Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05.txt> (JSON Web Key (JWK) Thumbprint) to Proposed Standard
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 28 May 2015 22:38 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D297D1ACC8A; Thu, 28 May 2015 15:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_52=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-gGws_Ca5tH; Thu, 28 May 2015 15:38:10 -0700 (PDT)
Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95C4A1AC44C; Thu, 28 May 2015 15:38:09 -0700 (PDT)
Received: by lagv1 with SMTP id v1so42973282lag.3; Thu, 28 May 2015 15:38:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=fwyWwh3R8aKlFCmCXfDzcTeULeA+SHaAfeGk362RQ6g=; b=TEO7H4vr5lIYxAvTeXoj5IJLnTSru1tguDZUn4Pu8WMXrYMBgvcgRGSJQOBhEPIUTZ BIXiXMxa+EpaQgt9Y0yjQEHQPeE8KGBjSnezooDKu6rw4oVRM4BH+6EjEcvYKkyl8fBa q+GAxITV6zufmqFHlOMzy5rhJWU5lTN5J6VcEV11Y9RLlkQPgUTZrPKU3EMKkZC5X5oE cdrfCwIHT5BJ0YhmOLPgl3n2DvDJwMk1JVyt4xy5y9j9vLMgWAzDMcidOpLV0mlqtYyn jhVI+/6XcBCyXK6tZT6/BUeqFb/kLSFHwANCpQEI0PPATkG3e/UTsDfc1wUE4HuKm7uG woZA==
MIME-Version: 1.0
X-Received: by 10.112.170.167 with SMTP id an7mr5018729lbc.103.1432852688035; Thu, 28 May 2015 15:38:08 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Thu, 28 May 2015 15:38:07 -0700 (PDT)
In-Reply-To: <55674AA1.9040809@cs.tcd.ie>
References: <20150528164042.7220.35163.idtracker@ietfa.amsl.com> <55674AA1.9040809@cs.tcd.ie>
Date: Thu, 28 May 2015 18:38:07 -0400
X-Google-Sender-Auth: Uj3brWTbM2X6BCbvywb098OpuJw
Message-ID: <CAMm+Lwj0qsrMQ3pmQrOgwvp7Jf0fk+EgkqBK0Ud-Tzdqf22Vmw@mail.gmail.com>
Subject: Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05.txt> (JSON Web Key (JWK) Thumbprint) to Proposed Standard
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a11c368cc7c68c305172c03db"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/PEul8CNjOXXGpo6NVq3XR4af4nI>
Cc: IETF Discussion Mailing List <ietf@ietf.org>, "jose@ietf.org" <jose@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 22:38:12 -0000
On Thu, May 28, 2015 at 1:04 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hi, > > I have one comment on this that I did raise with the WG (the > thread starts at [1] but the subject lines diverged so it's > not so easy to follow). At the end of that I think I was > correctly judged to be in the rough within the WG. I'm > raising it again now as a last-call comment (and wearing > no hat) as the issue is really about doing the same thing > in multiple protocols/WGs, so this could be a case where > IETF consensus maybe ought win over WG consensus, depending > on whether folks working on other protocols care or not. > (And I'm not sure if they do.) > > Note that if the draft as-is turns into an RFC it will not > be the end of the world, so I'd only expect that a change > would be done if there're a load of people who agree that > changing is beneficial for some actual use-case they have > or may have in future. (In other words, I really don't > expect this change to happen and I do not want it to > happen on purely theoretical grounds, but I wanted to > check just in case;-) > > So my issue is:... > > We have a bunch of other protocols (DANE, CoAP and more) > in which we use a hash of a public key. In most of those with > which I'm familiar we use the SubjectPublicKeyInfo format > from x.509 as the input bytes to the hash function. Doing > so ensures that a hash generated in one protocol/application > could in principle be meaningful in others, even if that's > not a very common thing to want. Note that using that structure > does not imply anything about using x.509 or asn.1 really as > pretty much all crypto APIs (or maybe all) provide you with > a way to extract public keys in exactly that form regardless > of whether you care about x.509 or anything related to > that kind of PKI. (So please let's not have the "I hate > asn.1/x.509/whatever" argument again:-) > > This draft defines it's own peculiar input bytes to the > hash function and even notes that there's no really good > reason for that difference:-) [2] > > I think this would be better if it supported the use of > hash input bytes that are the same as are used elsewhere. > > But, as I said before, the world won't end if this becomes > an RFC and we have to do another one later on with that > fairly trivial difference. I will agree with Stephen in part, disagree in part and propose the compromise already discussed in the OpenPGP list that I wrote up this week https://tools.ietf.org/html/draft-hallambaker-udf-00 I could not get agreement on using the PKIX KeyInfo format as the basis for the key fingerprint because it turns out that an OpenPGP key fingerprint is actually more of a fingerprint of a Key binding, there is OpenPGP info in there and it is necessary to the function. So I carefully designed UDF to allow it to be used to support PKIX KeyInfo blobs, OpenPGP key blobs or anything else that has a MIME content type and do it efficiently. Lets say you have a fingerprint and you know it is of a key but not whether it is OpenPGP, PKIX or JOSE. With my scheme you can check each possibility casewise very simply without resort to content type sniffing. Just hash the keyblob you have and then see if hashing the result concatenated with each of the three content type identifiers in turn produces a match. If not, either you don't have the key you thought you did or you don't understand it. OK so some minor irritation under the hood. But the payoff is that we can make all of these look exactly the same to the user.
- Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05… Stephen Farrell
- Re: Last Call: <draft-ietf-jose-jwk-thumbprint-05… Phillip Hallam-Baker
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… John Bradley
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Preibisch, Sascha H
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Edmund Jay
- Re: [jose] Last Call: <draft-ietf-jose-jwk-thumbp… Matias Woloski