I guess my problem with changing "Prohibited" to "Prohibited for JWS and JWE"
is that then to be parallel we'd need to change "Required" to one of "Required
for JWS", "Required for JWE", or "Required for JWS and JWE", depending up
context, change "Recommended"..., change "Optional"..., change "Deprecated"...,
etc. It wouldn't change the meaning at all and it would add a lot of
unnecessary verbal clutter.
This wouldn't just affect "Prohibited".
I'd much rather handle this a different way, and change the registry field name
from "Implementation Requirements" to "JOSE Implementation Requirements",
rather than qualifying every registry field value in a complicated way - that
is, if people really believe that a change would be an improvement.
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Richard Barnes
Sent: Wednesday, December 18, 2013 3:42 PM
To: Karen ODonoghue
Cc: [email protected]
Subject: Re: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms
for JWK
I'm with Jim and Karen on this one.
On Wed, Dec 18, 2013 at 4:42 PM, Karen O'Donoghue
<[email protected]<mailto:[email protected]>> wrote:
True, but, is there any harm in making the term clearer as well? I don't see
one...
Karen
On 12/13/13 11:53 PM, Mike Jones wrote:
The meaning of "Prohibited" is already clear.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18#section-7.1.1
says:
Any identifiers registered for non-authenticated encryption algorithms
or other algorithms that are otherwise unsuitable for direct use
as JWS or JWE algorithms must be registered as "Prohibited".
I don't think a change is needed.
-- Mike
From: jose [mailto:[email protected]] On Behalf Of Mark Watson
Sent: Friday, December 13, 2013 5:43 PM
To: Jim Schaad
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [jose] Issue #187 - Allow registration of non-JWE/JWS algorithms
for JWK
Yes, I think it would be clearer to change or quality the term. "JWK only" or
"Key Transport Only" or "Prohibited for JWE/JWS" could all work.
FYI, the WebCrypto registrations are not in the Editor's Draft at
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html, though
there remains the question of whether we could register an Array format instead
of a string for JWK, as per my earlier mail (comments please!).
...Mark
On Fri, Dec 13, 2013 at 5:00 PM, Jim Schaad
<[email protected]<mailto:[email protected]>> wrote:
Minor question before I close this bug.
Is there any sentiment to use a term that is not quite as "nasty" as
"Prohibited" in the registration record. Specifically something along the
lines of "Key Transport Only".
Jim
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose