Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-31

2014-08-27 Thread Mike Jones
There's a thread on this review on the JOSE working group list, which you can see at http://www.ietf.org/mail-archive/web/jose/current/maillist.html. If you have comments on the proposed resolutions, please add your thoughts there. -Original Message- From: ietf [mailto:ietf-boun...@ietf

Re: [Gen-art] Last Call Review of draft-ietf-oauth-json-web-token-25

2014-09-02 Thread Mike Jones
Thanks for the review, Tom. I've cc'ed the OAuth working group so that they're aware of the contents of your review. -- Mike -Original Message- From: Tom Taylor [mailto:tom.taylor.s...@gmail.com] Sent: Saturday, August 23, 2014 8:39 PM To: draft-ietf-oau

Re: [Gen-art] Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31

2014-09-04 Thread Mike Jones
Thanks for the review, Roni. I'm also cc'ing the working group so they're aware of your review. Replies are inline below... From: Roni Even [mailto:ron.even@gmail.com] Sent: Monday, September 01, 2014 4:47 AM To: draft-ietf-jose-json-web-algorithms@tools.ietf.org; gen-art@ietf.org Cc: i

[Gen-art] JOSE -32 and JWT -26 drafts addressing IETF Last Call comments

2014-09-23 Thread Mike Jones
New versions of the JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) specifications have been published incorporating feedback received in IETF Last Call comments. Thanks to Russ Housley and Roni Even for their Gen-ART reviews, to Tero Kivinen, Scott Kelly, Stephen Kent, Charl

Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-31

2014-09-23 Thread Mike Jones
Thanks again for your review, Russ. The proposed resolutions below have been applied in the -32 draft. -- Mike From: Mike Jones Sent: Monday, August 25, 2014 6:22 PM To: 'Russ Housley' Cc: j...@ietf.org Subject: RE: Gen-

Re: [Gen-art] Gen-ART LC review of draft-ietf-jose-json-web-algorithms-31

2014-09-23 Thread Mike Jones
Thanks again for your review, Roni. The resolutions discussed below have been applied in the -32 draft. -- Mike From: Roni Even [mailto:ron.even@gmail.com] Sent: Thursday, September 04, 2014 2:41 PM To: Mike Jones; draft-ietf

Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-31

2014-09-25 Thread Mike Jones
Sounds good From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] Sent: Thursday, September 25, 2014 6:12 AM To: Mike Jones Cc: Russ Housley; j...@ietf.org; gen-art@ietf.org; i...@ietf.org Subject: Re: Gen-ART review of draft-ietf-jose-json-web-signature-31 Hi Mike, I'm just

Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-31

2014-09-25 Thread Mike Jones
Given I was already editing to address Stephen’s missed comments, I added this too. -- Mike From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] Sent: Thursday, September 25, 2014 6:12 AM To: Mike Jones Cc: Russ Housley; j

Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-33

2014-09-30 Thread Mike Jones
: If there is an x5u pointing to a certification issued by a major CA, is TLS required for the HTTP query used to retrieve this certificate? TLS shouldn't be needed since the certificate is a signed object. Therefore, the "MUST" use TLS for cert retrieval should be changed to

Re: [Gen-art] gen-art telechat review of draft-ietf-jose-json-web-key-33

2014-09-30 Thread Mike Jones
Thanks for your review, Scott. I'm adding the working group to the thread so they're aware of your comments. Replies are inline below... -Original Message- From: Scott Brim [mailto:scott.b...@gmail.com] Sent: Monday, September 29, 2014 2:08 PM To: gen-art; draft-ietf-jose-json-web-key

Re: [Gen-art] [jose] Gen-ART review of draft-ietf-jose-json-web-signature-33

2014-09-30 Thread Mike Jones
IETF; IETF Gen-ART; Russ Housley; Mike Jones; j...@ietf.org; draft-ietf-jose-json-web-signature@tools.ietf.org Subject: Re: [jose] Gen-ART review of draft-ietf-jose-json-web-signature-33 The attack is not possible if the receiver validates the host from the x5u against the certificate CN and val

