IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

Brian Campbell <bcampbell@pingidentity.com> Tue, 28 August 2012 20:46 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1130711E80A5 for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 13:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.975
X-Spam-Level:
X-Spam-Status: No, score=-5.975 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJsSMyERBvwy for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 13:46:38 -0700 (PDT)
Received: from na3sys009aog122.obsmtp.com (na3sys009aog122.obsmtp.com [74.125.149.147]) by ietfa.amsl.com (Postfix) with ESMTP id 8C7C111E8099 for <jose@ietf.org>; Tue, 28 Aug 2012 13:46:37 -0700 (PDT)
Received: from mail-qc0-f182.google.com ([209.85.216.182]) (using TLSv1) by na3sys009aob122.postini.com ([74.125.148.12]) with SMTP ID DSNKUD0uLQ4mjCZdRoJprk5IZlU6t/ofh9Hs@postini.com; Tue, 28 Aug 2012 13:46:37 PDT
Received: by qcsg15 with SMTP id g15so4611032qcs.13 for <jose@ietf.org>; Tue, 28 Aug 2012 13:46:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=LSoPFVP0c7DmiRIRGXnF5xkEYHfyd+Mlv9jVFHVQW/c=; b=kGGrcfYMxBysAxXOAKehi+eMMrmvh8JEcewr4CUBwqQLMeNQwy+BKZga4+Wtpw17HF RUCkKKNBnlULP/qhauEKX1q0dSHlYFelnxDwVndbpAjQf6VafSNx7hZiTPoNso48Pk4p 9k7Df1/TIXG0DENa1FUEZZqZa+Qyk0tQL3buaBZZOhTKHt3EawNuS9/lLdhfB0GqI5lT 55mlFayEkqss//LTy8i5d5pjGW2lSRE+CjBsjES9DgdpPJakImBNorfiYTNPggObK54r tMhsD8WsXyXzIiZ+glG4/OTQH3PIfXKgyhFRiWBWTzCSsXCJ1Zqb5gmHkW19eloMlWSo /cbA==
Received: by 10.224.115.208 with SMTP id j16mr10651336qaq.54.1346186796368; Tue, 28 Aug 2012 13:46:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.49.48.73 with HTTP; Tue, 28 Aug 2012 13:46:06 -0700 (PDT)
In-Reply-To: <CAAJ++qHK0NwCxYVoWNdF_h-of4s3nXn+bOVHVHMzeNqfmiwsMg@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAHcDwFzh6HcgsJYFXq71RWSwKWkMADBNQH7_goAtTFNmz-wSwQ@mail.gmail.com> <503CD692.4020007@mitre.org> <F668D905-31C6-4D76-935F-4AD4A8859876@ve7jtb.com> <CAAJ++qHK0NwCxYVoWNdF_h-of4s3nXn+bOVHVHMzeNqfmiwsMg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 28 Aug 2012 14:46:06 -0600
Message-ID: <CA+k3eCQbFQQo50tvjreuAbNwQFpOABCrXsuNbxWc0hAdqHzwTw@mail.gmail.com>
To: Breno de Medeiros <breno@google.com>
Content-Type: multipart/alternative; boundary="20cf3074b1becc844b04c85989a8"
X-Gm-Message-State: ALoCoQkSwpBBvSuMAZQKtAl3M4uAfRsvhUTBQa9odCEYKeJJ+sBvzgAljmBu0PCJOJTSfcC4tIiO
Cc: Axel Nennker <ignisvulpis@googlemail.com>, Jim Schaad <ietf@augustcellars.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, Justin Richer <jricher@mitre.org>
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 20:46:39 -0000

Isn't the pool question really about JOSE (this is the JOSE list after all)
and if a nonce or timestamp type thing should be defined in JWE/JWS as a
Reserved Header Parameter Name?

I don't think it can be said that we already have an issued time defined.
"iat" (Issued At) is a claim defined in JWT. That's all together a
different thing than a JOSE header and I don't see anything like it
anywhere in the JOSE docs. JWT is a layer above JOSE and, while there is a
lot of overlap of people, is being developed in a completely different WG.

I'm, at this point, saying we need this thing but rather just trying to
clarify the question.

