IETF Logo Mail Archive

Re: [art] [Secdispatch] [dispatch] Plain text JSON digital signatures

Samuel Erdtman <samuel@erdtman.se> Thu, 06 May 2021 21:17 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7493A3221 for <art@ietfa.amsl.com>; Thu, 6 May 2021 14:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id te-nPA-ZbnBY for <art@ietfa.amsl.com>; Thu, 6 May 2021 14:17:01 -0700 (PDT)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A4D3A3219 for <art@ietf.org>; Thu, 6 May 2021 14:17:01 -0700 (PDT)
Received: by mail-oi1-x233.google.com with SMTP id z3so5594814oib.5 for <art@ietf.org>; Thu, 06 May 2021 14:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tSiN6yRnSZsCBJdF8dx4UOf22aRuoXZzEn9Et1bpmwM=; b=Rh9ax3ZlR1hIrQbHumCPiDxK+O3CTDTUP7iCpFpAwXpa7UTCDoYee/zOBchkWxvV3/ TQrFhNQfwby0xhGh75eIgDzJe3NzZPsqPRs47obuyDmKTsJAUl2/ubWZFH++YarAsAzO TGM4tKvr4T65J1Xs/4J9zk97zQ+/29MoSY2rX/Wux6a/msQiNi3SZq620/wCGWvHQP18 BIG2fwm3OPoaa/A1U91G3a6MqXNkm53cnak2KJcQfIRyhdT3/D8l8Hf5YpK9Ao0bn5ar KQUHuh7HnVs3eP6gO5pWMoCmGYXlC5ZddY7yozreLjdieoV3cLCANKzwRW3Kr52uBN/l u1Yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tSiN6yRnSZsCBJdF8dx4UOf22aRuoXZzEn9Et1bpmwM=; b=B0mpFPpmMV9hU+qsvVlkBqGSYzKRxNGUwr6aJA+RpRP2C/W/+OX7XBuVwsw6FNNJni NbXrE128tjwhna3dfW4t7doEmhvEGau+e+RX3tKQ0tTHIvs3+4bapiy/cOK7/cXFU1mO yDvXGTuEQUz26yCMsy9RAep8ccYLyDl1ndN7Hehh7QvSNQXcwzMBVE7s8DnUcttBnZI3 ZLtDHU6anq3CChT5wTcURL0oYiYhQFf0Bh0eJQv4jum9fsWmk6WySy4VacgRVebCp7D4 l4+Kb48DOx5o9jaNZhfCzRoCebDU5MJUC8aocB/3Y1nMFz37MtS0eocGEjxXtjwXZW1z X+lg==
X-Gm-Message-State: AOAM531q3xmokAqni7KKTIyvb07+fb674+wnV1oA6UmpDElOmTosGb5T i8u47hcc0SW9UaPFryvvrHqxzbCzvoDQWLqkD1LzSA==
X-Google-Smtp-Source: ABdhPJzsHhfd3fLNG612+su/nYa3XQrUi51ALE/bbtzILc0yT3ODMih548v+pg/XreIKOLbXjT81fLUKwDwTTxn0MUE=
X-Received: by 2002:aca:902:: with SMTP id 2mr2160060oij.59.1620335819547; Thu, 06 May 2021 14:16:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-v7uJOpjj+nbZCfQe+4JEQt-6=b6cm57iFPAn_enGeRCQ@mail.gmail.com> <3B394519-4061-43A8-8963-55A6ADEDF269@gmail.com> <19a99964-8495-2de9-b49a-52aa8321c12e@aaa-sec.com> <220475a6-1e04-107e-6327-366d48d8b420@gmail.com> <27833d9d-53c3-d01c-b01c-e7d53424b5ab@aaa-sec.com> <A88D122C-C1EB-477B-A83C-A22F1BB3CC47@gmail.com> <B8E5AF13-7B59-4329-890F-2B14766032A5@tzi.org> <CAF2hCbahPMAwe_63dT+pcz2BZSy0XOPstXqpxsCq1Vj0UmSDPg@mail.gmail.com> <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org> <CAF2hCbaAx00dxxb2jRmQzVBaW7yyhefQ33+yt0uHwvwt+W_hfw@mail.gmail.com> <C96AC8A9-B385-4A3C-B12A-1209BE99CA58@tzi.org>
In-Reply-To: <C96AC8A9-B385-4A3C-B12A-1209BE99CA58@tzi.org>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Thu, 06 May 2021 23:16:48 +0200
Message-ID: <CAF2hCbbLRt1cL_7cpOB+hV_KT5EXwc1kd0g86ZiQYM-5Zyh4-Q@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: DISPATCH <dispatch@ietf.org>, art@ietf.org, IETF SecDispatch <Secdispatch@ietf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000f0fac505c1afd472"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/7Wp8xRJy78-zAJU3jTxQL8oDsks>
Subject: Re: [art] [Secdispatch] [dispatch] Plain text JSON digital signatures
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 21:17:06 -0000

