IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

John Bradley <ve7jtb@ve7jtb.com> Tue, 28 August 2012 15:09 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FDFA11E80F6 for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 08:09:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.493
X-Spam-Level:
X-Spam-Status: No, score=-3.493 tagged_above=-999 required=5 tests=[AWL=0.105, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mK4OrG6rEMA2 for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 08:09:18 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 466DF11E80F7 for <jose@ietf.org>; Tue, 28 Aug 2012 08:09:18 -0700 (PDT)
Received: by qcac10 with SMTP id c10so4018253qca.31 for <jose@ietf.org>; Tue, 28 Aug 2012 08:09:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=K1L8KYSXvjzUiLx9k1+tO5oGyinXZN8BFWnf16trzD0=; b=dkD6RCGZmN9tQ6M4u3svB4w3N3Wz+3X8pEpBsV94BSFaRbfVggaa1a3vUUhVi3sPBb LywZt3wAdB+7wtANxkJ8p2sZl3BLJabgnYPUCwgQVvZd86yEpjcgDxL2OLhjdkTq+7Gg hDTrDNGN9z3EmsrVYOtWUUwrMAaRJFyoOszMj1otpqlrDWia16i5IRNT6PVD5RJKYiy0 lHyEX15jxJZOHSnCGgXkqXYx+4D6cOI9LCDxHcJK1eMbCBSpFJW5ehWHPDy9+jISnK9q PkveCURFEYt4OWDn4OHduJThTykqL82sqa47MRbtpdn5NdagCvczgWnIqLYQX8c7eg5B H6OA==
Received: by 10.224.53.4 with SMTP id k4mr13931734qag.32.1346166557182; Tue, 28 Aug 2012 08:09:17 -0700 (PDT)
Received: from [192.168.1.211] (190-20-54-75.baf.movistar.cl. [190.20.54.75]) by mx.google.com with ESMTPS id gd3sm12248941qab.13.2012.08.28.08.09.13 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 28 Aug 2012 08:09:15 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_6ED0C75A-1A0D-4CE5-8A9E-4E31AB188085"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <503CD692.4020007@mitre.org>
Date: Tue, 28 Aug 2012 11:09:07 -0400
Message-Id: <F668D905-31C6-4D76-935F-4AD4A8859876@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAHcDwFzh6HcgsJYFXq71RWSwKWkMADBNQH7_goAtTFNmz-wSwQ@mail.gmail.com> <503CD692.4020007@mitre.org>
To: Justin Richer <jricher@mitre.org>
X-Mailer: Apple Mail (2.1486)
X-Gm-Message-State: ALoCoQnCwrUvvbzEFCXXvNoyExG7mJ6qmKYrpRvPuHq5NREr+cOSDDvQbrkR3bYWVVB6rfgeAybs
Cc: Axel Nennker <ignisvulpis@googlemail.com>, Mike Jones <Michael.Jones@microsoft.com>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 15:09:19 -0000

In OAuth 2 state gets overloaded with a bunch of things from preventing XSRF to providing a handle to look up who the the authorization request was sent to.

In Connect we added a nonce sent by client that is returned inside the signed id_token (JWT) to allow the client to detect replay, and optionally reference a specific browser session that presents the id_token.

The nonce I suggested for JOSE is not ether of those.  

I used nonce in the sense that it is used with stream cyphers when the same key is used over multiple messages.

JOSE will be used for more than OAuth and JWT.   There are cases where adding entropy to the header will be a security benefit.  I would like to have a standard claim for doing that.
If people want to call it something else that is fine, but it is a nonce by definition.
If used it should be a random or pseudo random value that is time variant with sufficient granularity to ensure a nonce is used only once.

John B.

On 2012-08-28, at 10:32 AM, Justin Richer <jricher@mitre.org> wrote:

> On 08/25/2012 03:37 AM, Axel Nennker wrote:
>> To clarify: What is the base specification that Jim mentioned? 
>> Is it: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03 ?
>> 
>> Would somebody please present a use-case for either nonce or timestamp?
>> If a jwt is used with oauth2 then what is the difference between nonce and state? Nonce would be signed while state is not?
>> 
> 
> Nonce would generally be generated by the entity creating the token. State in OAuth is generated by the client, and would only be protected if the client had a means to make a signed request to the server, using either a MAC binding or a JWT-based OIDC-style RequestObject.
> 
>  -- Justin
> 
>> I guess I am missing some information that those in the room who voted "yes" had?
>> 
>> Axel
>> 
>> 2012/8/25 Mike Jones <Michael.Jones@microsoft.com>
>> I'll note for discussion purposes that a nonce and a timestamp are not the same thing (although sometimes they are used to achieve similar/related goals).  A nonce tends to be an opaque value that must be preserved across the communication.  Whereas a timestamp typically has defined semantics - sometimes simply a non-decreasing integer value - and sometimes a representation of time, and then, sometimes with a uniqueness requirement.
>> 
>> For discussion purposes, I'll say that the simplest thing for us to do (should we decide to do anything in this regard) would be to define the nonce as an opaque string value that must be preserved.
>> 
>> We could also define a timestamp parameter, but as I wrote above, that would likely require us to specify additional semantics - starting with whether it's a non-decreasing integer or a representation of a time value.  This seems much harder to define and possibly to use than a nonce.
>> 
>> Would it make sense to define a nonce parameter now and hold off on defining a timestamp parameter until there's a clear demonstrated use case for which a nonce is not sufficient?  That would be my personal recommendation.
>> 
>>                                 Best wishes,
>>                                 -- Mike
>> 
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
>> Sent: Friday, August 17, 2012 12:05 AM
>> To: jose@ietf.org
>> Subject: [jose] POLL: Nonce/Timestamp parameter
>> 
>> <CHAIR>
>> 
>> If you voted at the face-2-face please do not vote again.  If you want to provide comments please change the title from POLL to DISCUSS.
>> 
>> Do we need to define a nonce/timestamp parameter in the base specification?
>> 
>> 
>> 
>> Room vote:  6 yes, 0 no, 1 discuss
>> 
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>> 
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>> 
>> 
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.43.4 | Report a Bug | By Email | System Status