Re: [jose] Canonical JSON form

Anders Rundgren <anders.rundgren.net@gmail.com> Sun, 18 November 2018 18:06 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FF6212D4E7 for <jose@ietfa.amsl.com>; Sun, 18 Nov 2018 10:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uhMdjfmTCBco for <jose@ietfa.amsl.com>; Sun, 18 Nov 2018 10:06:29 -0800 (PST)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2C39126CC7 for <jose@ietf.org>; Sun, 18 Nov 2018 10:06:28 -0800 (PST)
Received: by mail-wm1-x32f.google.com with SMTP id p2-v6so3102270wmc.2 for <jose@ietf.org>; Sun, 18 Nov 2018 10:06:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=1zJF74IXMv442gO8ezBbv/MRL7TPJlh3smkIzgd6eOM=; b=SvgR1etSKqppIwvYNrnRhduU4lQeSErD9NNakiv0FJwYB8ES6KahHLKuqpQ2cQkUpm pDdY1ezWGbz4oIsgH346SJEZpDWddmXKpjn+QWXpNgZiudL5s0DiY7LRhWnmF2jc6eet rlThVocTFZyO04jXdagX2e70Wvf6iScrN1n+Ahos4vLLkqwTK69Nn+mtpPv+UpdvBLXD 5HUfqJgK4x8NUIcGu+POE/DJFa2WEIzFZoTW5FqXsMXNcG2UmEGIxur8kuJTZjoQOLAp mX0micdIIofA3Y4OH6pHEHyo6MAZVEgrWIEi167cNcMCce6HGwaN3mZdn6X8dmIypu3G I/fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=1zJF74IXMv442gO8ezBbv/MRL7TPJlh3smkIzgd6eOM=; b=USzeLw3pZiqYKWbhw2hj7fWDd9qEALvGtBXSFXwzLRff9Godv1CDRNMXe10/J+8/qE brJU+yI6SN7KBsF1mkBabHZR3+Y3yK2R2VBd1hIuv26LqWw84VllxrKQGIuvAkTRAzqb qRDaJTVRz4/Zm7TkuW3M1akNYCq3qx7QArGE5g5UcWegOEn6tNfhv5rHvxqAwlkaxgke rBsYi+LfGLp/DDwsbsGVbzRXNwq58vpUV5IoOg8bjCiNxbuIW3NeZVkrfSk3NnswsO+z SKBO6sKH/3CvifEa0xtRYR1It9fBRDDJ3MEkKovAZVuC7/qoD7dWghUxYu8CZwo0U2uh 4u9w==
X-Gm-Message-State: AGRZ1gIPvY+b8B519/MdRIEUiV3VJnIu1dgO8bz6Q4DxO2HcJbPJTUto DGmEZib9Mb8aJVwOA8SLhVJZVyrz
X-Google-Smtp-Source: AJdET5dyk9ajJe4EbX+w3Cbp/YRM6t7l8YsQKCseUgIJmfvAFXAMlF1V9Pls4v93VlcWwT1sD9sq8w==
X-Received: by 2002:a1c:23c1:: with SMTP id j184mr4700032wmj.16.1542564386468; Sun, 18 Nov 2018 10:06:26 -0800 (PST)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id z6-v6sm35598261wrs.19.2018.11.18.10.06.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Nov 2018 10:06:25 -0800 (PST)
To: Jim Schaad <ietf@augustcellars.com>, 'Carsten Bormann' <cabo@tzi.org>
Cc: jose@ietf.org
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com> <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com> <CAOASepM=hB_k7Syqw4+b7L2vd6E_J0DSAAW0mHYdLExBZ6VBuw@mail.gmail.com> <00ad01d460f4$69ae8a00$3d0b9e00$@augustcellars.com> <8436AEE7-B25A-4538-B8F6-16D558D9A504@gmail.com> <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com> <CAHbuEH6DCD7Zc+PK3TnCBkKv1esnROwyCcDb8ZR+TKwgQQ+yXQ@mail.gmail.com> <0E6BD488-74D5-4640-BC31-5E45B0531AFC@gmail.com> <CAHbuEH5oH-Km6uAjrSr0pEHswFBLuDpfVweQ+gpj472yk+8iTQ@mail.gmail.com> <073CB50F-8D91-4EF6-90BE-FC897D557AA6@oracle.com> <A37D69B1-6B77-4E11-8BB9-A0209C77752C@tzi.org> <434fbdb6-0202-5a02-4cec-9332fbbe548c@gmail.com> <FBBFA6FA-4B0C-4239-9145-0B713120EC98@tzi.org> <01fd01d47f5f$4c4889f0$e4d99dd0$@augustcellars.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <7b1d293c-1d97-44e4-0cd8-55ec1db6c3b5@gmail.com>
Date: Sun, 18 Nov 2018 19:06:22 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <01fd01d47f5f$4c4889f0$e4d99dd0$@augustcellars.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/5U3kz_0N6CFUm83VlkIyPoWGh7c>
Subject: Re: [jose] Canonical JSON form
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 18:06:31 -0000

