Re: [jose] New Version Notification for draft-barnes-jose-jsms-00.txt
"Jim Schaad" <ietf@augustcellars.com> Tue, 26 June 2012 22:48 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D20521F8541 for <jose@ietfa.amsl.com>; Tue, 26 Jun 2012 15:48:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_47=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rNwk9UyLvemu for <jose@ietfa.amsl.com>; Tue, 26 Jun 2012 15:48:50 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) by ietfa.amsl.com (Postfix) with ESMTP id 114BF21F8540 for <jose@ietf.org>; Tue, 26 Jun 2012 15:48:50 -0700 (PDT)
Received: from Tobias (173-160-230-153-Washington.hfc.comcastbusiness.net [173.160.230.153]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id B354738F1A; Tue, 26 Jun 2012 15:48:49 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: "'Richard L. Barnes'" <rbarnes@bbn.com>, 'Mike Jones' <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B168042967394366569B1D@TK5EX14MBXC283.redmond.corp.microsoft.com> <57BD4255-754D-4B6D-A194-587243FF17F3@bbn.com>
In-Reply-To: <57BD4255-754D-4B6D-A194-587243FF17F3@bbn.com>
Date: Tue, 26 Jun 2012 15:47:33 -0700
Message-ID: <00f601cd53ed$ad6eb280$084c1780$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHc1C9jZYBSr/kVHweqCOWz9dpmpAKDY/+TltoXRUA=
Content-Language: en-us
Cc: 'John Bradley' <ve7jtb@ve7jtb.com>, 'Brian Campbell' <bcampbell@pingidentity.com>, jose@ietf.org
Subject: Re: [jose] New Version Notification for draft-barnes-jose-jsms-00.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2012 22:48:51 -0000
<no hat> Note that with my proposal this is somewhat easier. Also given that we are dealing with garbage collection systems it is likely that this data has not yet disappeared from memory anyway as long as it is referenced. The header information is not going to be megabytes in size and all of that processing on the headers can be done before you hash and decode the body. Jim > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Richard L. Barnes > Sent: Tuesday, June 26, 2012 3:21 PM > To: Mike Jones > Cc: John Bradley; Brian Campbell; jose@ietf.org > Subject: Re: [jose] New Version Notification for draft-barnes-jose-jsms- > 00.txt > > Sure, multiple signature is easier than multiple recipients. But I wouldn't call > it simple. I have to base64url-decode each header to figure out which one to > use (but keep around the encoded version, so I can verify the signature), > keep track of the corresponding signature value, and reconstruct the signed > body -- all before I can do the actual signature verification. > > OTOH, without integrity-protection, you can just have the signature beside > all the other parameters, in plain JSON, so that you can just grab stuff and go. > > From <https://raw.github.com/bifurcation/jsms/master/jose.js>: > > verify: function(object) { > var jsms = JSON.parse(object); > if (!_JOSE_Support.isSignedData(jsms)) { > throw "Invalid SignedData object"; > } > > // Figure out which signatures are valid > var validPublicKeys = []; > var sigs = jsms.signatures; > for (var i=0; i<sigs.length; ++i) { > var result = _JOSE_Crypto.verify_pkcs1_sha256( > sigs[i].key.n, sigs[i].key.e, jsms.content, sigs[i].signature) > if (result = "True") { > validPublicKeys.push(sigs[i].key); > } > } > > return validPublicKeys; > } > > > > > On Jun 26, 2012, at 6:03 PM, Mike Jones wrote: > > > http://tools.ietf.org/html/draft-jones-json-web-signature-json- > serialization-01 is an existence proof that it's not hard to sign the parameters > and have multiple signatures. > > > > -- Mike > > > > -----Original Message----- > > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf > > Of Richard L. Barnes > > Sent: Tuesday, June 26, 2012 10:46 AM > > To: Brian Campbell > > Cc: John Bradley; jose@ietf.org > > Subject: Re: [jose] New Version Notification for > > draft-barnes-jose-jsms-00.txt > > > > I agree with that goal! I disagree that JWS is a good solution. > > > > It is true that JWS provides a relatively simple mechanism for a single > signature, but: > > 1. It could be simpler (see below) > > 2. JWS header protection is useless for the single-signature case, and > > makes the multiple-signature/recipient case harder > > > > --Richard > > > > > > > > On Jun 26, 2012, at 12:16 PM, Brian Campbell wrote: > > > >> I wasn't suggesting that