Re: [Acme] Specify which JWS serialization is used

[Logan Widick <logan.widick@gmail.com>]

What do you think of the following:

Content type application/jose+json: MUST be supported. If used, the JWS
will need to be in the Flattened or General serialization. Flattened MUST
be supported; General MAY be supported.

Content type application/jose: MAY be supported. If used, the JWS MUST use
the Compact serialization. Or should this content type not be allowed?

JWS Unprotected Header: Not currently used in ACME. Should this be banned
in ACME?

Multiple signatures: MAY be supported. Should messages signed by both MAC
keys and private keys be allowed? What about Key IDs not issued by the CA?
Or are multiple signatures more trouble than they're worth to the point of
banning them entirely?

Multiple signatures on messages that need to be signed by account key: At
least one signature MUST be from the account key

Multiple signatures on revokeCert: Should this be allowed?

Multiple signatures on externalAccountBinding field of newAccount: Should
it be possible to bind to multiple pre-existing accounts? Or should this
not be allowed?

Multiple signatures on newAccount: Not allowed?

Multiple signatures on keyChange: Not allowed for outer or inner JWS?

JWS Unencoded Payload Option (RFC 7797): Not allowed?

Conversion guide between the different JWS serialization formats: Is it
completely safe to assume that any and all programmers given the JWS RFC,
pre-existing JWS implementations with sufficient documentation, and
pre-existing JSON libraries with sufficient documentation could figure out
how to convert the serialization formats as needed? Or is the conversion
guide necessary? If the guide is necessary, then include a reference to a
separate new or pre-existing conversion guide. If the guide is necessary,
and there is no pre-existing conversion guide, how should the new
conversion guide be published? Should the new conversion guide be
ACME-specific, or more general (possibly with coverage of JWE as well as
JWS features not utilized in ACME)?

Sincerely,
Logan Widick

On Jan 4, 2018 5:02 AM, "Jörn Heissler" <acme-specs@joern.heissler.de>
wrote:

> On Thu, Jan 04, 2018 at 09:47:19 +1000, Fraser Tweedale wrote:
> > I am the author of a JOSE library, and have had to deal with
> > interoperability issues arising from the multiple serialisations and
> > underspecified applications/protocols.  Please heed my advice.
> >
> > Where there is a choice of JSON serialisation (i.e. exactly one
> > signature), JOSE does not require or recommend a particular
> > serialisation be used.  Not does the specification require or
> > recommend that there be a mechanism for telling a library what JSON
> > serialisation to use.  The outcome of this is that there are:
> >
> > - implementations that unconditionally produce the General JSON
> >   serialisation
> >
> > - implementations that unconditionally produce the Flattened JSON
> >   serialisation (and do not support multiple signatures at all)
> >
> > - implementations that produce the Flattened serialisation when
> >   there is a single signature, and the General JSON serialisation
> >   otherwise
> >
> > Therefore for interoperability and to avoid situations where a
> > conforming JOSE library cannot be used for ACME, I suggest that ACME
> > adopt the following regime:
> >
> > - Conforming ACME implementations MUST process JWS objects using the
> >   Flattened JWS JSON Serialization and SHOULD process JWS objects
> >   using the General JWS JSON Serialization.
> >
> > - Conforming ACME implementations MAY refuse to process JWS objects
> >   with multiple signatures.  If an implementation accepts
> >   multiple-signature JWS objects, it MUST validate at least one
> >   signature using the account's public key.
>
> This would work for me. I'm currently writing a new client (We need more
> ACME clients!) and I'd prefer to stick to a single hard coded
> serialization format which works with every conforming CA. Adding
> flexibility (Use "flat" for this CA, use "general" for that CA, etc.)
> would be troublesome.
>
> But I'm worried about client implementations that use the next best JOSE
> library which "unconditionally produces the General JSON serialisation".
> Most CAs would support it ("SHOULD"). But some might decide not to:
> "Yeah, we SHOULD support this. But our JOSE library only understands
> the flat format and everyone but YOU does use the flat format".
> Then who's to blame, the client or the CA?
>
> Should this be changed to "MUST" or to "MAY"?
> I.e. "flat" MUST be supported, "general" MUST/MAY be supported,
> "compact" MAY be supported but needs a "application/jose" content type.
>
>
> On Wed, Jan 03, 2018 at 19:51:53 -0600, Logan Widick wrote:
> >    Here is a pull
> >    request: [1]https://github.com/ietf-wg-acme/acme/pull/382
> >    Let me know what you think.
>
> > +Conforming ACME implementations MUST NOT process JWS objects using
> > +the Compact JWS Serialization.
>
> I think "compact" should be acceptable ("MAY process") iff the client sends
> a "Content-Type: application/jose" header.
>
> >    As for using JOSE implementations that lack support for the JSON
> >    serialization formats (and only support the compact one), is there an
> >    RFC, Internet-Draft, or similar document with an explanation of the
> >    conversion process already prepared (that can simply be thrown into
> the
> >    ACME draft's references section)? Or would it be necessary to include
> >    an appendix in the ACME draft with an outline of the conversion
> >    process? The conversion process looks fairly straightforward. However,
> >    it would be nice if there was a document or part of a document that
> >    could be easily referenced.
>
> Your conversion guide sounds good. But personally I'd move this to a
> separate document (like you were looking for) because it would be useful
> in non-ACME related applications too.
>
> Cheers,
> Jörn
>