These review comments have been addressed in the -34 draft.
Thanks again,
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Mike Jones
Sent: Monday, September 29, 2014 3:18 PM
To: Barry Leiba; The IESG
Cc: [email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: Re: [jose] Barry Leiba's No Objection on
draft-ietf-jose-json-web-algorithms-32: (with COMMENT)
I’ve added the working group to this thread so they're aware of your comments.
Replies are inline below…
-----Original Message-----
From: Barry Leiba [mailto:[email protected]]
Sent: Thursday, September 25, 2014 7:33 AM
To: The IESG
Cc: [email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: Barry Leiba's No Objection on draft-ietf-jose-json-web-algorithms-32:
(with COMMENT)
Barry Leiba has entered the following ballot position for
draft-ietf-jose-json-web-algorithms-32: No Objection
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I have one comment. I'm making it non-blocking, but I think it really does
need to be clarified, so please chat with me about it:
-- Section 7.1 --
The implementation requirements of an algorithm MAY be changed over
time by the Designated Experts(s) as the cryptographic landscape
evolves, for instance, to change the status of an algorithm to
Deprecated, or to change the status of an algorithm from Optional to
Recommended+ or Required. Changes of implementation requirements are
only permitted on a Specification Required basis, with the new
specification defining the revised implementation requirements level.
1 (minor). The "MAY" does not refer to a protocol option, and I think it should
not be a 2119 key word.
Agreed
2 (the real point). I don't understand how the two sentences relate to each
other. The first sentence seems to say that the DE(s) can change
implementation requirements on their own. The second says it has to be done
using Specification Required (which doesn't really need to be said, as that's
the policy for the registry anyway).
Which is it? If it's Specification Required, then anyone can propose a change,
using a specification, and the DE(s) will review that as they do any other
registration request.
The intent is for both to be required – that a specification be written
proposing the change and the designated experts approve the change. I can look
into a wording change to make this clearer when the document is next revised.
This comment also applies to Sections 7.4 and 7.6.
Noted.
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
