IETF Logo Mail Archive

Re: [jose] encrypting AND signing a token

Mike Jones <Michael.Jones@microsoft.com> Fri, 02 November 2012 15:47 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B74111E8099 for <jose@ietfa.amsl.com>; Fri, 2 Nov 2012 08:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPsJhIoAmvTr for <jose@ietfa.amsl.com>; Fri, 2 Nov 2012 08:47:05 -0700 (PDT)
Received: from NA01-BL2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.27]) by ietfa.amsl.com (Postfix) with ESMTP id BF33F1F0C42 for <jose@ietf.org>; Fri, 2 Nov 2012 08:47:04 -0700 (PDT)
Received: from BL2FFO11FD006.protection.gbl (10.173.161.204) by BL2FFO11HUB035.protection.gbl (10.173.161.115) with Microsoft SMTP Server (TLS) id 15.0.545.8; Fri, 2 Nov 2012 15:47:02 +0000
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD006.mail.protection.outlook.com (10.173.161.2) with Microsoft SMTP Server (TLS) id 15.0.545.8 via Frontend Transport; Fri, 2 Nov 2012 15:47:01 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.15]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0318.003; Fri, 2 Nov 2012 15:46:29 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] encrypting AND signing a token
Thread-Index: AQHNuQ3ME+O2ePBNwUCi7ftO2XMizpfWrXtw
Date: Fri, 02 Nov 2012 15:46:28 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366887325@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <4ACFC778-31A9-4C79-9F4E-7C01719F51AD@gmail.com>
In-Reply-To: <4ACFC778-31A9-4C79-9F4E-7C01719F51AD@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(13464001)(479174001)(377454001)(46102001)(31966008)(47776002)(47446002)(44976002)(49866001)(74502001)(54356001)(4396001)(74662001)(51856001)(53806001)(33656001)(47976001)(47736001)(76482001)(5343655001)(50466001)(16406001)(50986001)(48376001)(54316001); DIR:OUT; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 06530126A4
Subject: Re: [jose] encrypting AND signing a token
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Nov 2012 15:47:06 -0000

The way you put it brings one straightforward solution to mind.  Solve 1-3 with a JWE.  Solve 4-5 by signing the JWE as a JWS payload.  Done.

I do understand that the 4/3 space blowup-of double base64url encoding the JWE motivates your earlier proposal about nested signing.  (See Dick's 10/29/12 message "[jose] signing an existing JWT".)  I also understand that if you could do integrity with the asymmetric signature then the integrity provided by the JWE itself may be redundant.  I don't have a specific proposal on how to do that.

				-- Mike

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Dick Hardt
Sent: Friday, November 02, 2012 8:22 AM
To: jose@ietf.org
Subject: [jose] encrypting AND signing a token

I am trying to figure out how to implement JWT/JWS/JWE to solve a real world problem.

1) Bob sends a token to Charlie via Alice. (Alice gets token from Bob and then Alice gives token to Charlie) 
2) Alice must be prevented from reading the token. (token needs to be encrypted)
3) Bob and Charlie can share a symmetric key.

I can solve this with JWE.

Now let's add another condition.

4) Charlie wants non-repuditation that Bob created the token. 
5) Bob has a private key and a public key

I don't see how to do this using JWE. It seems I have to sign the same token I had previously with JWS. This seems inefficient since I should be able to replace the JWE integrity computation done with the symmetric key with the private key -- but the "alg" parameter is the same in both encrypting and signing. 

Now let's expand this to replacing the symmetric key with a public/private key pair for encryption. Bob encrypts with Charlies public key and signs with Bob's private key (we also need to make sure we are not doing naive encryption and signing here, would be a really useful to specify what needs to be done there). Now we need to have parameters for both public/private key pairs in the header.

Am I missing something here?

Seems like we can do this if we change the header parameters to specify if they ("alg", "kid", et.c) are for token signing, payload encryption or content key encryption.

-- Dick


_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email