Re: [Gen-art] gen-art telechat review of draft-ietf-jose-json-web-key-33

2014-09-30 Thread Mike Jones
Jones Cc: gen-art; draft-ietf-jose-json-web-key@tools.ietf.org; j...@ietf.org Subject: Re: gen-art telechat review of draft-ietf-jose-json-web-key-33 On Tue, Sep 30, 2014 at 2:29 PM, Mike Jones wrote: > Minor issues: > > More than once it is said that members that are not understood &

Re: [Gen-art] Gen-ART Telechat review of draft-ietf-jose-json-web-encryption-33.txt

2014-10-01 Thread Mike Jones
Thanks for your review, Suresh. I've added the working group so they're aware of the contents of your review. -- Mike -Original Message- From: Suresh Krishnan [mailto:suresh.krish...@ericsson.com] Sent: Tuesday, September 30, 2014 6:56 PM To: draft-ietf-

Re: [Gen-art] Gen-ART Last Call review of draft-ietf-oauth-saml2-bearer-21

2014-10-06 Thread Mike Jones
Thanks for your review, Meral. I've added the working group to this thread so that they're aware of your comments. > From: Meral Shirazipour [mailto:meral.shirazip...@ericsson.com] > Sent: Monday, September 29, 2014 12:40 AM > To: draft-ietf-oauth-saml2-bearer@tools.ietf.org; gen-art@ietf.o

Re: [Gen-art] [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33

2014-10-14 Thread Mike Jones
Behalf Of Mike Jones Sent: Tuesday, September 30, 2014 3:27 PM To: Scott Brim Cc: draft-ietf-jose-json-web-key@tools.ietf.org; gen-art; j...@ietf.org Subject: Re: [jose] gen-art telechat review of draft-ietf-jose-json-web-key-33 I agree with your observation about the surrounding protocol. Thanks

Re: [Gen-art] Gen-ART review of draft-ietf-jose-json-web-signature-33

2014-10-14 Thread Mike Jones
cussion is probably needed on that topic. Thanks again, -- Mike From: jose [mailto:jose-boun...@ietf.org] On Behalf Of Mike Jones Sent: Tuesday, September 30, 2014 11:11 A

Re: [Gen-art] review: draft-ietf-jose-jwk-thumbprint-05

2015-07-06 Thread Mike Jones
Hi Joel. Thanks for looking this over again. Section 3.4 was added in response to Adam Montville's SecDir comments, in which his focus was on cases where the hash function didn't have to be known to multiple parties. I guess it's only fair that you focus on the cases where it does. ;-) Curre

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-12 Thread Mike Jones
Hi Robert. Thanks for the useful review. Replies are inline below... > -Original Message- > From: Robert Sparks [mailto:rjspa...@nostrum.com] > Sent: Friday, December 4, 2015 11:08 AM > To: General Area Review Team ; i...@ietf.org; > j...@ietf.org; draft-ietf-jose-jws-signing-input-opti.

Re: [Gen-art] [jose] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-12 Thread Mike Jones
ssage- From: Jim Schaad [mailto:i...@augustcellars.com] Sent: Saturday, December 12, 2015 9:08 PM To: Mike Jones ; 'Robert Sparks' ; 'General Area Review Team' ; i...@ietf.org; j...@ietf.org; draft-ietf-jose-jws-signing-input-opti...@ietf.org Subject: RE: [jose] Gen-Art LC r

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-13 Thread Mike Jones
-- Mike -Original Message- From: Robert Sparks [mailto:rjspa...@nostrum.com] Sent: Sunday, December 13, 2015 1:11 PM To: Mike Jones ; General Area Review Team ; i...@ietf.org; j...@ietf.org; draft-ietf-jose-jws-signing-input-opti...@ietf.org Subject: Re: Gen-Art LC review: draft-ietf-j

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-13 Thread Mike Jones
These resolutions are now published in -07. Thanks again! -Original Message- From: Mike Jones [mailto:michael.jo...@microsoft.com] Sent: Sunday, December 13, 2015 8:05 PM To: Robert Sparks ; General Area Review Team ; i...@ietf.org; j...@ietf.org; draft-ietf-jose-jws-signing-input

