IETF Logo Mail Archive

Re: [art] [dispatch] [Secdispatch] Plain text JSON digital signatures

Samuel Erdtman <samuel@erdtman.se> Sat, 01 May 2021 21:24 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 076DC3A10DF for <art@ietfa.amsl.com>; Sat, 1 May 2021 14:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCBfgHUN7LJh for <art@ietfa.amsl.com>; Sat, 1 May 2021 14:24:36 -0700 (PDT)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF52D3A10DC for <art@ietf.org>; Sat, 1 May 2021 14:24:35 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id f75-20020a9d03d10000b0290280def9ab76so1684863otf.12 for <art@ietf.org>; Sat, 01 May 2021 14:24:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/A8fC/y06IUQCpxXUtnwqNKNMEXAPLVQIgkwFkVzgKc=; b=11G7EeuMT2OVhfIffPfFwkJzJlhvMGddlmi9rM9TWu2Qn+YgfmJp/Se8B8lqGuRVcK 5tdrmKGsHUBfJIYzPQnbntfIdvbdSXDDyPHB0OoQpGgKLt2KcOmfOC9c7QxZhMT9PH8Y F6fqkrk5FL5/ipF9nM0HEUJM/D7kzn/9OPKJcBoAuyrzjdszVaMD5DlCX1QaCxx319dI rFUzwgCKENwNUGxtTVjCVGSDwFt7UWqXr8IkqCmZehME6ni2YtLQ/Or29IbcbSlGhepO pHPjRcX2BvHg2yDnrZhx8pmL7kXqkGPWoDrwV0JztgcXbu4U8+X8GmEU9K/uSe6y0HQV hWjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/A8fC/y06IUQCpxXUtnwqNKNMEXAPLVQIgkwFkVzgKc=; b=Yf59VxbzK37pkHAwM2owR1f5qe5Q01Cv/QEoDf6CgjEJM8tKjVVk6aCBRKYhJjqqWW zkvQ6w3RG2s0sdINDSVX9z2ywNA7tAUSBOa5qvFOn53ZX46IsQKAgxsL/et1ZW2u9CKk kJKecdvQf8cN9NrQFYeexYjIiRilf4Ojdqt5etR3xvrGI0hD7aXHvNhDoT8gI2cNPvLa vXaK07UL2pVPL/QagtnZPG+A26GeFH4ZA3Knr11ipNem3yaUTYkdD68JapZq6sZay6Uh Ddix6+NYxoSjfQt38b4IrCx/kuc6YCcECwQ8VDn33277FdhCv+GAhKkVY0FkN1LXsV2s 9UDQ==
X-Gm-Message-State: AOAM533LtVzMvkWBIR66Lq6vzY1Qgbrzmwf6H9vW8YuLarj2/IjS9vhu mGpn/Q3/PNwqLIEJW1m1CcH/Dv5yXtdTxZl24M4HKg==
X-Google-Smtp-Source: ABdhPJw/XGFSI7GGw9rZNxUUOAdVfwa8GivwmhyCLXi8eL6riv//NGsByNKYt9FhJPHTLuajOltpyTYum73w1Z3OuOc=
X-Received: by 2002:a05:6830:4ca:: with SMTP id s10mr9304681otd.79.1619904273973; Sat, 01 May 2021 14:24:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-v7uJOpjj+nbZCfQe+4JEQt-6=b6cm57iFPAn_enGeRCQ@mail.gmail.com> <3B394519-4061-43A8-8963-55A6ADEDF269@gmail.com> <19a99964-8495-2de9-b49a-52aa8321c12e@aaa-sec.com> <220475a6-1e04-107e-6327-366d48d8b420@gmail.com> <27833d9d-53c3-d01c-b01c-e7d53424b5ab@aaa-sec.com> <A88D122C-C1EB-477B-A83C-A22F1BB3CC47@gmail.com> <B8E5AF13-7B59-4329-890F-2B14766032A5@tzi.org> <CAF2hCbahPMAwe_63dT+pcz2BZSy0XOPstXqpxsCq1Vj0UmSDPg@mail.gmail.com> <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org>
In-Reply-To: <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Sat, 01 May 2021 23:24:23 +0200
Message-ID: <CAF2hCbaAx00dxxb2jRmQzVBaW7yyhefQ33+yt0uHwvwt+W_hfw@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: art@ietf.org, IETF SecDispatch <Secdispatch@ietf.org>, DISPATCH <dispatch@ietf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000d212eb05c14b5aeb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/3LPpotffeqPgihV1KXiayi3JXFs>
Subject: Re: [art] [dispatch] [Secdispatch] Plain text JSON digital signatures
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2021 21:24:42 -0000

Thanks Carsten,

Your clarifications were great!

