[jose] issues with x5c in JWE

Brian Campbell <bcampbell@pingidentity.com> Wed, 30 January 2013 02:09 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6541321F898A for <jose@ietfa.amsl.com>; Tue, 29 Jan 2013 18:09:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.476
X-Spam-Status: No, score=-5.476 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_BACKHAIR_12=1, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id KwvuDmvj1-Uj for <jose@ietfa.amsl.com>; Tue, 29 Jan 2013 18:09:03 -0800 (PST)
Received: from na3sys009aog117.obsmtp.com (na3sys009aog117.obsmtp.com []) by ietfa.amsl.com (Postfix) with ESMTP id A8C4021F8689 for <jose@ietf.org>; Tue, 29 Jan 2013 18:09:03 -0800 (PST)
Received: from mail-ob0-f197.google.com ([]) (using TLSv1) by na3sys009aob117.postini.com ([]) with SMTP ID DSNKUQiAp2zajmniqwnM+vRTBzEvFFiP449M@postini.com; Tue, 29 Jan 2013 18:09:03 PST
Received: by mail-ob0-f197.google.com with SMTP id ta14so6595665obb.8 for <jose@ietf.org>; Tue, 29 Jan 2013 18:08:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=saiPNSlJ5yucaNamkUNXRe5uEiRio54XUYxcJulCjek=; b=GY6mq+/L+C7E1FnbaOSipa/0tGGijykLLuqRnFhNde/Rh0BXgZ2J8JueBbq36+0Gik sgYIUMOBZziJo7kdpHzzznEji+wQmSC9M9okrXeM1qh61CI5Tixrtj7whT+6jg6ZUXe1 hPWbn3E+5zF6bto+lyV+LMAGEicTQH99+ylmh5K5opBJBsz8/BuVUM9b31mUeNVBv9gP I9Qtsui1lkeeyRYG7kjOPp+IXFun51omJwU0vo7jdNNONvyrcYJmteNmLa4HT/ZbpvWW nc91WDepqjAnk+IbLaXwxRwS3fsKGm6ev43dx8+g7/aoX++THdM5zF9h+wQ6BF/bNxpz QFPw==
X-Received: by with SMTP id hl1mr2276240igb.101.1359511717387; Tue, 29 Jan 2013 18:08:37 -0800 (PST)
X-Received: by with SMTP id hl1mr2276236igb.101.1359511717259; Tue, 29 Jan 2013 18:08:37 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 29 Jan 2013 18:08:07 -0800 (PST)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 29 Jan 2013 19:08:07 -0700
Message-ID: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com>
To: "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="f46d0402a9aff9a8f404d477fc8d"
X-Gm-Message-State: ALoCoQmvWQZs5BGerEqn8619M5NttAYKenJnVbNpu2DlSIftMp95a6VuOfft2CQRxXRQ77UFupl5UdzaJbg2an0heK0thy/AQvMA3cxArk05RqG4S8wI+5U2n7IJpZpunzTi07JRZCVC
Subject: [jose] issues with x5c in JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2013 02:09:04 -0000

I just noticed a couple of things in the JWE's x5c definition that struck
me as maybe not right.


"The certificate containing the public key of the entity that encrypted the
JWE MUST be the first certificate." - but it's not the public key of the
entity that encrypted, is it? It's the public key of the entity that will
decrypt. The other entity.

"The recipient MUST verify the certificate chain according to [RFC5280] and
reject the JWE if any validation failure occurs." - maybe I'm missing
something but why would the recipient verify it's own certificate chain?

And the first hyperlink in "See Appendix
for an example "x5c" value" takes you to Appendix B of JWE, which is
Acknowledgements, rather than JWS as the text would suggest.

So all those little nits could be fixed. But maybe it'd be better to just
remove x5c from JWE all together? As Richard pointed out previously,
http://www.ietf.org/mail-archive/web/jose/current/msg01434.html, there's
really no point in sending a whole chain to help the recipient identify its
own key.