JOSE Interim Meeting

The JOSE group had an interim teleconference on 17 June 2013.  The following people were on the conference call:

Jim Schaad         Mike Jones           Brian Campbell      Karen O'Donoghue
John Bradley       Justin Richer        Matt Miller         Prateek Mishra
Russ Housley       Joe Hildebrand

* The first agenda item was the use cases document.  The chairs re-iterated that they need to get reviews from the members of the group before the document can progress.  Mike and Prateek committed to getting reviews done by the middle of the week and John said he would try to get one by the end of the week.

The question of the use case written by Ludwig Seitz on the constrained devices was raised:  Should this use case be included in the document.  The general sense of the call was that it should be included.

The chairs will get together after the reviews are in to make a determination on the state of the document and make a decision about advancing the document.

* The next agenda item was a discussion about the changes agreed to on the F2F meeting and if they were fully implemented in the current document set.

The only known issue was that raised by tracker issue #24 - Richard's request to move the protected headers for signatures from a common location to a per signature location.

Mike opposed the change based on the fact that this would mean there was a difference between how JWS and JWE code would be structured.  He felt this would lead to confusion by developers.

Jim raised the question if the issue had been explicitly discussed at the F2F meeting as he had no recollection of the discussion.  Mike said that he had sent out a message shortly after the meeting which had the current structure.  Nobody else could remember any explicit discussions.

The discussion then went into the difference between having multiple signers and having multiple signatures by a single signer in the document.  John said that there was a difference between the two cases and we had never really discussed having different people do signatures, but that all of the signatures would be applied at the same time.

Jim then asked for any use cases where there might be different attributes on a signature by signature basis.  Nobody had any use cases.

Jim then raised the CFRG question about changing hash functions.  It is not clear that there was a solid conclusion about the ability to do hash modification attacks.

Jim then proposed that the item be closed with a note that it might be of interest to add the ability to also do per signature protected attributes in a future version of the document.  There were no objections to this proposal at the meeting.

The question of any other issues on this topic was raised and there were none.

* The next agenda item was a resolution of tracker issue #8 - direct mode for key agreement

The chairs said that as the use case from Ludwig was adopted then there was now a clear use case for keeping the issue and it would be closed as 'won't fix'.  No objections were recorded.

* The next item was tracker issue #20 - Shorter names for JSON serialization

Mike said that based on the mailing list he had included the two changes that were agreed to.  There was a brief discussion on the other items that were not agreed to and it was the consensus that they would remain as they currently are.

The chairs will close the tracker issue as fixed.

* The next item was tracker issues #21 and #22 - Media types

Mike said that he had included these two changes in the current set of documents.  The chairs will therefore close the tracker issue as fixed.

* The question of future meetings was then raised.

The chairs said they had discussed this and intended to ask for two meetings on July 1 and July 15 at the present time if there were no objections.  The time was felt to be good by the current set of participants and the chairs will request the webex meetings.

* Mike raised the question of issue #18 - MAC key lifetime concerns

This issue is currently blocked on the authors providing text.  Mike would like to be able to point to text that has already been written in a different document rather than create new text for this document.  John said that he did not know of any general advice, the best was to say don't do it and always use a new key.  Russ pointed out that this is not done for routing but he did not know of any place that could be used as a reference.  

Mike said that he would look around some more for text.

Mike raised the question of why issue #5 had not been closed.  The chairs said that it was because they had not been able to get together with Richard to agree that it has been sufficiently addressed, however it was not considered to be an active issue.