See some comments inline.

On Sat, May 1, 2021 at 1:04 AM Carsten Bormann <cabo@tzi.org> wrote:

> Hi Samuel,
>
> > 1. What do you mean with data at rest, data store in database or file?
>
> The point is that you are not signing the data being transferred, but a
> local copy of some (e.g., freshly decoded) data (i.e., at the data model
> level) which is then processed a little (potentially taking out all
> signatures) and then is run through a rather complicated engine to produce
> a signing input that is a deterministic function of the decoded and
> processed data.
>
> There are easier ways to get a signing input from JSON-like data at rest.
> For a (quite workable) strawman: How about doing a CBOR encoding using
> deterministic encoding rules?
>

This is a good point. Still not convinced other solutions would be orders
of magnitude better and the proposed one is easy to implement and easy to
understand (maybe too easy since I had not thought about your alternative
solution).


>
> > Or is it data that does not change? Sorry I do not get it.
> >
> > 2. What is weird with saying "Represented in JSON”?
>
> Your scheme does NOT require (or benefit in any way from) representing the
> data in JSON.
> The data could be transferred in YAML (or CBOR for that matter): as long
> as your local copy of the decoded data (after the little processing) sticks
> inside the confines of the I-JSON data model, you can use your scheme for
> signing.
>

But since JSON according to https://tools.ietf.org/html/rfc7159 is fairly
flexible, would not fitting it into CBOR require similar limitations as
RFC8785 puts on what you can do with the JSON? (i.e. the I-JSON limitations)


>
> > is it that the RFC7493 I-JSON subset is not all that JSON could be? (to
> me this is a reasonable limitation that I in practice never have had to go
> outside)
>
> Well, that has been debated to death, and it is clear that nobody likes
> I-JSON (*), but it is the de-facto boundary within which the actually more
> capable JSON format needs to be used these days.
> (If you need more flexibility, you know where to find CBOR.)
>

So are you saying that CBOR would not impose the same limitations on the
original JSON as RFC8785?


>
> > 3. So I totally get that one does not like XMLDigSig, in my opinion not
> because of the signing procedures but because of the canonicalization
> process. When I looked at it I gave up and created a hardcoded template.
> The difference in canonicalization of JSON (RFC7493 I-JSON subset)
> according to RFC8785 is like night and day compared to XML
> canonicalization. In your comment it seems like you are of the opinion that
> this effort will be as tricky as XMLDigSig. do you think so?
>
> Indeed, the RFC 8785 encoding is (ignoring potential problems on the
> numeric side) simpler than canonicalized XML, even with its weird
> regression to UTF16-land.
>
> Much of the actual problems of XMLDSig weren’t in the canonicalization,
> but in the confusion of how the data at rest was to be processed for
> signing, e.g., what part of the data at rest was contributing to the
> signing input and what the signature on that part then actually meant.  JWS
> is probably flexible enough that a carefully constructed application can
> get all this right, but we are talking about non-trivial specifications
> needed beyond the boring part of generating the byte-string signing input.
>
> > 4. Not sure I agree with “clear text” or “plain text" being bad
> descriptions. Yes what is signed is the RFC8785 transformation of the input
> data, but the signature are then put into your data keeping the data in its
> original “clear text” or “plain text" as opposed to base64-url encoded. I
> guess enveloped JWS is a more accurate name but “clear text” or “plain
> text" is easy to understand.
>
> Well, I understand that the naming you chose is a good strategy for
> selling the scheme.
> It is, however, not describing what is actually going on, and I try to
> minimize the use of misleading terminology.
>

Fair point


>
> Grüße, Carsten
>
> (*) Over at the JSON mailing list, there has been some fresh discussion
> just this week about how to get around some of the implementation
> limitations, or JSON’s (deliberate!) lack of extensibility, or both.
> Archived-At: <
> https://mailarchive.ietf.org/arch/msg/json/BWkSc8JYybzmgLT0Bsmfhiwf7cY>
> and the thread behind that.
>
>

v2.23.0 | Report a Bug | By Email