Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

[Mike Jones]

A slight wording change from “recipients” to “parsers” to clarify the intent 
has been made in the -34 drafts as a result of Pete Resnick’s comments on the 
JWK draft.  Otherwise, this language as been left as-is.

                                                            -- Mike

From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Monday, October 06, 2014 12:54 AM
To: Kathleen Moriarty; Stephen Farrell
Cc: The IESG; jose-cha...@tools.ietf.org<mailto:jose-cha...@tools.ietf.org>; 
draft-ietf-jose-json-web-...@tools.ietf.org<mailto:draft-ietf-jose-json-web-...@tools.ietf.org>;
 jose@ietf.org<mailto:jose@ietf.org>
Subject: RE: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: 
(with DISCUSS and COMMENT)

[Adding the working group to this thread so they’re aware of the discussion 
between our Security Area Directors on this]

From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com]
Sent: Thursday, October 02, 2014 5:30 AM
To: Stephen Farrell
Cc: The IESG; jose-cha...@tools.ietf.org<mailto:jose-cha...@tools.ietf.org>; 
draft-ietf-jose-json-web-...@tools.ietf.org<mailto:draft-ietf-jose-json-web-...@tools.ietf.org>
Subject: Re: Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: 
(with DISCUSS and COMMENT)



On Thu, Oct 2, 2014 at 8:20 AM, Stephen Farrell 
<stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>> wrote:

sorry forgot about that...

On 02/10/14 13:04, Kathleen Moriarty wrote:
> Yes, I mentioned the duplicate member name discussion in a couple of
> the draft's ballot text.  There isn't really a great answer at this
> time unfortunately.  This particular item came up in my AD review as
> well as in a SecDir review.  It took some digging, but the problem is
> at least better understood now.  There may be a way to fix it with a
> draft that updates if I-JSON turns out to be a good way to handle
> this.  The problem is deployed code.  I flagged it in case anyone in
> the IESG had an opinion.  I'd love to see the right thing get done,
> but it may have to wait for a draft that updates these.  Opinions are
> welcome.

At a comment level, I'd say leave things as they are. Adding the
I-JSON requirement would be premature I think as its not clear if
libraries etc will or won't adopt that. If they don't then it'd
be a meaningless requirement. If however, I-JSON does take off then
JOSE code will be fine anyway without changing.

Thanks, Stephen.  I'm leaning the same way for now.  It looks like Pete hit 
this in a discuss, but just requesting a wording change as opposed the the more 
extensive changes discussed on list.  I'll follow up to his message.

S.



--

Best regards,
Kathleen

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose