Minutes for JOSE at interim-2013-jose-4
minutes-interim-2013-jose-4-1

The JOSE working group held a teleconference on July 15th 2013.  On the
teleconference were:

Jim Schaad      Anthony Nadalin John Bradley
Matt Miller     Michael Peck    Mike Jones
Prateek Mishra  Richard Barnes

The chair gave a brief overview of the status of the Use Cases document.  It
has finished the WG last call and an updated revision had been published prior
to the teleconference.  The chairs will be doing a final review over the next
week and starting the process of advancing the document to the IESG.

Issue #24 - "Move JWS Headers into signature block".  Mike stated that he was
now in favor of doing this step as it allowed for per signature attributes to
be protected.  John and Richard also agreed with this position. Jim asked if
the proposal was going to keep any of the common header sections and the
consensus of the room was no.

Issue #29 - "Add aad field to JWE".  Richard argued that this allowed for a
greater variety of algorithms by having the additional field.  The group then
dissucsed the mechanism to be used for the implementation for both the JSON and
compact serialization methods and a solution was agreed on.  The aad field
would not be usable for the compact serialization and would be a new top level
element for the JSON serialization.  Mike agreed to roll this change into the
next update.

Issue #13 - "AES-GCM key wrap".  There was consensus in the room that this
should be rolled into the next draft and that the proposal advanced by Mike
would be used as the basis of this.  Miheal raised a security concern, this is
similar to that used in Issued #28 and needs to have similiar language. 
Micheal was tasked to send some specific langauge to the list to address his
concerns.  Mike was tasked to include this new algorithm in the next draft.

The next item dissused was Matt's key wrap draft.  Mike said that he has rolled
the content of the draft into the current working drafts.  The only open issue
was if and how the PBKDF2 algorithm should get folded into the JWA draft. 
Richard and John both argued for including it in the JWA document. Matt stated
that after the algorithm is folded in he thought that basically all of his
document was now in the main documents.  However he would double check that
this was true.

Issue #6 - Richard stated that he has verified that this is now addressed to
his satisfaction.  The chairs will close the issue.

Issue #28 - Mike stated that he planned to add the NIST guidence language to
the security considerations.

Issue #27 - Mike stated that the current documents have updated language to
deal with this issue stating that parsers should either reject or use last
element if duplicate member keys exist.  There is no desire to force people to
write there won parsers which is the reason for not rejecting in all cases. 
The consensus was that the issue is now adaquately addressed.

Issue #25 - "Detached content".  Richard stated that this issue has been
largely addressed by the solution to IsIssue #24.  Jim said he did not quite
follow this and Richard said he would follow up with a mail that contained more
detail.

Issue #26 - "Base64 encoding" - Jim noted there has been significant push back
from the working group on this issue.  ### The notes did not have the rest of
the discussion.  Will need to find the audio ###

Issue #15 - "Key indicators" - Mike requested that it be closed.  Jim said it
was left open as a reminder for a slightly different issue dealing with
examples.  He will follow up and fix the tracking.

Future teleconferences - This will be addressed at the end of the F2F meeting
in Berlin.  However the bias is to continue them.