[jose] Re: Do you need the JWP JSON Serialization?

Neil Madden <neil.e.madden@gmail.com> Thu, 08 August 2024 19:20 UTC

Return-Path: <neil.e.madden@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60866C180B48 for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 12:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZg078fuOgIQ for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 12:20:13 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F076AC15792A for <jose@ietf.org>; Thu, 8 Aug 2024 12:20:12 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-428e09ee91eso1650595e9.3 for <jose@ietf.org>; Thu, 08 Aug 2024 12:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723144811; x=1723749611; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=VRohnyf4/qmvnKecs25v/fZ41xDOjYCB7egtZWoDHL4=; b=N8+PxTuXsqX/Q7dmJckDTx7MitfdN/n3KsJD4kBhueNqcPrhTfoaAT1jBC6hwSL3bG +YAx8gnHYFmMBZcin6OZ1bE+XC80braDhM581PYbX7SjC0+VN4C5tJLJYtIXlU4dUius Jmkyrk1xyJh7PtT5D7EZutrnnjeO6SVQn8WiGW21Zami2O50NeAud9SXcFo7odMAr+xD 8ul5WMscJ8rW+D/vABn6y3pv5X8iHC8MtY3Bhvm69g8pRFQf7pZ1I5+dV37nRL6P3V6T xzN1EoVHzq5qAJMjeetXDFxbd0HrDjtR8uzSAWsGOdaI1vq5m3vnebjVqjb8TCCOnWI1 dtPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723144811; x=1723749611; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VRohnyf4/qmvnKecs25v/fZ41xDOjYCB7egtZWoDHL4=; b=pvfxMG9gpz2KMDTBtju08NW8wHkp8zWUZdVP9+rl7yY6AFLTpSS03gJp2A1NzQAo8y b697hLq4jv3KJa7gx6y6UR/dLCtaN6v+KpmJ+gx98V5XuLoJ7MRsdhHQcPfFAUONjAG+ gZ0WnedxkUIefIMKOt1Oe4UuMKTHBUqiTvCeS3yi2Zo3+VZqVG5ZDR8a5DqTk9OxS+2B nhvDvZ5CQOzPg+YXPPK4JsLszNMfmeTGBFHvsf3nzMg+rYFFSriHxvWEaDartR/DmFOC F/u88QE2NLfQdqfdxO59ZNFqAdiUDL298CmKlooDke4msLPb/T+H7X721YMObs1m+dIX eHcA==
X-Forwarded-Encrypted: i=1; AJvYcCXEzt7NuR2QJeEr8WffSTeUIeD04TNe/U8DMZVEjtBUTEid7vut/wCuhCVfdGH0OzN9BbkFnEqP1EEhGTh+
X-Gm-Message-State: AOJu0YxscrdRIJ+WnXFqPZ9xKZLaa8F5Hy2YI/BFx4EJfTLdX8owSl1O 4chEPD0RiKsgKidYmZ3C/ifW4Y8FtOb8ydrwP14L3LD854TDUBnEv4nUew==
X-Google-Smtp-Source: AGHT+IEwCxW7UFGSGcLBB253cx1cgRkxQqRdJOZTP9PZt8axt64VgSQIKy+ltDNH8gGSCQH5gO4MSw==
X-Received: by 2002:a05:600c:350c:b0:427:9f71:16bb with SMTP id 5b1f17b1804b1-4290af49912mr13576585e9.6.1723144810147; Thu, 08 Aug 2024 12:20:10 -0700 (PDT)
Received: from smtpclient.apple (220.60.90.146.dyn.plus.net. [146.90.60.220]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4290c74a96bsm37335985e9.24.2024.08.08.12.20.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Aug 2024 12:20:09 -0700 (PDT)
From: Neil Madden <neil.e.madden@gmail.com>
Message-Id: <8EF444AE-9D1C-4A4F-82CF-E91D91C9A237@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DB0C43E3-24AF-420C-B9D4-E1FB1DD751E1"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.8\))
Date: Thu, 08 Aug 2024 20:20:08 +0100
In-Reply-To: <CAN8C-_+fh5UxVjvoQe5+VMZoWufkHM9CYaNbFagkoeN-ZNY4=A@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
References: <SJ0PR02MB74391ECC2D8130E1F0994C1AB7BF2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCQNWURoC=PcgNsmqGNhbd0Vpu9ukSwx+ZzJ7zLLS1hckg@mail.gmail.com> <CAN8C-_LYKz2Vg6gDQv3mRX4KsJnESeyc=Af58V_DBiLGV_Hqpg@mail.gmail.com> <CA+k3eCSw6+C3Hs3ijsUrO1rVNJbHTt8ggAp6AtcLkgRoH6vVFw@mail.gmail.com> <CAN8C-_+fh5UxVjvoQe5+VMZoWufkHM9CYaNbFagkoeN-ZNY4=A@mail.gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.8)
Message-ID-Hash: KRDQMTTEA4PWIZ3S3ALMNZAL5DP4TRI3
X-Message-ID-Hash: KRDQMTTEA4PWIZ3S3ALMNZAL5DP4TRI3
X-MailFrom: neil.e.madden@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Do you need the JWP JSON Serialization?
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/4ryzFao6dFxh6pvUlY4wQBaw5W0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Maybe I’m missing something, but all of the disclosures are covered by the SD-JWT signature and so (a) are protected, and are (b) immutable.

