Hi Joel. Thanks for looking this over again. Section 3.4 was added in
response to Adam Montville's SecDir comments, in which his focus was on cases
where the hash function didn't have to be known to multiple parties. I guess
it's only fair that you focus on the cases where it does. ;-)
Currently the case you're interested in is covered by the last sentence in 3.4,
which reads:
"Only if multiple parties will be reproducing the JWK Thumbprint calculation
for some reason, will parties other than the original producer of the JWK
Thumbprint need to know which hash function was used."
I could strength this by making it its own paragraph, saying this:
"However, in some cases multiple parties will be reproducing the JWK Thumbprint
calculation and comparing the results. In these cases, the parties will need
to know which hash function was used and use the same one."
Would that work for you, or do you have alternative wording to suggest?
Thanks again,
-- Mike
-----Original Message-----
From: Joel Halpern [mailto:j...@joelhalpern.com]
Sent: Monday, July 06, 2015 6:18 AM
To: A. Jean Mahoney; General Area Review Team;
draft-ietf-jose-jwk-thumbprint....@tools.ietf.org
Subject: Re: [Gen-art] review: draft-ietf-jose-jwk-thumbprint-05
The document is nearly ready for publication as a Proposed Standard.
Upon re-review, the addition of section 3.4 raises a question of clarity. As
written, the text says that the hash function matters only to the original
thumbprint provider. Should there be a little bit of text talking about the
need for the hash function to be the same for thumbprints to be comparable, or,
phrased alternatively, that thumbprints with different hashes must not be
compared? If there were no need for consistent production of the thumbprint,
there would be no need for a Proposed Standard for the document.
Yours,
Joel
The new section 3.4
On 6/19/15 12:06 PM, Joel M. Halpern wrote:
> I am the assigned Gen-ART reviewer for this draft. For background on
> Gen-ART, please see the FAQ at
>
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>
> Please resolve these comments along with any other Last Call comments
> you may receive.
>
> Document: draft-ietf-jose-jwk-thumbprint-05
> JSON Web Key (JWK) Thumbprint
> Reviewer: Joel M. Halpern
> Review Date: 19-June-2015
> IETF LC End Date: N/A
> IESG Telechat date: N/A
>
> Summary: The internet draft is ready for publication as a Proposed
> Standard.
>
> [Note to readers:
> This review is provided because the spreadsheet said so. The draft
> appears not to be in last call yet.
> Also, this reviewer did not attempt to second-guess the design choices
> made by the WG. The choices are well-explain, and I understand it to be
> the WGs job to make them.]
>
> Major issues: N/A
>
> Minor issues: N/A
>
> Nits/editorial comments: N/A
>
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art
>
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