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-16 Thread Mike Jones
Thanks for your thoughtful comments, Robert. Replies are inline below... > -Original Message- > From: Robert Sparks [mailto:rjspa...@nostrum.com] > Sent: Monday, December 14, 2015 5:12 PM > To: Mike Jones ; General Area Review Team > ; i...@ietf.org; j...@ietf.org; draf

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-16 Thread Mike Jones
Best wishes, -- Mike -Original Message- From: Richard Barnes [mailto:r...@ipv.sx] Sent: Monday, December 14, 2015 5:23 PM To: Robert Sparks Cc: Mike Jones ; General Area Review Team ; i...@ietf.org; j...@ietf.org; draft-ietf-jose-jws-signing-input-opti...@ietf.org Subject: Re: Gen-Art L

Re: [Gen-art] [jose] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-16 Thread Mike Jones
Hi Jim, Please see my replies to Robert and Richard. I believe they cover the point you're making below. -- Mike -Original Message- From: Jim Schaad [mailto:i...@augustcellars.com] Sent: Monday, December 14, 2015 10:42 PM To: Mike Jones ; &#

Re: [Gen-art] [jose] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-16 Thread Mike Jones
com] Sent: Thursday, December 17, 2015 3:08 AM To: Mike Jones ; Robert Sparks ; General Area Review Team ; j...@ietf.org; Ben Campbell ; Benoit Claise Subject: RE: [jose] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06 Mike proposes the following: "Using "crit&

Re: [Gen-art] Gen-Art LC review: draft-ietf-jose-jws-signing-input-options-06

2015-12-23 Thread Mike Jones
FYI, Robert, "crit" is now required with "b64", as you'd requested. -Original Message- From: Mike Jones Sent: Wednesday, December 16, 2015 4:58 PM To: 'Robert Sparks' ; General Area Review Team ; i...@ietf.org; j...@ietf.org; draft-ietf-jose-jws-sig

Re: [Gen-art] Gen-ART Last Call review of draft-ietf-oauth-amr-values-04

2017-01-17 Thread Mike Jones
Thanks for taking the time to review the specification, Paul. We appreciate it! Replies are inline below... -Original Message- From: Paul Kyzivat [mailto:pkyzi...@alum.mit.edu] Sent: Sunday, December 11, 2016 4:13 PM To: draft-ietf-oauth-amr-values@ietf.org Cc: General Area Revie

Re: [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-amr-values-05

2017-01-26 Thread Mike Jones
Hi Paul, Per my earlier reply at https://www.ietf.org/mail-archive/web/gen-art/current/msg14212.html, the specified registration procedure is the standard IANA one, prefixed by a public review period. JWT registrations, OAuth registrations, .well-known registrations, and others all already wo

Re: [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-amr-values-05

2017-01-26 Thread Mike Jones
cy matters. -- Mike -Original Message- From: Paul Kyzivat [mailto:pkyzi...@alum.mit.edu] Sent: Thursday, January 26, 2017 12:28 PM To: Mike Jones ; draft-ietf-oauth-amr-values@ietf.org Cc: General Area Review Team Subject: Re: [Gen-art] Gen-ART Telechat revie

Re: [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-amr-values-05

2017-02-01 Thread Mike Jones
, -- Mike -Original Message- From: Jari Arkko [mailto:jari.ar...@piuha.net] Sent: Wednesday, February 1, 2017 11:57 AM To: Paul Kyzivat Cc: Mike Jones ; draft-ietf-oauth-amr-values@ietf.org; General Area Review Team Subject: Re: [Gen-art] Gen-ART Telechat

Re: [Gen-art] Genart telechat review of draft-jones-cose-rsa-03

2017-06-15 Thread Mike Jones
https://tools.ietf.org/html/draft-jones-cose-rsa-04 addresses your review comments, Roni. Thanks for the useful review! -- Mike P.S. I also thanked you in the publication announcement at http://self-issued.info/?p=1697 and as

Re: [Gen-art] Genart last call review of draft-ietf-oauth-discovery-07

2017-10-27 Thread Mike Jones
Thanks for the review and validating the examples, Brian! -Original Message- From: Brian Carpenter [mailto:brian.e.carpen...@gmail.com] Sent: Sunday, October 1, 2017 7:58 PM To: gen-art@ietf.org Cc: oa...@ietf.org; draft-ietf-oauth-discovery@ietf.org Subject: Genart last call review o