Thanks Carsten,

There was not problem reading the reply :),

To summarize my understanding you have (at least) two issues with the
current doc https://datatracker.ietf.org/doc/draft-jordan-jws-ct/
* It uses RFC8785 to create the signature input which you do not like,
since it limits the expressiveness of JSON (and uses UTF-16), CBOR could be
an alternative (but you are not pushing for it)
* You do not like putting the signature into the signed document because it
can cause all kinds of confusion, with e.g. counter signatures.

Did I capture that correctly?

Cheers
//Samuel

On Mon, May 3, 2021 at 6:06 PM Carsten Bormann <cabo@tzi.org> wrote:

> Hi Samuel,
>
> I haven’t responded to your message yet as it triggers some MacOS mail
> misbehavior.
> Let me try anyway, I hope you can parse the result.
>
> > On 2021-05-01, at 23:24, Samuel Erdtman <samuel@erdtman.se> wrote:
> >
> >> Thanks Carsten,
> >>
> >> Your clarifications were great!
> >>
> >> See some comments inline.
> >>
> >> On Sat, May 1, 2021 at 1:04 AM Carsten Bormann <cabo@tzi.org> wrote:
> >> Hi Samuel,
> >>
> >> > 1. What do you mean with data at rest, data store in database or file?
> >>
> >> The point is that you are not signing the data being transferred, but a
> local copy of some (e.g., freshly decoded) data (i.e., at the data model
> level) which is then processed a little (potentially taking out all
> signatures) and then is run through a rather complicated engine to produce
> a signing input that is a deterministic function of the decoded and
> processed data.
> >>
> >> There are easier ways to get a signing input from JSON-like data at
> rest.
> >> For a (quite workable) strawman: How about doing a CBOR encoding using
> deterministic encoding rules?
> >
> > This is a good point. Still not convinced other solutions would be
> orders of magnitude better and the proposed one is easy to implement and
> easy to understand (maybe too easy since I had not thought about your
> alternative solution).
>
> It is hard to measure interoperability in orders of magnitude…
> Doing a CBOR signing input is easy to implement and easy to understand,
> though.
> No UTF-16 needed :-)
>
> >> > Or is it data that does not change? Sorry I do not get it.
> >> >
> >> > 2. What is weird with saying "Represented in JSON”?
> >>
> >> Your scheme does NOT require (or benefit in any way from) representing
> the data in JSON.
> >> The data could be transferred in YAML (or CBOR for that matter): as
> long as your local copy of the decoded data (after the little processing)
> sticks inside the confines of the I-JSON data model, you can use your
> scheme for signing.
> >>
> > But since JSON according to https://tools.ietf.org/html/rfc7159 is
> fairly flexible, would not fitting it into CBOR require similar limitations
> as RFC8785 puts on what you can do with the JSON? (i.e. the I-JSON
> limitations)
>
> It does require some thinking.
> https://www.rfc-editor.org/rfc/rfc8949.html#section-6.2 documents what we
> arrived at when discussing that in the CBOR WG.
>
> (I’m very well aware that many applications would be content with just
> I-JSON, because they already have made their peace with it to enable
> JavaScript classic processing.  So I’m just answering the question here.)
>
> >> > is it that the RFC7493 I-JSON subset is not all that JSON could be?
> (to me this is a reasonable limitation that I in practice never have had to
> go outside)
> >>
> >> Well, that has been debated to death, and it is clear that nobody likes
> I-JSON (*), but it is the de-facto boundary within which the actually more
> capable JSON format needs to be used these days.
> >> (If you need more flexibility, you know where to find CBOR.)
> >>
> > So are you saying that CBOR would not impose the same limitations on the
> original JSON as RFC8785?
>
> Yes.  Again, please see
> https://www.rfc-editor.org/rfc/rfc8949.html#section-6.2
>
> Please note that I’m not making these points to push CBOR, even though I’m
> really convinced CBOR and its “JSON mode” can play a helpful role in
> addressing the underlying requirements.
>
> Grüße, Carsten
>
>

v2.23.0 | Report a Bug | By Email