Minutes for JOSE at interim-2013-jose-2
minutes-interim-2013-jose-2-2

JOSE Interim Meeting

The JOSE group had an interim teleconference on 17 June 2013.  The following
people were on the conference call:

Jim Schaad         Mike Jones           Brian Campbell      Karen O'Donoghue
John Bradley       Justin Richer        Matt Miller         Prateek Mishra
Russ Housley       Joe Hildebrand

* The first agenda item was the use cases document.  The chairs re-iterated
that they need to get reviews from the members of the group before the document
can progress.  Mike and Prateek committed to getting reviews done by the middle
of the week and John said he would try to get one by the end of the week.

The question of the use case written by Ludwig Seitz on the constrained devices
was raised:  Should this use case be included in the document.  The general
sense of the call was that it should be included.

The chairs will get together after the reviews are in to make a determination
on the state of the document and make a decision about advancing the document.

* The next agenda item was a discussion about the changes agreed to on the F2F
meeting and if they were fully implemented in the current document set.

The only known issue was that raised by tracker issue #24 - Richard's request
to move the protected headers for signatures from a common location to a per
signature location.

Mike opposed the change based on the fact that this would mean there was a
difference between how JWS and JWE code would be structured.  He felt this
would lead to confusion by developers.

Jim raised the question if the issue had been explicitly discussed at the F2F
meeting as he had no recollection of the discussion.  Mike said that he had
sent out a message shortly after the meeting which had the current structure. 
Nobody else could remember any explicit discussions.

The discussion then went into the difference between having multiple signers
and having multiple signatures by a single signer in the document.  John said
that there was a difference between the two cases and we had never really
discussed having different people do signatures, but that all of the signatures
would be applied at the same time.

Jim then asked for any use cases where there might be different attributes on a
signature by signature basis.  Nobody had any use cases.

Jim then raised the CFRG question about changing hash functions.  It is not
clear that there was a solid conclusion about the ability to do hash
modification attacks.

Jim then proposed that the item be closed with a note that it might be of
interest to add the ability to also do per signature protected attributes in a
future version of the document.  There were no objections to this proposal at
the meeting.

The question of any other issues on this topic was raised and there were none.

* The next agenda item was a resolution of tracker issue #8 - direct mode for
key agreement

The chairs said that as the use case from Ludwig was adopted then there was now
a clear use case for keeping the issue and it would be closed as 'won't fix'. 
No objections were recorded.

* The next item was tracker issue #20 - Shorter names for JSON serialization

Mike said that based on the mailing list he had included the two changes that
were agreed to.  There was a brief discussion on the other items that were not
agreed to and it was the consensus that they would remain as they currently are.

The chairs will close the tracker issue as fixed.

* The next item was tracker issues #21 and #22 - Media types

Mike said that he had included these two changes in the current set of
documents.  The chairs will therefore close the tracker issue as fixed.

* The question of future meetings was then raised.

The chairs said they had discussed this and intended to ask for two meetings on
July 1 and July 15 at the present time if there were no objections.  The time
was felt to be good by the current set of participants and the chairs will
request the webex meetings.

* Mike raised the question of issue #18 - MAC key lifetime concerns

This issue is currently blocked on the authors providing text.  Mike would like
to be able to point to text that has already been written in a different
document rather than create new text for this document.  John said that he did
not know of any general advice, the best was to say don't do it and always use
a new key.  Russ pointed out that this is not done for routing but he did not
know of any place that could be used as a reference.

Mike said that he would look around some more for text.

Mike raised the question of why issue #5 had not been closed.  The chairs said
that it was because they had not been able to get together with Richard to
agree that it has been sufficiently addressed, however it was not considered to
be an active issue.