Re: [Gen-art] [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-02-27 Thread Mike Jones
I agree with Jim. This information is in the registration template at https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-12#section-9.1.1, as follows: Claim Key: CBOR map key for the claim. Integer values between -256 and 255 and strings of length 1 are designated as

Re: [Gen-art] [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-02-27 Thread Mike Jones
Replies inline… From: Ace On Behalf Of Dan Romascanu Sent: Tuesday, February 27, 2018 2:23 PM To: Jim Schaad Cc: gen-art ; a...@ietf.org; ietf ; Benjamin Kaduk ; draft-ietf-ace-cbor-web-token@ietf.org Subject: Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12 Hi Jim, Th

Re: [Gen-art] [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-03-05 Thread Mike Jones
! -- Mike From: Dan Romascanu Sent: Tuesday, February 27, 2018 11:24 PM To: Mike Jones Cc: Jim Schaad ; gen-art ; a...@ietf.org; ietf ; Benjamin Kaduk ; draft-ietf-ace-cbor-web-token@ietf.org Subject: Re: [Ace] Genart telechat review of draft-ietf-ace

Re: [Gen-art] Gen-ART review of draft-ietf-oauth-v2-bearer-15.txt

2012-01-30 Thread Mike Jones
Thanks for your useful feedback, Alexey. Below, I'll respond to each of your comments. I've also added the OAuth working group to the thread, so they are aware of them as well and can participate in the discussion. About your first issue with the WWW-Authenticate ABNF, I am already working wi

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-18.txt

2012-04-10 Thread Mike Jones
Hi Alexey, About your issue 1: The OAuth Core spec, where "scope" is primarily defined, includes the sentence "The [scope] strings are defined by the authorization server" (see http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3). I could add that clarification to the Bearer spec as

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

2012-07-17 Thread Mike Jones
FYI, the b64 token definition is identical to the one in draft-ietf-httpbis-p7-auth-20. If it works there, it should work for OAuth Bearer. -- Mike From: Stephen Farrell Sent: 7/17/2012 4:12 AM To: draft-ietf-oauth-v2-bearer@tools.ietf.org Cc: General Area

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

2012-07-17 Thread Mike Jones
we *definitely* want to allow. As a result, I don't think adding a reference to RFC 4648 is either necessary or appropriate. Julian may be able to provide more background. Best wishes, -- Mike -Original Message- From:

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

2012-07-17 Thread Mike Jones
Sent: Tuesday, July 17, 2012 10:32 AM To: Mike Jones Cc: Alexey Melnikov; General Area Review Team; The IESG; draft-ietf-oauth-v2-bearer@tools.ietf.org; oa...@ietf.org Subject: Re: [OAUTH-WG] [Gen-art] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt On 2012-07-17 19:15, Mike

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

2012-07-17 Thread Mike Jones
, -- Mike -Original Message- From: Julian Reschke [mailto:julian.resc...@gmx.de] Sent: Tuesday, July 17, 2012 10:48 AM To: Mike Jones Cc: General Area Review Team; The IESG; draft-ietf-oauth-v2-bearer@tools.ietf.org; oa...@ietf.org Subject: Re: [OAUTH-WG] [Gen-art

Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-22.txt

2012-07-17 Thread Mike Jones
: Alexey Melnikov [mailto:alexey.melni...@isode.com] Sent: Tuesday, July 17, 2012 10:58 AM To: Mike Jones Cc: Julian Reschke; The IESG; General Area Review Team; oa...@ietf.org; draft-ietf-oauth-v2-bearer@tools.ietf.org; Stephen Farrell Subject: Re: [Gen-art] [OAUTH-WG] Gen-ART Telechat review

Re: [Gen-art] Genart last call review of draft-ietf-ace-cwt-proof-of-possession-08

2019-10-16 Thread Mike Jones
Thanks for your review, Christer. Replies are inline, prefixed by "Mike>"… -Original Message- From: Christer Holmberg via Datatracker Sent: Friday, October 4, 2019 10:44 AM To: gen-art@ietf.org Cc: draft-ietf-ace-cwt-proof-of-possession@ietf.org; i...@ietf.org; a...@ietf.org Subje

