Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
John Bradley <ve7jtb@ve7jtb.com> Thu, 17 December 2015 16:16 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6761E1A1A45 for <jose@ietfa.amsl.com>; Thu, 17 Dec 2015 08:16:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzAaF0Oj7t6E for <jose@ietfa.amsl.com>; Thu, 17 Dec 2015 08:16:09 -0800 (PST)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86CDD1B2F09 for <jose@ietf.org>; Thu, 17 Dec 2015 08:16:06 -0800 (PST)
Received: by mail-wm0-x22e.google.com with SMTP id l126so28523158wml.0 for <jose@ietf.org>; Thu, 17 Dec 2015 08:16:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iFj6nsFuk2up0EKKXFk4RpYkxYTgGc4kMN5NaGF7VHA=; b=b3Zjsq7WCYN4LuK6VzkOCuAjg/WXfKVEm0OsjRJtGGLjIn9BrAHRcbTtSIfbzkHexE Fw28ELVjfsOKV4DlplKrtsxRmQWK/Ctu5KrqpmVvB+wvSeaTshw+nWkTr2gHNn9R0owQ JRuboiwpnTczyTqNoloN993rLqs+xl1coc96dR2sasjLHeQ9qa6olGlOXYvzjzhuq6T1 FJD1IIEgHgU+hTaKhgB8UVplV7YYZFCNQQD9o/YmVDmUXQ38AoTl2RwIy91GK+b7hClt UKLQOcURsVNtz3Y3ovulCgFOqsOGNIL0zJrsBHXhGttWpf8lRsQfjt1kg3sg16tptMfa 2Mfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=iFj6nsFuk2up0EKKXFk4RpYkxYTgGc4kMN5NaGF7VHA=; b=ONhTTvAkXoxhJP2hFHAy94QqZrJBrCljRkEQUxm9xfNoGVi1oDLxvmgoCQn82Dgziq mkapOPXoLJkJFU7xDXaiZem2Bh4887OlhxRtTCQsfHRNy1wO2wBRCcsbQVyO8pdQO6bf +uzdWWV18VqU6sOhWSqNdeCUxLkPU5wTY7wW8HSrsPL9Fu9UW1RUA3SDvF00m7Dq+sB4 hrnsBqgPSzxCmvTXbQJE+LNCoFNNK9tT0/S3tU3xFW6gYkf/gfsuz5r8VH4eqSXdtGXa LzH+gEI4VQeu3tge4zzQC1TdiwoJ2ZIpu+6tPWDsgu3wce5Vj/oRCqsMDgpVQbIOAQ3F Cgug==
X-Gm-Message-State: ALoCoQl5RbDA5K4mo3ooiFy5fr2XI9Ze8kcq4AFtzE36mKHIRIpV6jys/2sEMIKBCob23XhXoQOt8bTA426HpgeNSN7ibn1N1w==
X-Received: by 10.194.85.165 with SMTP id i5mr46767227wjz.173.1450368964945; Thu, 17 Dec 2015 08:16:04 -0800 (PST)
Received: from [192.168.2.109] (p5DD8474B.dip0.t-ipconnect.de. [93.216.71.75]) by smtp.gmail.com with ESMTPSA id bg10sm11038845wjb.46.2015.12.17.08.16.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 17 Dec 2015 08:16:03 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAHbuEH4yrcqmJ0uWvv2iZXZjdKGSOzcAH34i6uU2QpSyuUq=ug@mail.gmail.com>
Date: Thu, 17 Dec 2015 17:16:00 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <F32EA5FF-A5A4-434A-A4C8-D57657352B13@ve7jtb.com>
References: <20151217112025.22801.65457.idtracker@ietfa.amsl.com> <BY2PR03MB4429A8A55EB13BCF8227BEBF5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672B939.4020507@cs.tcd.ie> <BY2PR03MB442F5A1BDF03E7997843CF0F5E00@BY2PR03MB442.namprd03.prod.outlook.com> <5672BD41.3000804@cs.tcd.ie> <2A23B5AE-6E82-4A44-A0D8-3D7970C57438@ve7jtb.com> <B8649513-3B05-417F-B551-46FFDA5689C2@ve7jtb.com> <CAHbuEH4yrcqmJ0uWvv2iZXZjdKGSOzcAH34i6uU2QpSyuUq=ug@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/5lDUWWcoIpZ_y17m8Oln3ng6tgg>
Cc: "jose-chairs@ietf.org" <jose-chairs@ietf.org>, "ietf@augustcellars.com" <ietf@augustcellars.com>, Michael Jones <Michael.Jones@microsoft.com>, "draft-ietf-jose-jws-signing-input-options@ietf.org" <draft-ietf-jose-jws-signing-input-options@ietf.org>, "jose@ietf.org" <jose@ietf.org>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input-options-08: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 16:16:16 -0000
One additional requirement that I would like to add to Mikes text is that if the signer is signing any sort of external content then it MUST include crit. If the sender is bad then it doesn’t need to confuse the client and is going to do what it wants with including crit anyway. If the sender is good it won’t attack itself unless you can get it to sign external content. I can see an attack where the attacker provides the signer with external content that has a bad part that is base64 encoded and a unencoded part, the signer might verify the unencoded part, and the base64 decoding at the receiver decode the base64 and discard the unencoded portion leaving only the bad part of the message. So I on consideration I strongly prefer any signing over external content to include crit. John B. > On Dec 17, 2015, at 4:39 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > On Thu, Dec 17, 2015 at 9:32 AM, John Bradley <ve7jtb@ve7jtb.com> wrote: >> Sorry I just recounted, it is a extra 20 bytes per message with the encoded header and not 6. >> >> That is a bit more but probably not worth dying over. I still prefer the smaller option. > > If we could get to a consensus on this and which text is preferred, > that would be helpful. > > Thanks! > Kathleen > > >> >> John B. >> >>> On Dec 17, 2015, at 3:04 