RFC 5116 is used in the JWA security considerations. I believe that security
considerations are normative, correct? (RESPONSE TO THIS QUESTION REQUESTED)
Otherwise this can be moved to the set of informative references.
The "Specification Required" in RFC 5226 is required to be understood by people
registering registry values, and therefore seems normative to me - at least for
those using the registry. This imposes a normative requirement on
specification writers.
draft-mcgrew-aead-aes-cbc-hmac-sha2 is definitely not required by implementers,
since all the relevant normative content has been copied into JWA. The
reference is there for background or historical reasons only - clearly fitting
the criteria for informative references. In fact, the draft appears to have
been abandoned - having expired, despite specific requests for specific changes
that would make it more JOSE-friendly having been communicated to the author
quite a while ago.
What specific references in JWS do you believe will not be present in the final
text? If the will not be present in the final text, I agree that they should
be non-normative.
Yes, section 15.12 (The JSON Object) of ECMAScript must be understood by
implementers, since it specifies the "lexically last duplicate member name"
semantics, which are required by JOSE.
RFC 3986 defines URI and the specs use URIs - therefore I believe that this is
a normative reference.
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Jim Schaad
Sent: Friday, February 07, 2014 2:14 PM
To: [email protected]
Subject: [jose] Issue #90 - Section 9 References
I'll start with a quote from the RFC Editor "Instructions to Request for
Comments (RFC) Authors"
Normative references specify documents that must be read to understand or
implement the technology in the new RFC, or whose technology must be present
for the technology in the new RFC to work. An informative reference is not
normative; rather, it provides only additional information. For example, an
informative reference might provide background or historical information.
Material in an informative reference is not required to implement the
technology in the RFC.
Based on the above criteria, there are a number of references which I believe
are not in the correct bucket. I would ask the authors to review this prior to
WGLC ending and re-evaluate based on the above criteria
Examples of things that I think are misplaced:
Algorithms draft -
- RFC 5116 - this reference is going to disappear since it is just
used in the changes section.
- RFC 5226 - Don't know why implementers would ever care about this
- McGrew-aed-aes-cbc-hmac-sha2 - you need to know how to do this in
order to implement - thus it should be normative
Signature Draft
- Some of the drafts here are not reference in long term text
Is ECMAScript something that needs to be understood?
Is 3986 really a normative reference?
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
