IETF Logo Mail Archive

Re: [Acme] ACME draft is now in WGLC.

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 13 February 2017 20:56 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B559129485 for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:56:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TflSkV-7S26y for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:56:40 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53B8F1293EC for <acme@ietf.org>; Mon, 13 Feb 2017 12:56:40 -0800 (PST)
Received: by mail-wm0-x233.google.com with SMTP id v77so1597404wmv.0 for <acme@ietf.org>; Mon, 13 Feb 2017 12:56:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=76zdEgQsK6eML4RUfXGnz+3a9A0sJ1+yi+HXCksVNpc=; b=K2UjVi+WoyvxURjHlDfeFfbFu+FZEITlhJP+XV0NEyMhKD1Fr5cOWL4mMuohmSHyWr JV07V0yW8tRpWX6nBo2idlp45yHZ6Wl0Zfy4O0fQu85Okx+70C2mhmFY/eORplApZxC5 8JYjG0Ct1L3NNPBFMlBd3e/9loLmCT7BZr+lwITo+5zgYgCK0weayIM/SecggnjfQBEh SJerutBBCYyA75ClwqD6YMUTgjkjLnqHe3qfGeoisFeDgEfjQPjACRpN6o2uWvQeg/bD PSpJmOmgzytmtga+kzA7klRdONCj9x4j46Ge0gLQL6Kca35AclMMQHD3GMpBWCJBbCA8 0q9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=76zdEgQsK6eML4RUfXGnz+3a9A0sJ1+yi+HXCksVNpc=; b=qmbWhHu1Mi1Hg/NjmC1yekL0mIeirqt65VWCL9vmn7X33lBqtSmbq3yZn0x8FnEuj+ kGChPcM4ttnNHMN2F3NEQrkevMy1nyPSJ2tF3js3TRSwAuwRiwoQOQDwN8QWOOev7e5H Hylx4huLuU3ofsbFQ99Owd0mqWRTMC1OHGUqwFJZiZV2oyxZOYYBJxW3iRSJn77Y9kqP y1TQ7WSyPzzYvQuhghrJeZ/2qq03SZJstDi0ZyNgw0dMP5cyypx4nt1wda6v9oPWPQrF 10VK/RUn7FHAJJBp6kIn/jXUFYb08B2tYxchkQ+HR6ccsOLluXT+V9N5XUheVjOIGET3 jOQA==
X-Gm-Message-State: AMke39mhnwniD+bPOYimww0DOgeQCdx1gjN4SHn1UPDbwrHuhb0j4KbxMhGbsjZr4356kA==
X-Received: by 10.28.68.10 with SMTP id r10mr239482wma.68.1487019398825; Mon, 13 Feb 2017 12:56:38 -0800 (PST)
Received: from [192.168.1.79] (124.25.176.95.rev.sfr.net. [95.176.25.124]) by smtp.googlemail.com with ESMTPSA id u189sm762876wmu.1.2017.02.13.12.56.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Feb 2017 12:56:38 -0800 (PST)
To: Jacob Hoffman-Andrews <jsha@eff.org>, Martin Thomson <martin.thomson@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
References: <8473d9ba84894d49b2f2232370d66b46@usma1ex-dag1mb3.msg.corp.akamai.com> <83f7104eef75470181d7f81fc7604a8e@usma1ex-dag1mb3.msg.corp.akamai.com> <CABkgnnUbpFgGp3NRAocu2M4d1Zp-xjcxNFQyZ97pygTA6JM2cQ@mail.gmail.com> <0903e6e8-be00-b989-e388-cd811dd25ddf@gmail.com> <82dc202a-ed6b-3ded-d79f-e0339fff4226@eff.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <ba2a85f1-edde-d34a-2188-b2c301279a6e@gmail.com>
Date: Mon, 13 Feb 2017 21:56:15 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <82dc202a-ed6b-3ded-d79f-e0339fff4226@eff.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/BfxrWjMZvxBvSZ_G0ncgYe6AE9U>
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] ACME draft is now in WGLC.
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 20:56:42 -0000

On 2017-02-13 21:19, Jacob Hoffman-Andrews wrote:
> On 02/12/2017 10:09 PM, Anders Rundgren wrote:
>> JWS is great for what is was originally designed for.  ES6 normalization
>> nullifies the need for dressing JSON data in Base64Url.

> Could you clarify this comment? Are you proposing that ACME should not
> wrap internal fields in another layer of base64url? Or that the JWS spec
> should be revised to not wrap payloads in base64url?

Well, it is too late to change now but I proposed this more than a year back.

Martin's comment is exactly what I expected to happen when using JWS.
Hopefully there won't be that many new protocols using such measures.

ES6 serialization works, it is a standard, and it is implemented in the most
widespread JSON tools available (browsers).

JWS will probably not be revised because JWS signs "data".  What I'm advocating
are JSON/JavaScript objects optionally holding an enveloped signature which is
a rather different animal:

Using JWS:
   {
      "mydoc": {
        human-unreadable Base64Url-encoded signature container.
      }
   }

Note: "mydoc" is not signed.

Using an enveloped signature:
   {
      "mydoc": ...,
      "someotherprop" : ...,
      "signature": {
        ...
      }
   }

Anders

v2.23.0 | Report a Bug | By Email