[dispatch] Other uses of JCS (JSON Canonicalization Scheme)
Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 16 May 2019 13:12 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D9CA120132 for <dispatch@ietfa.amsl.com>; Thu, 16 May 2019 06:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zCT7PKbxLcz for <dispatch@ietfa.amsl.com>; Thu, 16 May 2019 06:11:58 -0700 (PDT)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44B961200EA for <dispatch@ietf.org>; Thu, 16 May 2019 06:11:58 -0700 (PDT)
Received: by mail-wm1-x333.google.com with SMTP id j187so7030248wma.1 for <dispatch@ietf.org>; Thu, 16 May 2019 06:11:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=e6jFoW1tkgROnQxSoFu3KnfjcdLxqj1ufD/yU/zmUgA=; b=kJZoOZTiGdkkF1GY3G6Mh+gXr4zfRGK+yhRZq+nxUB8wP4Qyu3PUkr6ocwKxbNQ+C9 HZOE5fWxB+hIjNfZskMZkxHdcY0qIGvxlsoDIVcRh/qWNe+HFb3+3mLDW8Y7fhQOdMbU submaCunuh31Yg/dlxrw7YsLUTUcAWV2OnY6INYBX/NQHa6a1QGSzALL34HZDX7vii46 fWbweFHQqL44a2324LdO8DP5YtQYJ4xYg33Uv+xg4HmRLAmdsjgfPxrGLmGepPiU2A3t PORX4HUHToP2cBlQso3/xjuyy1Jmm5aBjVlYOlb7mj8XDvskM7aXBBzPqjpIfVQeyjh8 jOTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=e6jFoW1tkgROnQxSoFu3KnfjcdLxqj1ufD/yU/zmUgA=; b=cle8yrmne97siATxGZIoC4ieKCgHGQEOgWw6CeBfpOjKAwkxCIywe+ykaCtKHgQ8m0 SxrkdFU5IcD1UrkP5mqNn//jvLXMAhy2GvFYZSB9SxTHmMcB79SN9ooMwYQE5r6djDK4 MrA14etdroKH1lBQ1KGMUI0DfiLpgoC4QJxqXpu9nQ0Xpzs7q0EyJlIftSTqhElEynM4 34B2UwFwhc75iqYT/+MeNAy8/rC+g5J4CfTkr1UUtyMCRdsgzBC9Ar9ii5oXBkVGA/Lq oIbJeCQAI+77+IsiqWWCEGlPsh7NyfsneVYjpCGnp6rWApgUgc8vP+IpooHAU6BdcseA /xEg==
X-Gm-Message-State: APjAAAUOgZeGCGyjE9Kf3Tdd7bGjMQIQ5EvZ3B9rt1I6jW4HWcbbnnma JbFdZeLX58tVcVj0LAEFdYO5O8jFOX4=
X-Google-Smtp-Source: APXvYqx5SR7w4DNPDSXEnNP+gqHbjAlkfmB0U14jPrNA/rGe5Lc0/8WSzsZs70kUEhrPl+aHmvRRFg==
X-Received: by 2002:a05:600c:230a:: with SMTP id 10mr13905627wmo.13.1558012316198; Thu, 16 May 2019 06:11:56 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id 7sm6551425wro.85.2019.05.16.06.11.55 for <dispatch@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 May 2019 06:11:55 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: DISPATCH <dispatch@ietf.org>
Message-ID: <2c55fd23-592a-98f0-ee6f-4308a8e43e73@gmail.com>
Date: Thu, 16 May 2019 15:11:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/arpKYm0OBDX0bUgGlztgT-JkWb8>
Subject: [dispatch] Other uses of JCS (JSON Canonicalization Scheme)
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 13:12:00 -0000
Since the value of clear text messaging has been unilaterally declared to be zero, maybe other and more sophisticated uses of JCS could be of some interest? In Saturn[1] JCS is used in many different ways including for signatures and encryption. However, the ability to only take a hash of JSON objects has also been put to good work. Yes, "hashable" JSON is what JCS really is. Slightly simplified.... 1. Merchant creates a signed PaymentRequest in the form of a JSON object and sends it to the User for authorization. 2. The User (SW) creates a JSON object with various properties including a timestamp, account ID and a hash of the received PaymentRequest. 3. The User (SW) signs the new JSON object using an account- and user-specific authorization private key. 4. The User (SW) encrypts the signed JSON object (User authorization) using a bank-specific encryption public key. 5. The User(SW) returns the encrypted authorization object + URL to the User's Bank to the Merchant. 6. The Merchant puts the PaymentRequest, the encrypted User authorization object and a Merchant receive account in a new JSON object. 7. The Merchant counter-signs the new JSON object and sends it to the User's Bank for "redemption". 8. The User's Bank verifies the inner and outer Merchant signatures and decrypts the User authorization object. 9. The User's Bank verifies that the User authorization object is signed by a key matching the claimed account ID. 10. If the hash of the Merchant-supplied PaymentRequest matches that of the hash in the User authorization object the request is considered valid. Next follows the actual payment transaction... Using JWS as is, the PaymentRequest would need to be duplicated in step #2. This may not seem like a big deal but why duplicate data if not necessary? JCS is BTW used some 8 times above. Quirky, ugly and potentially error-prone signature solutions like TEEP's OTrP also isn't my cup of tea: https://mailarchive.ietf.org/arch/msg/dispatch/ULq1QoecXC0xXu6M5o6m3xPtUPQ Thanx, Anders 1] https://cyberphone.github.io/doc/saturn
- [dispatch] Other uses of JCS (JSON Canonicalizati… Anders Rundgren
- Re: [dispatch] Other uses of JCS (JSON Canonicali… Bret Jordan
- Re: [dispatch] Other uses of JCS (JSON Canonicali… Anton Tveretin
- Re: [dispatch] Other uses of JCS (JSON Canonicali… Anders Rundgren