Not to have technical discussion on the agenda thread, but: That seems like a decision for application designers to make. They can always choose to protect everything. --Richard
On Sat, Apr 27, 2013 at 4:34 PM, Mike Jones <[email protected]>wrote: > Adding missing word … “when applications are free to add header > parameter values (which they now are), it’s essentially impossible to know > *what* needs to be protected, in the general case”.**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Mike Jones > *Sent:* Saturday, April 27, 2013 1:05 PM > *To:* Richard Barnes; Jim Schaad > > *Cc:* [email protected] > *Subject:* Re: [jose] Preliminary Agenda for Interim Meeting**** > > ** ** > > Richard, it would be good if you could update your slides to reflect > JWE-10, which should now be what’s on your “State of the Art” and “Current > -09” slides. You should say that -10 it is compatible with all major AEAD > algorithms and no longer say that the current format causes GCM nonce > re-use.**** > > ** ** > > FYI, -10 uses what you called the “Everyone Together” approach.**** > > ** ** > > In your “Only what’s needed” slide, you should point out that when > applications are free to add header parameter values (which they now are), > it’s essentially impossible to know needs to be protected, in the general > case.**** > > ** ** > > Cheers,**** > > -- Mike**** > > ** ** > > *From:* [email protected] > [mailto:[email protected]<[email protected]>] > *On Behalf Of *Richard Barnes > *Sent:* Saturday, April 27, 2013 11:40 AM > *To:* Jim Schaad > *Cc:* [email protected] > *Subject:* Re: [jose] Preliminary Agenda for Interim Meeting**** > > ** ** > > Dear chairs,**** > > ** ** > > As I suggested earlier, I think we should organize this meeting around the > few big questions we need to get resolved, from which the answers to > individual issues will follow. So I would like to propose that we > re-organize the agenda in the following way:**** > > ** ** > > 1. Mon. AM: Which fields are required / how to handle pre-negotiation? ** > ** > > 2. Mon. PM: How should header parameter integrity protection be done?**** > > 3. Tue. AM: How should we do key wrapping, for JWE, JWS, and beyond?**** > > 4. Tue. PM: Review / close issues and wrap up**** > > **** > > Also, Based on some side discussions, I've put together some slides that > try to summarize the state of the art and proposals for (2).**** > > < > https://docs.google.com/presentation/d/1HlBYEiwBFYUBA5751Q8U1GXD-W0cgdCZwpVMRdUkK2c/edit?usp=sharing > >**** > > ** ** > > Thanks,**** > > --Richard**** > > ** ** > > ** ** > > On Mon, Apr 15, 2013 at 9:18 PM, Jim Schaad <[email protected]> > wrote:**** > > The chairs have posted their first cut at an agenda for the Interim > meeting.**** > > **** > > It can be found at > http://www.ietf.org/proceedings/interim/2013/04/29/jose/agenda/agenda-interim-2013-jose-1 > **** > > **** > > **** > > Jim**** > > **** > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