On Tue, Aug 28, 2012 at 1:06 PM, Breno de Medeiros <breno@google.com> wrote:

> I agree that this should be looked independently of oauth2.
>
> Nonce is a generally used concept in crypto, though sometimes protocol
> designers have called for nonces with bad outcomes because the difficulty
> of implementing nonce-checking was disregarded. However, difficulties to
> implement nonces in general are not relevant if there is a compelling use
> case that is able to leverage nonces effectively.
>
> As for timestamps: we already have issued time and the nonce can embed a
> timestamp additionally. So I don't think we need to concern ourselves with
> timestamps when considering nonces.
>
>
>
>
> On Tue, Aug 28, 2012 at 8:09 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:
>
>> In OAuth 2 state gets overloaded with a bunch of things from preventing
>> XSRF to providing a handle to look up who the the authorization request was
>> sent to.
>>
>> In Connect we added a nonce sent by client that is returned inside the
>> signed id_token (JWT) to allow the client to detect replay, and optionally
>> reference a specific browser session that presents the id_token.
>>
>> The nonce I suggested for JOSE is not ether of those.
>>
>> I used nonce in the sense that it is used with stream cyphers when the
>> same key is used over multiple messages.
>>
>> JOSE will be used for more than OAuth and JWT.   There are cases where
>> adding entropy to the header will be a security benefit.  I would like to
>> have a standard claim for doing that.
>> If people want to call it something else that is fine, but it is a nonce
>> by definition.
>> If used it should be a random or pseudo random value that is time variant
>> with sufficient granularity to ensure a nonce is used only once.
>>
>> John B.
>>
>> On 2012-08-28, at 10:32 AM, Justin Richer <jricher@mitre.org> wrote:
>>
>>  On 08/25/2012 03:37 AM, Axel Nennker wrote:
>>
>> To clarify: What is the base specification that Jim mentioned?
>> Is it: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03 ?
>>
>> Would somebody please present a use-case for either nonce or timestamp?
>> If a jwt is used with oauth2 then what is the difference between nonce
>> and state? Nonce would be signed while state is not?
>>
>>
>> Nonce would generally be generated by the entity creating the token.
>> State in OAuth is generated by the client, and would only be protected if
>> the client had a means to make a signed request to the server, using either
>> a MAC binding or a JWT-based OIDC-style RequestObject.
>>
>>  -- Justin
>>
>> I guess I am missing some information that those in the room who voted
>> "yes" had?
>>
>> Axel
>>
>> 2012/8/25 Mike Jones <Michael.Jones@microsoft.com>
>>
>>> I'll note for discussion purposes that a nonce and a timestamp are not
>>> the same thing (although sometimes they are used to achieve similar/related
>>> goals).  A nonce tends to be an opaque value that must be preserved across
>>> the communication.  Whereas a timestamp typically has defined semantics -
>>> sometimes simply a non-decreasing integer value - and sometimes a
>>> representation of time, and then, sometimes with a uniqueness requirement.
>>>
>>> For discussion purposes, I'll say that the simplest thing for us to do
>>> (should we decide to do anything in this regard) would be to define the
>>> nonce as an opaque string value that must be preserved.
>>>
>>> We could also define a timestamp parameter, but as I wrote above, that
>>> would likely require us to specify additional semantics - starting with
>>> whether it's a non-decreasing integer or a representation of a time value.
>>>  This seems much harder to define and possibly to use than a nonce.
>>>
>>> Would it make sense to define a nonce parameter now and hold off on
>>> defining a timestamp parameter until there's a clear demonstrated use case
>>> for which a nonce is not sufficient?  That would be my personal
>>> recommendation.
>>>
>>>                                 Best wishes,
>>>                                 -- Mike
>>>
>>> -----Original Message-----
>>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
>>> Jim Schaad
>>> Sent: Friday, August 17, 2012 12:05 AM
>>> To: jose@ietf.org
>>> Subject: [jose] POLL: Nonce/Timestamp parameter
>>>
>>> <CHAIR>
>>>
>>> If you voted at the face-2-face please do not vote again.  If you want
>>> to provide comments please change the title from POLL to DISCUSS.
>>>
>>> Do we need to define a nonce/timestamp parameter in the base
>>> specification?
>>>
>>>
>>>
>>> Room vote:  6 yes, 0 no, 1 discuss
>>>
>>>
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>>>
>>>
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>>>
>>
>>
>>
>> _______________________________________________
>> jose mailing listjose@ietf.orghttps://www.ietf.org/mailman/listinfo/jose
>>
>>
>>  _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>>
>
>
> --
> --Breno
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

v2.43.4 | Report a Bug | By Email | System Status