integrity-protecting the header itself makes > >> things simpler. Rather that a desirable goal is for support of a > >> relatively simple model utilizing a single signature over the whole > >> message. And that we already have that in JWS. > >> > >> On Mon, Jun 25, 2012 at 3:55 PM, Richard L. Barnes <rbarnes@bbn.com> > wrote: > >>> > >>> On Jun 25, 2012, at 5:53 PM, Richard L. Barnes wrote: > >>> > >>>>>> I think part of this is that as one of the openID Connect authors I look > at this as a necessary security token format, for OAuth and Connect. > >>>>>> For that simple processing with one signature is a high priority for > adoption. > >>>>> > >>>>> +1. > >>>>> > >>>>> A simple JSON friendly model supporting a single signature over > >>>>> the entire message (including headers) is an important case for > >>>>> adoption (and security). JWS provides that now and there are > >>>>> already numerous interoperable JWS implementations available or in > the works. > >>>> > >>>> I'm not sure how people think that integrity-protecting the header > makes things *simpler*, especially since it adds a whole new decoding step > and makes the parsing more complicated. > >>>> > >>>> Pseudocode without integrity protection (assuming JSMS format, but > JWS could be made to look similar): > >>>> function verify(json) { > >>>> jose = JSON.parse(json); > >>>> // Check algorithm values > >>>> return Crypto.SignatureAlgorithm.verify(jose.content, > >>>> jose.keys[0].signature, jose.keys[0].key); } > >>>> > >>>> Pseudocode with integrity protection (assuming JWS format): > >>>> function verify(jws) { > >>>> (txtHeader, content, signature) = jws.split("\."); > >>>> protectedBody = header + "." + content > >>>> jsonHeader = base64url.decode(txtHeader); > >>>> header = JSON.parse(jsonHeader); > >>>> return Crypto.SignatureAlgorithm.verify(content, signature, > >>>> header.jwk); } > >>>> > >>> > >>> Err, sorry, that should read: > >>> protectedBody = txtHeader + "." + content; and > >>> return Crypto.SignatureAlgorithm.verify(protectedBody, signature, > >>> header.jwk); > >>> > >>> See how hard it is to get right? :) > >>> > >>> --Richard > >> _______________________________________________ > >> jose mailing list > >> jose@ietf.org > >> https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > > > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] Fwd: New Version Notification for draft-ba… Richard L. Barnes
- Re: [jose] Fwd: New Version Notification for draf… Mike Jones
- Re: [jose] Fwd: New Version Notification for draf… Mike Jones
- Re: [jose] Fwd: New Version Notification for draf… Richard L. Barnes
- Re: [jose] Fwd: New Version Notification for draf… Mike Jones
- Re: [jose] Fwd: New Version Notification for draf… Mike Jones
- Re: [jose] Fwd: New Version Notification for draf… Breno de Medeiros
- Re: [jose] Fwd: New Version Notification for draf… Nat Sakimura
- Re: [jose] Fwd: New Version Notification for draf… John Bradley
- Re: [jose] Fwd: New Version Notification for draf… Jim Schaad
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Breno de Medeiros
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Mike Jones
- Re: [jose] New Version Notification for draft-bar… Nat Sakimura
- Re: [jose] New Version Notification for draft-bar… Brian Campbell
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Jim Schaad
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Brian Campbell
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Mike Jones
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Richard L. Barnes
- Re: [jose] New Version Notification for draft-bar… Jim Schaad
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… Jim Schaad
- Re: [jose] New Version Notification for draft-bar… Anthony Nadalin
- Re: [jose] New Version Notification for draft-bar… Jim Schaad
- Re: [jose] New Version Notification for draft-bar… John Bradley
- Re: [jose] New Version Notification for draft-bar… Matt Miller
- [jose] protected attributes Manger, James H
- Re: [jose] protected attributes Richard L. Barnes
- Re: [jose] protected attributes Jim Schaad
- Re: [jose] protected attributes Manger, James H
- Re: [jose] protected attributes Richard L. Barnes
- Re: [jose] protected attributes Manger, James H
- Re: [jose] protected attributes Stephen Kent
- Re: [jose] protected attributes Richard L. Barnes