+1
From: jose [mailto:[email protected]] On Behalf Of Nat Sakimura Sent: Sonntag, 12. Juli 2015 19:32 To: Kathleen Moriarty Cc: Mike Jones; Karen O'Donoghue; [email protected] Subject: Re: [jose] way forward for two remaining drafts Sorry to chime in so late. I have been completely under water for sometime now. Like Phil, I do see that draft-jones-jose-jws-signing-input-options sort of thing can be very useful, though I may want to have slightly different way of encoding the things. Being able to do detached signature is quite attractive. Best, Nat 2015-07-10 2:37 GMT+09:00 Kathleen Moriarty <[email protected]<mailto:[email protected]>>: Hi, Sent from my iPhone On Jul 9, 2015, at 1:16 PM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: About https://tools.ietf.org/html/draft-jones-jose-jws-signing-input-options-00, I’ll add that this addresses the requests make by Jim Schaad and Richard Barnes in JOSE Issues #26 “Allow for signature payload to not be base64 encoded” and #23 http://trac.tools.ietf.org/wg/jose/trac/ticket/23 “Make crypto independent of binary encoding (base64)”. About https://tools.ietf.org/html/draft-jones-jose-key-managed-json-web-signature-01, I’ll add that this addresses the request made by Jim Schaad in JOSE Issue #2 http://trac.tools.ietf.org/wg/jose/trac/ticket/2 “No key management for MAC”. Also, there’s a highly relevant discussion about key management for MACs going on in the COSE working group. See the thread “[Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)” – especially https://mailarchive.ietf.org/arch/msg/cose/aUehU6O7Ui8CXcGxy3TquZOxWH4 and https://mailarchive.ietf.org/arch/msg/cose/ouOIdAOe2P-W8BjGLJ7BNvvRr10. One could take the view that our decision on the JOSE key management draft should be informed by the related decision in COSE. Specifically, that if COSE decides to support key management for MACs, the same reasoning likely should apply to our decision on whether to define a standard mechanism for supporting key management for MACs in JOSE. Key management is explicitly out-of-scope for COSE as stated in the charter. The discussion referenced had this point at the close of that discussion. I'm not seeing much support for these drafts moving forward in JOSE. I'm also not seeing enough to justify standards track and AD sponsored. If you think these are important to have move forward in the WG or as standards track, please say so soon. They can still go forward through the Independent submission process through the ISE. Thank you, Kathleen -- Mike From: jose [mailto:[email protected]] On Behalf Of Karen O'Donoghue Sent: Wednesday, July 01, 2015 8:38 AM To: [email protected]<mailto:[email protected]> Subject: [jose] way forward for two remaining drafts Folks, With the thumbprint draft progressing through the process, we have two remaining individual drafts to decide what to do with. The options include: 1) adopt as working group drafts; 2) ask for AD sponsorship of individual drafts; or 3) recommend that they not be published. Please express your thoughts on what we should do with these drafts. Jim, Kathleen, and I would like to make a decision in the Prague timeframe, so please respond by 15 July. https://tools.ietf.org/id/draft-jones-jose-jws-signing-input-options-00.txt https://tools.ietf.org/id/draft-jones-jose-key-managed-json-web-signature-01.txt Thanks, Karen _______________________________________________ jose mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/jose -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
