[Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) sent to the RFC Editor

Mike Jones <Michael.Jones@microsoft.com> Wed, 06 November 2019 20:46 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 419B01200FF for <ace@ietfa.amsl.com>; Wed, 6 Nov 2019 12:46:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQ7umuF9r9Wt for <ace@ietfa.amsl.com>; Wed, 6 Nov 2019 12:46:16 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640093.outbound.protection.outlook.com [40.107.64.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79A561200FE for <ace@ietf.org>; Wed, 6 Nov 2019 12:46:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qzs3ijmMz35W9AbfjRiLuPs9EoCRBafL1QgvkRioQ+gjfaWh/FKf//NB4/PIUaxqgyS7NWiRX/r/pZlgva1hP0EoosidO2YF/mMeuUNnTBAMk+5uW/oolLkJJMP8wDgB/T8Xsa/Aq7gDbBo2R65iQiw0cZ5BYB/Yo/vvhzIt+pzGMZASMjBIrKyYS2l3pn1N6Or8sBwq4Ty27NQXjycPs8wHGnqgHt1MEP8FC3mhmMeUUcuhzcWBbYrYsjXtpMv+ZCEZzq2iNFCgUhuyUQGgQZHSqv80R9BHk0xtxn/LLGxTA7cEgVulmERq7ouPF7tA6yW8c2SCmA4hyx7O8lItOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9wqeW2SsydZC0l+awrgIcpVbg+5ASvsuTpmTV+E5EZw=; b=f0j0waRxgPA1YSAb+3nL2tLTAhc8/Es8fgvqcuhuTCJI6MtTsmshC2ohSccjJgz5KjpXQU2G0J+og/oXb2voDNfCb+eK77R2CyGnJCWUupkpnKDJ4ucahruITtknfDAf7zLpCv/61TZZCe+6bliOrcHsW6dkE8fULnzFXsEoYMcNX5/QGzTYY/d3RdqQjhQt9z4z65pHd5N2vv/lkzWXr+TIF7droEbL5+l4tPKznsfcSt2DKL9tLp4L4mMHr/V6uBtsPi0rXFhRSDq35Qe3dtHyVGcaaY7N6SaXYSV03mnpcgRr4v1MUmK8h9XhHq7W2TGzFjXdsdh51ZVFQYfboQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9wqeW2SsydZC0l+awrgIcpVbg+5ASvsuTpmTV+E5EZw=; b=XFlj2aphGrY114zZu8zpjkPkpMA0yHkNb0G6J6uTmxYkDDPkKGzsiG+BnBzu1iIaLsoVNUj0gBtZ3UnlxAespuu+ddvf8h2+SMsmYJQhy1k1qTM3750gq8YwTe6dIlyvuhQqZMIGxY4+rq26EdGSbUxjUnv419MDLx1IgJ/mB8Y=
Received: from DM6PR00MB0572.namprd00.prod.outlook.com (20.179.51.15) by DM6PR00MB0602.namprd00.prod.outlook.com (20.179.48.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2459.0; Wed, 6 Nov 2019 20:46:14 +0000
Received: from DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::b4e1:8a58:2eb1:47bd]) by DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::b4e1:8a58:2eb1:47bd%9]) with mapi id 15.20.2470.000; Wed, 6 Nov 2019 20:46:14 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) sent to the RFC Editor
Thread-Index: AdWU4PnNllWolbDFT0KN+/ogJy3Utw==
Date: Wed, 6 Nov 2019 20:46:14 +0000
Message-ID: <DM6PR00MB05726118DA641630978B2A2EF5790@DM6PR00MB0572.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=4921961f-3b77-4a8e-915a-00007e9dc23d; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-06T20:27:00Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [131.107.159.141]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5e512605-4546-433a-6f4e-08d762fa5d7c
x-ms-traffictypediagnostic: DM6PR00MB0602:
x-microsoft-antispam-prvs: <DM6PR00MB06022655D2AFD6A5ED836FA8F5790@DM6PR00MB0602.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02135EB356
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(396003)(366004)(346002)(39860400002)(189003)(199004)(2501003)(66946007)(5660300002)(2906002)(9686003)(86362001)(7736002)(54896002)(478600001)(316002)(99286004)(606006)(76116006)(71200400001)(71190400001)(6306002)(236005)(55016002)(14444005)(10090500001)(476003)(21615005)(256004)(486006)(2351001)(52536014)(102836004)(6506007)(26005)(790700001)(74316002)(6116002)(6916009)(10290500003)(186003)(66066001)(66476007)(25786009)(6436002)(66556008)(966005)(8990500004)(66574012)(64756008)(66446008)(14454004)(22452003)(5640700003)(81166006)(7696005)(81156014)(8936002)(8676002)(3846002)(1730700003)(33656002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0602; H:DM6PR00MB0572.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HcV7yAz9u9SWEwO3q0wtFBNWonymCd4aFhWScsIwQap0nnrEdIQZNiNDOx5nqYUI3xIsfZtj+dsw+gxODjutV02c5t9NsluzFLEjGu1BeFzzDGJx63tpIlC7GBgDy5CHQDhnBOpe+Nuwf6RwOr1onX9q/xq1+ydWKR5LDbeu8EHQRmbAOtV1kihO7ozkzM/WiX68XRvTiS9KQtSbO6lQeQvi7kgobJiIYoLw0yKJIHxPzkeHEp9xpGGsFq8HgysSHIAnzx1SSKSz0JM9wSMj7lIksctEOK1c6GKUkSc7lBdQYCMVB/32BSioFKnpQ4nEDRSOSE6trxnMWyXRHw9KgTkJMamXjuT5c59QMfqWXv+/5ZKttn3tvOOQkq2GP7oCvBYH3QwTwoQ1AYX+GwsLvjUYbxXB0K0bfmg3pXOjsZ9pzAEoZxdlfh58N6bcRBXC
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB05726118DA641630978B2A2EF5790DM6PR00MB0572namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e512605-4546-433a-6f4e-08d762fa5d7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 20:46:14.4327 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nK6ZB3tBH9GMkfWZarc2uxPr3iiwOQAgyAMuYH6gW8gmEmCUcqFkdlk1uq3QUIIyD2aAaDmL/ELHg42/7hF0ow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0602
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/RzkHb_LYejHN6IekaAhMTKG4UOQ>
Subject: [Ace] Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) sent to the RFC Editor
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 20:46:19 -0000

I'm pleased to report that the Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification is now technically stable and will shortly be an RFC - an Internet standard.  Specifically, it has now progressed to the RFC Editor queue, meaning that the only remaining step before finalization is editorial due diligence.  Thus, implementations can now utilize the draft specification with confidence that that breaking changes will not occur as it is finalized.

The abstract of the specification is:
This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder-of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs).

Thanks to the ACE working group<https://datatracker.ietf.org/wg/ace/about/> for completing this important specification.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-11

An HTML-formatted version is also available at:

  *   https://self-issued.info/docs/draft-ietf-ace-cwt-proof-of-possession-11.html

                                                       -- Mike

P.S.  This note was also posted at https://self-issued.info/?p=2025 and as @selfissued<https://twitter.com/selfissued>.