Re: [Ace] Keeping the same key identifier for groups

Peter van der Stok <> Tue, 20 August 2019 09:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CD75012091E for <>; Tue, 20 Aug 2019 02:18:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qK2-4Ipg0wtW for <>; Tue, 20 Aug 2019 02:18:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 30107120024 for <>; Tue, 20 Aug 2019 02:18:39 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8B9F518225E1D; Tue, 20 Aug 2019 09:18:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h= mime-version:content-type:date:from:to:cc:subject:reply-to :in-reply-to:references:message-id; s=key; bh=0q7OitqPf0pcqWcv7x 5yhJgPSgnjG5j92Rrw2bl2A9E=; b=ibNlO+Eu2DPAAQ+gzI4MHO05nJLmusdAvc xZcXiHUVvZlOyoHitHc9iPNIWltRyeCBUoReRodgTcmpcEyBxPhtgJe2WUi+RjsT r8mM2R5MmNF9GPp+33zGy4f601JeZZ/5LFdPp7EjYDlgGXDdWn3Pt+Sf58nh9iYe OiPt8N14k=
X-Session-Marker: 73746F6B636F6E73406262686D61696C2E6E6C
X-Spam-Summary: 2, -10, 0, , d41d8cd98f00b204,, :::, RULES_HIT:1:2:41:72:152:355:379:582:599:800:962:967:973:983:988:989:1152:1189:1208:1212:1221:1260:1313:1314:1345:1359:1431:1436:1437:1516:1517:1518:1575:1588:1589:1592:1594:1730:1777:1792:2068:2069:2198:2199:2525:2527:2528:2559:2564:2682:2685:2692:2859:2903:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3355:3865:3866:3867:3868:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4049:4250:4321:4860:5007:6117:6119:6261:6657:6659:6678:7875:7903:7904:8603:9010:9025:9036:9177:10004:10848:11232:11658:11914:12043:12291:12379:12438:12679:12683:12740:12895:13139:13439:13846:14095:14096:21080:21324:21433:21451:21627:30041:30054:30060, 0,, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:fn, MSBL:0, DNSBL:neutral, Custom_rules:0:0:0, LFtime:27, LUA_SUMMARY:none
X-HE-Tag: scene41_688329d52fc1c
X-Filterd-Recvd-Size: 10344
Received: from (imap-ext []) (Authenticated sender: by (Postfix) with ESMTPA; Tue, 20 Aug 2019 09:18:38 +0000 (UTC)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_d7c15ac00c89f4534d4346c4f9570ff1"
Date: Tue, 20 Aug 2019 11:18:37 +0200
From: Peter van der Stok <>
To: Ludwig Seitz <>
Organization: vanderstok consultancy
In-Reply-To: <>
References: <01fc01d556ce$69f73cc0$3de5b640$> <>
Message-ID: <>
User-Agent: Roundcube Webmail/1.2.7
X-Originating-IP: []
Archived-At: <>
Subject: Re: [Ace] Keeping the same key identifier for groups
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 20 Aug 2019 09:18:43 -0000

Example: If you have a CWT authorizing A for audience Z and you now also
need authorization B for audience Z, you should request a CWT for A+B
for audience Z, that replaces your previous one.

Do I understand?
two possibilities:
A and B are members of audience Z; no new CWT needed
B is a new member of audience Z; then audience Z becomes audience
Z-prime and a new CWT seems reasonable.


Ludwig Seitz schreef op 2019-08-20 11:09:

> On 19/08/2019 22:40, Jim Schaad wrote: 
>> As Ludwig pointed out during the F2F, it makes far more sense to try and
>> keep an entity using the same key identifier for as long as possible.  This
>> is in part to make sure that signing keys do not need to be retrieved if
>> they can be easily cached.  In looking at this deeper during my
>> implementation I ended up with the following question:
>> The way that I have set things up in my implementation it is simple to
>> ensure that the same kid value is going to be used with the same CWT,
>> however it might make more sense to use the signing key as the continuity
>> identifier instead.  The issue that arises in this case is that there might
>> be two different active CWT objects that are associated with the same
>> signing key.  That is there are two CWTs but the same signing key was used
>> while doing a join operation.   I already do some matching between different
>> CWTs by assuming that if the bearer key in the CWT is the same then they are
>> sufficiently equivalent to threat them as the same.  This lead to some
>> interesting discussions in Montreal about if this meant just the "secret" or
>> if it meant all of the elements provided by the AS which are used in the key
>> derivation process.  (I have gone back and forth on this and currently am
>> sitting on the "just the secret" side of the fence.)
>> Does anyone have any opinions?
> Could you please expand the explanation of your use case a bit?
> Are you thinking of a scenario where someone would be using the counter-signature key from group-OSCORE as a proof-of-possession (pop) key in serveral CWTs?
> What would these CWT authorize?
> Why would an entity hold several CWTs for the same audience?
> Side-note:
> My stance on multiple CWTs linked to the same pop-key and for the same audience is that the latter one should supersede the previous ones.
> Example: If you have a CWT authorizing A for audience Z and you now also need authorization B for audience Z, you should request a CWT for A+B for audience Z, that replaces your previous one.
> /Ludwig
> _______________________________________________
> Ace mailing list