Re: [Gen-art] Genart last call review of draft-ietf-ace-cwt-proof-of-possession-08

2019-10-18 Thread Mike Jones
Hi Christer, https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-09 has been published, which addresses your review comments in the ways proposed below. Thanks again for your review! -- Mike From: Mike Jones Sent

Re: [Gen-art] Gen-ART Last Call review of draft-hodges-webauthn-registries-05

2020-05-13 Thread Mike Jones
Thanks for your review, Paul. After consultation with Jeff Hodges, we've decided to delete the language about defining additional fields. (This language was copied from RFC 8288 but we decided that it wasn't needed for the purposes of this specification.) You can see proposed updated source f

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-04 Thread Mike Jones
Thanks for your review, Robert. I'm working on addressing the review comments received and wanted to have a clarifying discussion on some of yours before deciding what corresponding edits to make. I think there's a misunderstanding about "jti" values and the security model. Because communicat

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-04 Thread Mike Jones
Thanks for the quick reply. My responses are inline, prefixed by "Mike>". -Original Message- From: Robert Sparks Sent: Thursday, June 4, 2020 2:51 PM To: Mike Jones ; gen-art@ietf.org Cc: last-c...@ietf.org; draft-ietf-secevent-http-poll@ietf.org; id-ev...@ietf.or

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-05 Thread Mike Jones
Mike -Original Message- From: Yaron Sheffer Sent: Friday, June 5, 2020 8:26 AM To: Mike Jones ; Robert Sparks ; gen-art@ietf.org Cc: last-c...@ietf.org; draft-ietf-secevent-http-poll@ietf.org; id-ev...@ietf.org Subject: Re: [Id-event] Genart last call review of draft-ietf-secevent-http-poll-0

Re: [Gen-art] Genart last call review of draft-ietf-secevent-http-push-10

2020-06-08 Thread Mike Jones
Thanks for your useful review, Vijay. I've attempted to address your comments in https://tools.ietf.org/html/draft-ietf-secevent-http-push-11. My replies are inline, prefixed by "Mike>". -Original Message- From: Vijay Gurbani via Datatracker Sent: Monday, May 18, 2020 8:17 AM To: gen

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-08 Thread Mike Jones
nsistent changes there as well. I hope to hear back from the working group with your thoughts this week. -- Mike -Original Message- From: Yaron Sheffer Sent: Friday, June 5, 2020 9:36 AM To: Mike Jones ; Robert Sparks ; gen-art@ietf.org; Valery Smyslo

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-12 Thread Mike Jones
. Cheers, -- Mike From: Richard Backman, Annabelle Sent: Tuesday, June 9, 2020 4:40 PM To: Dick Hardt ; Mike Jones Cc: last-c...@ietf.org; Valery Smyslov ; gen-art@ietf.org; Yaron Sheffer ; draft-ietf

Re: [Gen-art] [Id-event] Genart last call review of draft-ietf-secevent-http-poll-09

2020-06-15 Thread Mike Jones
s://twitter.com/selfissued>. From: Phillip Hunt Sent: Friday, June 12, 2020 3:11 PM To: Mike Jones Cc: Dick Hardt ; Yaron Sheffer ; Robert Sparks ; Richard Backman, Annabelle ; Valery Smyslov ; gen-art@ietf.org; last-c...@ietf.org; draft-ietf-secevent-http-poll@ietf.org; id-ev...@ietf.or

Re: [Gen-art] Genart telechat review of draft-ietf-secevent-http-poll-11

2020-06-24 Thread Mike Jones
Thanks Robert. I applied your proposed language to the appendix in Push. Thanks again, -- Mike -Original Message- From: Robert Sparks via Datatracker Sent: Monday, June 22, 2020 12:50 PM To: gen-art@ietf.org Cc: draft-ietf

Re: [Gen-art] Genart last call review of draft-ietf-cbor-date-tag-05

2020-08-05 Thread Mike Jones
I agree with Jim's response to the comparison question. An RFC is being created because a tag is being registered in the Specification Required range of the Tags Registry specified at https://tools.ietf.org/html/rfc7049#section-7.2. -- Mike -Original Message