Re: [jose] Feedback request on jose tracker issue #8: Should we add a "spi" header field?

Mon, 15 Apr 2013 10:45:27 -0700 

Use of "spi" is one such possible "switch".  Use of the OAuth Dynamic Client 
Registration specification to obtain keys or key references is another.  Other 
applications may choose exchange the keys other ways.

The "switch" doesn't have to be a JOSE protocol element.  Although you could 
consider the lack of a key indicator in the JOSE header to be a clear 
indication in the JOSE protocol elements that the switch has been thrown, 
meaning that it's up to the application to use its logical to determine which 
key(s) to use - which is a normal use case.

                                                            -- Mike

From: [email protected] [mailto:[email protected]] On Behalf Of Richard 
Barnes
Sent: Monday, April 15, 2013 10:37 AM
To: [email protected]
Cc: [email protected]
Subject: Re: [jose] Feedback request on jose tracker issue #8: Should we add a 
"spi" header field?

2 or 3

All of the "1" responses are missing the point of SPI -- if you want to be able 
to omit fields (as people seem to want to do), then you need a switch to turn 
off "stand-alone mode".

So responding "1" here is the same as responding "1" on the ISSUE-15 poll, that 
at least one key indicator MUST be present.


On Thu, Apr 11, 2013 at 7:58 PM, Karen O'Donoghue 
<[email protected]<mailto:[email protected]>> wrote:
Issue #8 http://trac.tools.ietf.org/wg/jose/trac/ticket/8 proposes adding an 
"spi" (security parameters index) header parameter to the JWS and JWE 
specifications.  This modification to the JOSE formats would allow for 
signaling that pre-negotiated cryptographic parameters are being used, rather 
than including those parameters in the JWS or JWE header.  This proposal has 
been written up as http://tools.ietf.org/html/draft-barnes-jose-spi-00.

Which of these best describes your preferences on this issue?
1.  Have draft-barnes-jose-spi remain a separate specification that could 
optionally also be supported by JWS and JWE implementations.
2.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as a 
mandatory feature.
3.  Incorporate draft-barnes-jose-spi into the JWS and JWE specifications as an 
optional feature.
4.  Another resolution (please specify in detail).
0.  I need more information to decide.
Your reply is requested by Friday, April 19th or earlier.

_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to