicting all those "Yes" votes on the SECOND POLL.
--Richard
-----BEGIN-Tabulation-----
1 2 3 Name:
N - - Bradley
N - - Ito
N N A Yee
N N B Barnes
N N B Rescorla
N N C Manger
N N C Octman
N Y A Fletcher
N Y A Miller
N Y A Sakimura
Y Y - D'Agostino
Y Y A Biering
Y Y A Brault
Y Y A Hedberg
Y Y A Jay
Y Y A Jones
Y Y A Marais
Y Y A Nadalin
Y Y A Nara
Y Y A Nennker
Y Y A Solberg
Y Y B Hardt
Y Y B Medeiros
Y Y C Matake
Y Y C Mishra
-----END-Tabulation-----
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