On 2018-11-18 17:53, Jim Schaad wrote:
> 
> 
>> -----Original Message-----
>> From: jose <jose-bounces@ietf.org> On Behalf Of Carsten Bormann
>> Sent: Sunday, November 18, 2018 7:00 AM
>> To: Anders Rundgren <anders.rundgren.net@gmail.com>
>> Cc: jose@ietf.org
>> Subject: Re: [jose] Canonical JSON form
>>
>> On Nov 18, 2018, at 08:53, Anders Rundgren
>> <anders.rundgren.net@gmail.com> wrote:
>>>
>>> On 2018-10-11 21:03, Carsten Bormann wrote:
>>>> On Oct 11, 2018, at 20:23, Phil Hunt <phil.hunt@oracle.com> wrote:
>>>>>
>>>>> I am not sure of the value of canonicalization.  I prefer bytestream
>> encoding style where the original content goes with the signature.
>>>> I’m afraid a lot of people are sitting in front of their screens silently
>> agreeing, but not typing anything because their hands are tied up in an
>> interminable facepalm.
>>>
>>> Those who are not stuck in an a ever-lasting facepalm may not be entirely
>> comfortable with signature schemes that completely change the structure of
>> signed messages.  COSE do this as well?
>>
>> I don’t understand the question.  The point of COSE is that the signed message
>> is not changed at all.
>> (With JOSE, it needs to be base64-encoded for transfer, but it also isn’t changed
>> otherwise.)
> 
> COSE does do the same type of wrapping as what the JOSE standard does.  In that sense -- that the content being signed and the signature are not at the same level in the encoding - yes it "completely changes the structure of the signed message".
> 
>>
>>> Well, you can of course add artificial unsigned layers (like the TEEP folks do),
>> but that smells “workaround" rather than solution.
>>
>> Again, I don’t understand.

There's no mystery going on here.  The TEEP folks needed Signed Data rather than Signature objects with embedded Data.

JSON can (as I have shown) fairly easily accomplish this without adding [redundant] unsigned wrapper objects.

Another application I stumbled on is Open Banking, here in a request scenario:
POST /payments HTTP/1.1
x-jws-signature: eyJhbGciOiJFUzI1NiJ9..EzZmI2LxhWyCf9ljJBw-Z3i9uxnJu6XL5ljTY==
Content-Type: application/json

{
   "Data": {
    ...OB specific data..
  },
   "Risk": {
    ...OB specific data..
   }
}


Using JWS + JSON canonicalization:
POST /payments HTTP/1.1
Content-Type: application/json

{
   "Data": {
    ...OB specific data..
  },
   "Risk": {
    ...OB specific data..
   },
   "x-jws-signature": "eyJhbGciOiJFUzI1NiJ9..EzZmI2LxhWyCf9ljJBw-Z3i9uxnJu6XL5ljTY"
}

What's the advantage with that you may wonder?  Well, signed data becomes a self-contained object which can
- pass arbitrary proxies
- be stored in a database
- be embedded in another JSON object to for example support countersigning
etc. without losing its edge.

I would consider a similar solution for CBOR/COSE.

Anders
https://mobilepki.org/jws-jcs

 > > But maybe what I wrote earlier is still applicable:
> 
> How it smells depends on how one looks at the world.  For me it smells "this is the right way to do things".  YMMV.
> 
>>
>>>> To the people asking for a c14n solution for signature: If you want XMLDSig,
>> you know where to find it.
>>>> The basic approach of having humongous XML documents that get
>> signatures added to themselves as part of the document only makes sense in
>> certain processing models that went out of favor with XML.
>>
>> This.
>>
>>>> JOSE does the right thing for more modern applications.
>>
>> And this.
>>
>>>> I’m not opposed to doing some “c14n” work on serialization schemes —
>> deterministic serialization has other applications than just XMLDSig.
>>
>> RFC 7049 has some recommendations for “c14n" that are being cleaned up and
>> updated for 7049bis.
>> Those are implemented in a few CBOR libraries, albeit not in all.
>> The RFC 7049 version of “c14n” is in use in some other SDOs’ work.
>>
>>>> I definitely do not like giving the message that c14n-based signatures are
>> the new thing that will replace doing the right thing (JOSE, that is).
>>
>> And this.
>>
>> Grüße, Carsten
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>