[jose] Chained Signatures. Re: Question regarding RFC 7515

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 12 October 2019 03:34 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5981200E6 for <jose@ietfa.amsl.com>; Fri, 11 Oct 2019 20:34:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cNXmHEDGxZu for <jose@ietfa.amsl.com>; Fri, 11 Oct 2019 20:34:47 -0700 (PDT)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F223120041 for <jose@ietf.org>; Fri, 11 Oct 2019 20:34:47 -0700 (PDT)
Received: by mail-wr1-x432.google.com with SMTP id o18so13790741wrv.13 for <jose@ietf.org>; Fri, 11 Oct 2019 20:34:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=om2LgfcK4AsX2G0hBUg2MKKZIqylA+JhqUUvtl8aPwQ=; b=Ocs7fc5HOGabH7fGR0VqiPLqcR6MMOPMyHfo9qne1T3Uod7k/O4CUa4tEYQ395QRpG s074LeV1RAKrGvxwW4uK3U3cGRZIiEbPzKNsn/425AuPbxyjj3j0drqG6ZBwPHI6TRTo QZc80txY+yQ/5CUfwp0zTdvy3Yl1bffBJU4uEfBj+WAtp77OufjKKnnixSk7dffs6il4 uhvy5TU2rWuS6NArvo/rab+zoYzfZAL6uVQvc6qMKHr1g0DOznGyo7jDMw1/0aIJQuMT B+gxfcLFFiHmq8+2wjD4In43XI8/vQm0MEdKGeFaZymRWw0n5Hn5OuKFqM+YAAmT4QH8 v4CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=om2LgfcK4AsX2G0hBUg2MKKZIqylA+JhqUUvtl8aPwQ=; b=DGtufrPf2ybccfTb90dWgP1SIxiFJlhj3UljtcKomMqmPUBq02yeqdfOUPqDSoi2YN uaE16e/Nrq8JW8YzNO5LHzryPwam7MCSnnQZI1I1sOWldN4bYzBkUHvXtiqKHTNrWFL3 VYOPzoGkv2paOVL2IjhQuLSOq9GkRa7tboQL+icUQhJvz069Hg0la6C/AHg+ds+d11pp 4SjzQM814a/M0zidiDDn4XTGtrQc2RxR93CBKNwIPuBqPAvZsdEthuj2l8/irspxjGDN zu1bPrym7nJmcAxibdR8FPYghCRfDcbqxqc0mQMJxnERFucAGB7zyzZmgGZRrXF0fFuU SqXw==
X-Gm-Message-State: APjAAAWXFaZWvZP8C5cxSvnlPKLN9JrEDtprU96x1A2uX56BJvHOz7CW VyDD60gZLeboUITUTFF0c6FHZgWAOlM=
X-Google-Smtp-Source: APXvYqxOUEbtPOdJhGFaL7oUgWqVE38EceeJZy8NzFA73iVsQKRXB1C95PlpFZFyV6IqW+AvFgrfKQ==
X-Received: by 2002:adf:dbcf:: with SMTP id e15mr16124199wrj.134.1570851285504; Fri, 11 Oct 2019 20:34:45 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id y3sm20257147wmg.2.2019.10.11.20.34.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Oct 2019 20:34:44 -0700 (PDT)
To: George Aristy <George.Aristy@securekey.com>, "jose@ietf.org" <jose@ietf.org>
References: <8ecb19bc-2524-9f2a-5c9a-6a6a41896859@securekey.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <241f5280-0ec8-4e92-fe9b-eb12f85cb977@gmail.com>
Date: Sat, 12 Oct 2019 05:34:42 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <8ecb19bc-2524-9f2a-5c9a-6a6a41896859@securekey.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/BCiLX_SNFPyI-m6RVsmTw-t--Vk>
Subject: [jose] Chained Signatures. Re: Question regarding RFC 7515
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2019 03:34:50 -0000

On 2019-10-11 19:41, George Aristy wrote:
> Hi
> 
> Are there any plans to support signature chains?

Hi George,

The JOSE WG is concluded and no successor has to my knowledge been proposed.
JSF (JSON Signature Format) is a live specification (https://cyberphone.github.io/doc/security/jsf.html) which currently only supports multiple signatures like below.  It would though be a small thing adding "chained" to the spec where it would syntactically be at the same place as "signers".

{
   "now": "2019-02-10T11:23:06Z",
   "name": "Joe",
   "id": 2200063,
   "signature": {
     "signers": [{
       "algorithm": "ES256",
       "publicKey": {
         "kty": "EC",
         "crv": "P-256",
         "x": "censDzcMEkgiePz6DXB7cDuwFemshAFR90UNVQFCg8Q",
         "y": "xq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeY"
       },
       "value": "yI_ucBjb2uOGK07B5y5swXmTRO8jqrCAktE4mQlxLhc05hAksE-MuSEgnO14InByLcxWwe2xp6qXDQZlOHjFAg"
     },{
       "algorithm": "RS256",
       "publicKey": {
         "kty": "RSA",
         "n": "hFWEXArvaZEpSP5qNX7x4C4Hl28GJQTNvnDwkfqiWs63kXbdyPeS06bz6GnY3tfQ_093nGauWsimqKBmGAGMPtsV83Qxw1OIeO4ujbIIb9pema0qtVqs0MWlHxklZGFkYfAmbuEUFxYDeLDHe0bkkXbSlB7_t8pCSvc8HLgHjEQjYOlFRwjR0D-uLo-xgsCbpmCtYkB5lcT_zFgpRgY4zJNLSv7GZiz2S4Fc5ArGjd34lL47-L8bozuYjqNOv9sqX0Zgll5XaJ1ndvr7UqZu1xQFgm38reoM3IarBP_SkEFbt_v9iak602VO3k28fQhMaocP7JWR2YLT3kZM0-WTFw",
         "e": "AQAB"
       },
       "value": "aF3qTpIFGcJxB5En-JFQZWGqX-vOoGrs27SKBz_mNjmJRDdAeE-0NnmF16elUh2YmFWFfZd_SLnbrlkKE2adlOqxqWiQYcB1smKSOQ3dTwAYLcD4ebuBgDBKRs9ZO_GPBeSpwH5FGpUQbSPGh7BWD69OPF6Ik5vHPikfls-fr1qgrxpYARY1vUhXvl-QFtBvnd3Xn_n63kFQl4GZDeP6TZyuoaulTKsFBvhHu0OfqknoOzEUYJYMhS9r5rDz_AVbnx_F1Key-gQnm6UmuVothu_ApYy_NW4HEVKZfxhU_nYzuGYQD9VUI9WYmstBcLyS3uNPHDECoEy0hQ4UpZPMBg"
     }]
   }
}

JSF is not on "standards track" but may emerge as an independent RFC.  In case you are programming in Java, code is readily available.

Regards,
Anders

> 
> -- 
> *George Aristy* | Software Engineer, Exchange Team | *SecureKey Technologies*
> 4101 Yonge Street, Suite 501 | Toronto, ON M2P 1N6 | Phone: +1.905.251.6502
> <https://verified.me/>
> 
> <https://itunes.apple.com/ca/app/verified-me/id1090441769?ls=1&mt=8> <https://play.google.com/store/apps/details?id=com.securekey.verifiedme>
> 
> This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>