IETF Logo Mail Archive

Re: [art] [dispatch] Plain text JSON digital signatures

Brian Rosen <br@brianrosen.net> Tue, 27 April 2021 15:47 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39F183A11E3 for <art@ietfa.amsl.com>; Tue, 27 Apr 2021 08:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46c3pPLP1nNL for <art@ietfa.amsl.com>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 788963A11D7 for <art@ietf.org>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id q4so16095843qtn.5 for <art@ietf.org>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=52erJvHyH211Q+bUlVrzfZOPr8C/5MWHC+YGVbtO83o=; b=1q9NPBKHdjC12o5GTxJOs75Q202SY+VF8VG5aPFA2zlGuCF+C8iRwoq791cwlx/Cau fDDZ7zrImFABE5jyJC3fhGXLm3Oexi14gTqiZkTbju4i/IWH0axNDel0Qna1W3TGzC2R Dzi+4OuAn+DO84LnxoyzEab6jCGzP/ziDn2aEmYDp2vp7TW37vJC9owAm/gLiJb34cAm A7O3a0FAU+pQnabtdhSSa80bsDQ9F6sFx4Y/hq+Hbwxm2mPXuhn5V0dV4V+TRygti4GG /A4PQvXaeHph+9ULR2mrWRpoD612qFrd3y29OFR81b7AGrojZVBqQ1iCzD1zlsE+8sQd tdvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=52erJvHyH211Q+bUlVrzfZOPr8C/5MWHC+YGVbtO83o=; b=JIoHyP2hwaRHZmw/C0TryRGGVKxbgitZtp/QJ3bVd8Ryz0Lb/Pl635p1rDWfez7CcH XhQ3+kboRPZ5o05prxFOWLNSqG31FI9Ed38s2GY5fJoiKNxeOHnduH2INJB48eThDNF7 nwOHNqh0HmF5vhQYmtyIhWAKHxl6SgYbdbUFQsNFID1PGy+xnX20eA+l8x7hcorWxS1P thSE3FLGz9MXTS45uGm/NJrzRDUvXcxadBhsl4UsHohDYDQVcqKaQAVXFmF0yoI7FuYT uX75Auh2QM/aYDpP/XbnpHNeNRk6a+FO/O2h5BP9bNUVYbrqeUeE4D2JdKBNI670RLvM jtqA==
X-Gm-Message-State: AOAM5314ArvYACsbGD/MIP3bzyidrFZXUTqUIbcijAI1txL1UrpxRSDL UxfYc4kOsl1sRuHcDzA4hxL2VQ==
X-Google-Smtp-Source: ABdhPJyvwSd59fOf4gmHHNFK3B7uifstEscZKI3Wgj8BZMUSVE8mbPNnw0jNtdQtZjlHMgBGnNPgSw==
X-Received: by 2002:ac8:4658:: with SMTP id f24mr22451505qto.375.1619538429846; Tue, 27 Apr 2021 08:47:09 -0700 (PDT)
Received: from brians-mbp.lan (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id p186sm2846105qka.66.2021.04.27.08.47.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Apr 2021 08:47:09 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Message-Id: <19176491-A66F-41E9-9670-C842F82FCE68@brianrosen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0A9A5627-118A-43D8-8B5C-CB5BFC966A29"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Tue, 27 Apr 2021 11:47:03 -0400
In-Reply-To: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com>
Cc: DISPATCH <dispatch@ietf.org>, IETF SecDispatch <Secdispatch@ietf.org>, art@ietf.org, rfc-ise@rfc-editor.org
To: Bret Jordan <jordan.ietf@gmail.com>
References: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/DTd5hq7-RhFSlELo2t19yuM-Z-g>
Subject: Re: [art] [dispatch] Plain text JSON digital signatures
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 15:47:16 -0000

I am very much interested in this work.  My preference would be for a Proposed Standard.  There was a lot of opposition to the idea previously, so it may be that ISE is all we can get, but I would be willing to work towards PS, either in a new, short lived work group or as part of another work group.  

Brian

> On Apr 27, 2021, at 11:27 AM, Bret Jordan <jordan.ietf@gmail.com> wrote:
> 
> Dear Dispatch,
> 
> Anders Rundgren, Samuel, Erdtman, and I have been working on an ID for your consideration. This document describes how to use JWS and JCS to create plain-text JSON signatures. The abstract reads as follows:
> 
> This document describes a method for extending the scope of the JSON Web Signature (JWS) standard, called JWS/CT.  By combining the detached mode of JWS with the JSON Canonicalization Scheme (JCS), JWS/CT enables JSON objects to remain in the JSON format after being signed (aka "Clear Text" signing).  In addition to supporting a consistent data format, this arrangement also simplifies documentation, debugging, and logging.  The ability to embed signed JSON objects in other JSON objects, makes the use of counter-signatures straightforward.
> 
> The data tracker page for this: https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ <https://datatracker.ietf.org/doc/draft-jordan-jws-ct/>
> 
> As you know there are large ecosystems that needs digital signatures for plain text JSON data, meaning where the JSON data is not base64 encoded. This ID provides a solution using existing IETF RFCs to make this work. Further, this work looks to be adopted by many groups and organizations from financial services, threat intelligence, and incident response. 
> 
> We are not sure what direction would be best for this work in the IETF, should we send to the ISE for publication or do you want to create a working group. Ultimately there is a lot of work that could be done in this space to meet the needs of the market. We would be happy with releasing these IDs for ISE publication, or for creating a working group to move them forward. It is just important to note that the market is in desperate need of these solutions. If you want to take it for a spin, there is a JWS/CT playground at: https://mobilepki.org/jws-ct <https://mobilepki.org/jws-ct>
> 
> Thanks
> Bret
> 
> -- 
> 
> Sent from my TI-99/4A
> 
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email