Re: [jose] #24: Move JWS headers into signature block

[Richard Barnes <rlb@ipv.sx>]

I was not on the call.  Sorry.

I also disagree with closing this issue.  This is not a crypto question,
it's just syntax cleanliness.  As Mike points out, the proposed syntax
allows the JSON serialization to have the same security properties as the
compact serialization.  The only cost is that protected items have to be
repeated for each signer.

I will definitely be on the call tomorrow.  Happy to discuss then.

--Richard


On Sat, Jun 29, 2013 at 6:42 AM, Mike Jones <Michael.Jones@microsoft.com>wrote:

> Perhaps I'm in an odd frame of mind tonight, because I wouldn't normally
> even consider re-raising a closed issue, but Ben Laurie's advice "why not
> just protect everything" kept running my mind and I realized that the
> current JWS JSON Serialization doesn't allow us to do that in the general
> case.  Specifically, we don't allow a per-signature "protected" headers
> field, which would be necessary to protect the cryptographic parameters if
> different signatures use different algorithms.
>
> So I'd at least like others' thoughts on whether we want to "fill in the
> matrix" for the JWS JSON Serialization and allow header parameters to be
> specified both in protected and unprotected forms, both on a shared and
> per-signature basis.  We currently support 3 of these 4 header parameter
> locations.
>
> Note that we would not do this for JWE, since (as extensively discussed)
> per-recipient protected content is problematic.
>
> For the signature input, if both shared and per-signature protected
> headers were present, we'd need to concatenate the two base64url encoded
> representations together with a separator character between (I'm thinking
> comma (',') because it is distinct from period ('.'), which is also used as
> a separator in the signature input).
>
> I'm fine with this issue remaining closed, but I wanted to at least run
> this possibility by the working group for their input, since it hadn't been
> discussed previously.
>
>                                 Cheers,
>                                 -- Mike
>
> -----Original Message-----
> From: jose issue tracker [mailto:trac+jose@trac.tools.ietf.org]
> Sent: Monday, June 24, 2013 10:57 PM
> To: draft-ietf-jose-json-web-signature@tools.ietf.org; Mike Jones;
> ietf@augustcellars.com
> Cc: jose@ietf.org
> Subject: Re: [jose] #24: Move JWS headers into signature block
>
> #24: Move JWS headers into signature block
>
> Changes (by ietf@augustcellars.com):
>
>  * status:  new => closed
>  * resolution:   => wontfix
>
>
> Comment:
>
>  Closing per the discussion on the teleconference.
>
>  We currently do not have a strong use case for per user items.   It will
>  be possible in future versions to add a protected field to the per signer
>  item and include both in the integrity protection in the event that a use
>  case appears.
>
>  There was no strong recommendation from the CFRG list if a hash
>  substitution attack is either probable or possible.
>
> --
> -------------------------+----------------------------------------------
> -------------------------+---
>  Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
>      Type:  defect       |  signature@tools.ietf.org
>  Priority:  major        |      Status:  closed
> Component:  json-web-    |   Milestone:
>   signature              |     Version:
>  Severity:  -            |  Resolution:  wontfix
>  Keywords:               |
> -------------------------+----------------------------------------------
> -------------------------+---
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/24#comment:2>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>