IETF Logo Mail Archive

Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

Tim Bray <tbray@textuality.com> Fri, 30 August 2013 17:54 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5A721E805F for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 10:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.472
X-Spam-Level:
X-Spam-Status: No, score=-3.472 tagged_above=-999 required=5 tests=[AWL=-0.496, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joA3MczKgaAe for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 10:54:25 -0700 (PDT)
Received: from mail-vc0-f170.google.com (mail-vc0-f170.google.com [209.85.220.170]) by ietfa.amsl.com (Postfix) with ESMTP id 6A6EE21E808E for <jose@ietf.org>; Fri, 30 Aug 2013 10:54:25 -0700 (PDT)
Received: by mail-vc0-f170.google.com with SMTP id kw10so1580719vcb.1 for <jose@ietf.org>; Fri, 30 Aug 2013 10:54:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=TFXkQQxJVcgoZhF+bCYUNi3N5KG5hzxDmjz+VCrBc7A=; b=YFOwszLvnT5FwBUCLLwV6jObnubi7DvdeRR92jsFN2YKXSFVD/hPQxjIxbBzeD2hOk 1b2OD5kZIikAqxznt6uB3IP2Yc8GtM9E3UcpFom/GKVSTr3SbJgCSQOzTAYtlsIpog9y 319zz/GOLSZ+RKcA8lfKPo7ns5Rc4hNTtzfbiDjC/MISbQ6VH2VkcuzNG4VP0d6uZLYI Iwa6JVpjnVWTGCfXbYuMlpCDHiVImASq0LdEKxoi2grKv1fAVFsz05heoNZ2v/ByRZ16 Jc6QK5N6TgehDWwuGy33T1VQynir20D/pD4a6mrTfdOMHgo617EJG3ROUTKLZL1k59kg fWGg==
X-Gm-Message-State: ALoCoQn8FKazUoUC5SsYDwpYUU9Dd113cDV8perynNMq3Uzaz844IoUUEXv+uzc0+7Xfbab4LCiH
MIME-Version: 1.0
X-Received: by 10.58.198.13 with SMTP id iy13mr9491234vec.11.1377885264634; Fri, 30 Aug 2013 10:54:24 -0700 (PDT)
Received: by 10.221.64.201 with HTTP; Fri, 30 Aug 2013 10:54:24 -0700 (PDT)
X-Originating-IP: [96.49.81.176]
In-Reply-To: <CA+k3eCRdHYNN6+dZBUwJHZ4eXfNx2CtjdZd1JNJ7DpsF+7TwMQ@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org> <1377727351.405.YahooMailNeo@web184404.mail.bf1.yahoo.com> <CA+k3eCRdHYNN6+dZBUwJHZ4eXfNx2CtjdZd1JNJ7DpsF+7TwMQ@mail.gmail.com>
Date: Fri, 30 Aug 2013 10:54:24 -0700
Message-ID: <CAHBU6iuBL2smObHpgKMOMLu_XF9btKvS-ukfa5pwxAcA6x1NGw@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="047d7b6dcb7cbd73ff04e52de97f"
Cc: Mike Jones <Michael.Jones@microsoft.com>, Justin Richer <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>, Edmund Jay <ejay@mgi1.com>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 17:54:30 -0000

This increases complexity, will break existing implementations and does’t
seem to actually reduce risk, in practice. +1 to wontfix


On Thu, Aug 29, 2013 at 10:06 AM, Brian Campbell <bcampbell@pingidentity.com
> wrote:

> Concern about accidentally leakage is fair but I don't see that
> rearranging things makes any practical difference. It would break
> things though, which is something I'd think the WG should try to avoid
> at this point without really compelling reasons to do so.
>
> On Wed, Aug 28, 2013 at 4:02 PM, Edmund Jay <ejay@mgi1.com> wrote:
> > +1
> >
> > It's apparent from the current format whether an asymmetric key is
> public or
> > private. Adding another element just causes extra checks on the format.
> >
> > ________________________________
> > From: Justin Richer <jricher@mitre.org>
> > To: Mike Jones <Michael.Jones@microsoft.com>
> > Cc: "jose@ietf.org" <jose@ietf.org>
> > Sent: Wednesday, August 28, 2013 12:53 PM
> > Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing
> > representation of private JWK fields
> >
> > If the leak is going to happen, it's not going to be on part of the JWK
> > object or JWK set, it's going to be on the whole thing. Stuffing it into
> a
> > sub-object isn't going to make it any safer in practice. If you want to
> > generate a public key from a public/private pair, you could argue that
> it'd
> > be simpler to have an outbound thing filter out just the ".private"
> > sub-object as opposed to having something key-specific, but I think the
> > latter is actually more robust against different key types since it
> enforces
> > a per-type evaluation of what's "public" and what's "private".
> >
> > I agree with Mike's contention regarding symmetric keys, below -- it's
> > tricky though. In the Nimbus-JOSE-JWT implementation of JWK we've taken
> the
> > approach of saying that the "public" version of an OctetSequenceKey is
> null.
> >
> > Parallelism on the keying material overall is a good thing though, so I'd
> > prefer to leave it how it is.
> >
> > -- Justin
> >
> > On 08/28/2013 03:40 PM, Mike Jones wrote:
> >> This is a second issue in the issue tracker that I wanted to bring to
> the
> >> working group’s attention for discussion.  My personal view is stated
> in the
> >> issue tracker comment below.
> >>
> >>                 -- Mike
> >>
> >> -----Original Message-----
> >> From: jose issue tracker [mailto:trac+jose@trac.tools.ietf.org]
> >> Sent: Wednesday, August 28, 2013 12:36 PM
> >> To: draft-ietf-jose-json-web-key@tools.ietf.org; Mike Jones
> >> Cc: jose@ietf.org
> >> Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set
> >> Format
> >>
> >> #82: Section 6. Encrypted JWK and Encrypted JWK Set Format
> >>
> >> Comment (by michael.jones@microsoft.com):
> >>
> >> This comment is about part A of this issue - the suggestion that private
> >> key material within a JWK be moved into a "private" element.  While I
> >> understand the motivation for the suggestion, this doesn't seem like a
> >> necessary or particularly useful change.  If an implementation leaks its
> >> private or shared key information by disclosing a JWK containing it to a
> >> party not entitled to have it, there's no security difference in whether
> >> that information is in a top-level member or a member of a "private"
> field.
> >> The information will have still been inappropriately disclosed.
> >>
> >> This suggestion is also ambiguously specified.  While yes, the "d"
> >> elements of elliptic curve and RSA keys could be moved to be within a
> >> "private" structure, what would be done for the "k" element of a
> symmetric
> >> key?  Would that also be moved into a "private" element?  (At that
> point,
> >> there would be no symmetric key information at the top level of the JWK,
> >> which seems more than a little odd.)
> >>
> >> Finally, I'll note that the specs already clearly delineate public from
> >> private fields, through use of the Parameter Information Class value in
> the
> >> JSON Web Key Parameters registry (with values "Public" and "Private").
>  So
> >> there should be no confusion which is which.
> >>
> >> I therefore recommend that this suggestion be resolved as "wontfix".
> >>
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
> >
> >
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
> >
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email