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: >>> >>> I prefer making crit only required if the producer is not certain that all potential recipients understand/the extension. >>> >>> However it would not be the end of the world for me from a size perspective if crit was always required. Trading 6 octets for saving 1/4 of the body size is not a bad trade off. >>> >>> The issue for me is more always requiring something to be sent that is known to not be used. >>> >>> So I am on the not forcing crit side but could live with the consensus if it goes the other way. >>> >>> John B. >>> >>>> On Dec 17, 2015, at 2:48 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >>>> >>>> >>>> Great. For completeness, the alternative proposed by James Manger >>>> (which I'd also prefer) was: >>>> >>>> The "crit" Header Parameter MUST be included with "b64" in its set >>>> of values to ensure the JWS is rejected (instead of being >>>> misinterpreted) by implementations that do not understand this >>>> specification. >>>> >>>> My discuss then is asking if, after all this discussion, the WG >>>> prefer the above or that below. I'll take the WG chairs word on what >>>> they conclude as the outcome. >>>> >>>> S. >>>> >>>> On 17/12/15 13:44, Mike Jones wrote: >>>>> Sure, I'm obviously fine asking the working group what they think of the new text. Working group - this new text at https://tools.ietf.org/html/draft-ietf-jose-jws-signing-input-options-08#section-6 is: >>>>> >>>>> 6. Using "crit" with "b64" >>>>> >>>>> If a JWS using "b64" with a value of "false" might be processed by >>>>> implementations not implementing this extension, then the "crit" >>>>> Header Parameter MUST be included with "b64" in its set of values to >>>>> cause such implementations to reject the JWS. Conversely, if used in >>>>> environments in which all participants implement this extension, then >>>>> "crit" need not be included, since its inclusion would have no >>>>> effect, other than increasing the JWS size and processing costs. >>>>> >>>>> Thanks all, >>>>> -- Mike >>>>> >>>>>> -----Original Message----- >>>>>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] >>>>>> Sent: Thursday, December 17, 2015 2:32 PM >>>>>> To: Mike Jones <Michael.Jones@microsoft.com>; The IESG <iesg@ietf.org> >>>>>> Cc: ietf@augustcellars.com; jose-chairs@ietf.org; draft-ietf-jose-jws-signing- >>>>>> input-options@ietf.org; jose@ietf.org >>>>>> Subject: Re: Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input- >>>>>> options-08: (with DISCUSS and COMMENT) >>>>>> >>>>>> >>>>>> Hiya, >>>>>> >>>>>> On 17/12/15 13:20, Mike Jones wrote: >>>>>>> Thanks for your review, Stephen. Replies inline below... >>>>>>> >>>>>>>> -----Original Message----- From: Stephen Farrell >>>>>>>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Thursday, December 17, >>>>>>>> 2015 12:20 PM To: The IESG <iesg@ietf.org> Cc: >>>>>>>> draft-ietf-jose-jws-signing-input-options@ietf.org; Mike Jones >>>>>>>> <Michael.Jones@microsoft.com>; Jim Schaad <ietf@augustcellars.com>; >>>>>>>> jose-chairs@ietf.org; ietf@augustcellars.com; jose@ietf.org Subject: >>>>>>>> Stephen Farrell's Discuss on draft-ietf-jose-jws-signing-input- >>>>>>>> options-08: (with DISCUSS and COMMENT) >>>>>>>> >>>>>>>> Stephen Farrell has entered the following ballot position for >>>>>>>> draft-ietf-jose-jws-signing-input-options-08: Discuss >>>>>>>> >>>>>>>> When responding, please keep the subject line intact and reply to all >>>>>>>> email addresses included in the To and CC lines. (Feel free to cut >>>>>>>> this introductory paragraph, however.) >>>>>>>> >>>>>>>> >>>>>>>> Please refer to >>>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html for more >>>>>>>> information about IESG DISCUSS and COMMENT positions. >>>>>>>> >>>>>>>> >>>>>>>> The document, along with other ballot positions, can be found >>>>>>>> here: >>>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-op >>>>>>>> tions/ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>>>> DISCUSS: >>>>>>>> --------------------------------------------------------------------- >>>>>>>> - >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> The "crit" point raised in the gen-art review and maybe elsewhere is I think >>>>>>>> correct but I don't think section 6 of -08 is a good resolution of >>>>>>>> this topic. However, I'll clear if this is the WG consensus but it's >>>>>>>> hard to know that's the case for text just added yesterday. To >>>>>>>> resolve this discuss we just need to see what the WG list says about >>>>>>>> the new text. >>>>>>> >>>>>>> Jim's shepherd write-up at >>>>>>> https://datatracker.ietf.org/doc/draft-ietf-jose-jws-signing-input-opt >>>>>>> ions/shepherdwriteup/ records the working group's desire to not >>>>>>> require the use of "crit" >>>>>>> when it isn't needed. He wrote: >>>>>>> >>>>>>> "(6) The fact that there are two different versions of encoding that >>>>>>> produce the same text string for signing is worrisome to me. The WG >>>>>>> had the ability to address this when producing the JWS specification >>>>>>> and decided not to do so that time. In this document, the desire to >>>>>>> allow for things to be smaller has lead to the fact that the b64 and >>>>>>> crit headers can be omitted as being implicit. This was the desire of >>>>>>> the WG, but I personally feel that it is the wrong decision." >>>>>> >>>>>> Fair enough, so the chair/shepherd, gen-art reviewer and seems like a few >>>>>> IESG members all find the current position unconvincing as does the one >>>>>> implementer who posted to the WG list since the new text was added. >>>>>> Wouldn't you agree there's enough there to justify asking the WG once more >>>>>> what they think about that 13 byte overhead to prevent interop and maybe >>>>>> even security problems? >>>>>> >>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> - >>>>>>>> >>>>>>>> >>>>>> COMMENT: >>>>>>>> --------------------------------------------------------------------- >>>>>>>> - >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> - abstract: the description of the update to 7519 is odd. It seems to be saying >>>>>>>> "Here we define a thing. This specification updates 7519 to say you >>>>>>>> must not use this thing." but prohibiting is an odd verb to use >>>>>>>> there. (Since it wasn't previously there to be allowed or not.) >>>>>>> >>>>>>> Would you like this text better? >>>>>>> >>>>>>> "This specification updates RFC 7519 by stating that JSON Web Tokens >>>>>>> (JWTs) MUST NOT use the unencoded payload option defined by this >>>>>>> specification." >>>>>> >>>>>> Better yep. Thanks. >>>>>> >>>>>>> >>>>>>> Or do you think this spec doesn't need to have the "Updates 7519" >>>>>>> clause at all? People seemed split on whether this was needed or not. >>>>>> >>>>>> Happens all the time. Personally I mostly don't care about updates which is >>>>>> the case this time too:-) >>>>>> >>>>>>> >>>>>>>> - section 6: "It is intended that application profiles specify up >>>>>>>> front whether" "intended" is very wishy washy and "up front" makes no >>>>>>>> sense at all. >>>>>>> >>>>>>> How about this wording change? "It is intended that application >>>>>>> profiles specify up front whether" -> "Application profiles should >>>>>>> specify whether" >>>>>> >>>>>> Also better, >>>>>> Ta, >>>>>> S. >>>>>> >>>>>> >>>>>>> >>>>>>> Thanks again, -- Mike >>>>>>> >>>>> _______________________________________________ >>>>> jose mailing list >>>>> jose@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/jose >>>>> >>>> >>>> _______________________________________________ >>>> jose mailing list >>>> jose@ietf.org >>>> https://www.ietf.org/mailman/listinfo/jose >>> >> > > > > -- > > Best regards, > Kathleen
- [jose] Stephen Farrell's Discuss on draft-ietf-jo… Stephen Farrell
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Mike Jones
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Mike Jones
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [jose] Stephen Farrell's Discuss on draft-iet… John Bradley
- Re: [jose] Stephen Farrell's Discuss on draft-iet… John Bradley
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Kathleen Moriarty
- Re: [jose] Stephen Farrell's Discuss on draft-iet… John Bradley
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Matt Miller (mamille2)
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Justin Richer
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Vladimir Dzhuvinov
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Axel.Nennker
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Nat Sakimura
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Roland Hedberg
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Preibisch, Sascha H
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Mike Jones
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Kathleen Moriarty
- Re: [jose] Stephen Farrell's Discuss on draft-iet… Vladimir Dzhuvinov