— Neil

> On 8 Aug 2024, at 19:18, Orie Steele <orie@transmute.industries> wrote:
> 
> That's fair : )
> 
> Let's replace "suspicion" with "I would have argued for a different design".
> 
> In JOSE, ~ is just used as a placeholder for "missing unprotected header".
> 
> You still need to validate that the correct mutable data was included, and that no "unexpected mutable data" was included.
> 
> That's a "verifier policy over mutable data".
> 
> In the context of SD-JWT that means checking disclosures, matching their hash to the kbt and making sure the kbt is signed by the cnf.
> 
> That is very similar to the kind of unprotected header processing that COSE supports, see:
> 
> https://www.rfc-editor.org/rfc/rfc9338.html#section-2 <https://www.rfc-editor.org/rfc/rfc9338.html#section-2>
> 
> Sure maybe it's less obvious that jwt (cnf) -> disclosures -> hash -> kbt signed by cnf is a kind of counter signature.
> 
> But it is a second signature, over a specific set of disclosures that is grouped together with the first signature, which are verified together.
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-10#section-9.1 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-10#section-9.1>
> 
> """
> Unprotected headers other than disclosures are not covered by the digest, and therefore, as usual, are not protected against tampering.
> """
> 
> This is similar to how values in unprotected headers in COSE are not protected, unless there is some "verification process" such as checking a counter signature, or merkle tree inclusion proof.
> 
> Isn't JWP meant to replace SD-JWT in some cases that require stronger unlinkability?
> 
> IIRC SD-JWT and OAUTH had good reasons to define a JSON Serialization, and if it's used, those users should be able to switch to JWP or CWP in the future.
> 
> OS
> 
> 
> 
> 
> 
> On Thu, Aug 8, 2024 at 12:33 PM Brian Campbell <bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com>> wrote:
> 
> 
> On Thu, Aug 8, 2024 at 11:27 AM Orie Steele <orie@transmute.industries> wrote:
>  <snip>
> 
> If JWTs had unprotected headers, I suspect SD-JWT would have used them for the mutable part (disclosures).
> 
> That suspicion is entirely incorrect. 
>  
> <snip>
> 
> 
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
> 
> 
> -- 
> 
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries <http://www.transmute.industries/>
>  <https://transmute.industries/>
> _______________________________________________
> jose mailing list -- jose@ietf.org <mailto:jose@ietf.org>
> To unsubscribe send an email to jose-leave@ietf.org <mailto:jose-leave@ietf.org>