Thanks for your review, Stephen. I'm adding the working group to the thread so they're aware of your comments.
> -----Original Message----- > From: Stephen Farrell [mailto:[email protected]] > Sent: Thursday, October 02, 2014 4:36 AM > To: The IESG > Cc: [email protected]; draft-ietf-jose-json-web- > [email protected] > Subject: Stephen Farrell's No Objection on draft-ietf-jose-json-web-signature- > 33: (with COMMENT) > > Stephen Farrell has entered the following ballot position for > draft-ietf-jose-json-web-signature-33: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > no-obj > > I think Pete is wrong about section 8 and would DISCUSS its > removal;-) Its needed for jku handling. Thanks for weighing in. FYI, it's also needed for x5u handling. I'll make sure that the wording appropriately scopes the requirements. > 4.1.2: TLS server auth is good here, but only makes sense if the jku parameter > itself was signed and there wasn't any odd HTTP 3xx re-direction and/or if the > authority in the jku value is reflected in the subject or SAN of the TLS > server cert. > Why is it ok to not include such detail? Is all of that correct and > appropriate in > 6125 (which I see you reference from section 9) Yes, I believe that this is handled by 6125, which is a virtual treatise on how to do this right. > 4.1.4: why isn't this case-sensitive still as in JWKs? (Is that a result of > lots of > copied text over >1 draft?) Good catch - thanks > 4.1.5-4.1.8: If all of that text is replicated elsewhere it should only be > included in > one and cross-referenced. It is cross-referenced in JWE Sections 4.1.7-4.1.10, rather than being duplicated. (It used to be duplicated, but we fixed that a while back.) Thanks again, -- Mike _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
