Re: [jose] JWP
Tobias Looker <tplooker@gmail.com> Thu, 28 July 2022 12:13 UTC
Return-Path: <tplooker@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5431EC14CF09 for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 05:13:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kot8EHGHcToZ for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 05:13:52 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E1ECC14F733 for <jose@ietf.org>; Thu, 28 Jul 2022 05:13:52 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id y11so2556033lfs.6 for <jose@ietf.org>; Thu, 28 Jul 2022 05:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=S7kubThqIP/35P0Gvi/oer3Y4uvvXoUMkIP0g6R7yWA=; b=cyjHykyjjwMtVmK4jJMLFGeJgsJooAEGMuOlsAnTS3p0mMYVHUXconTlvAHyDMpv94 iu4LKVLin7Ygx8LLl61pZvq0GYqJoeuXgSfT+U9TB4mxFUeS/FPhLFQIEU4kioEzeDRV dY/d7FAXDpnY2RpS5gMHpoH9KrAuICHROFZuGo4WAb1oEoyGnVlMG0E+MhyqZaia+gqF fr5vrMRC+eqMC0ToaHoSe1LU2cKABfp3HjGatGO/XGsv6zoHTDdi4OlyKo0qss+7qHli vvet0SvnlDFSSucIBWkAi4YYDTf8Xulb7q8GHd3tStEL7P+hGgT/nd/rMOV+2bGheGRX yRKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=S7kubThqIP/35P0Gvi/oer3Y4uvvXoUMkIP0g6R7yWA=; b=NLUpwZWBFMyRTWDvecDuWaC4W+5a7w2B5ZkH/glH487Edq+ZiOIh11qt4Ge+Fy7KQU kF/bEt5LuBUbYg6BWq5nUKMcgQNnm+zm967JtGKGAyU+PDJnnmVaa1hF8g/QBsIAZqO+ xmoJISAAyR0D2n2XY/bZM0kdsK+6fQfIzfgef0+5Rw8tGLRgEH93g9RBqzoowrillwAY aW6aL/SDe2nZQFNneWE06rIMx+kxbKRZSyiSwJyO9O8Jy5Hv1wxezW2im4Ump6Q8NszG t95onxqKZTRH4iNd37Oe3VtzwQglmU07Ox3/hZISptP31U8GzqRNnvmM1TqXxEjw1Iez uclg==
X-Gm-Message-State: AJIora8xgN2nETrPM+efmAe4hht7MsFo1ZcIBM0TqkHvCrIX//eong99 8dOtKjF50I+Hr6JDR+tzErSZnN3WfKXb2ql0NxI=
X-Google-Smtp-Source: AGRyM1vFjOmpLzDQ6k5trPi/YAPuA7BOsqAsv0B6bu7rKZqurJuyPnxHeu3JejH1z96K2ansAnncHreNh6sEjT5eM8c=
X-Received: by 2002:a05:6512:1681:b0:48a:2e71:e202 with SMTP id bu1-20020a056512168100b0048a2e71e202mr10009800lfb.378.1659010429995; Thu, 28 Jul 2022 05:13:49 -0700 (PDT)
MIME-Version: 1.0
References: <124E4FB5-F8E2-4C3B-8413-12CDE31D5621@lodderstedt.net> <C5E63713-6E81-4EE5-8A68-E2AB1A2D2C1D@forgerock.com>
In-Reply-To: <C5E63713-6E81-4EE5-8A68-E2AB1A2D2C1D@forgerock.com>
From: Tobias Looker <tplooker@gmail.com>
Date: Thu, 28 Jul 2022 08:13:38 -0400
Message-ID: <CAGum7cGdj6nz4Q6Jm3-SWbmMMdGahKxzn-6Lr9La7Vv9mrJwCg@mail.gmail.com>
To: Neil Madden <neil.madden@forgerock.com>
Cc: Torsten Lodderstedt <torsten@lodderstedt.net>, jose@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005bcf1205e4dc77dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/EOElK9RKmI_MIruFmYQleFXP-pw>
Subject: Re: [jose] JWP
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2022 12:13:56 -0000
> (Can the holder choose to selectively not disclose that “cnf” claim? If so, yikes). No, to prevent this the issuer simply puts these sorts of claims in the header, which is not subject to selective disclosure, e.g the prover cannot create a valid proof/presentation without disclosing the original un-modified header. > In current usage, PoP is usually applied and linked to clients (apps) not individual users, so one simple approach would be to take the FIDO/WebAuthn approach and require the client to reuse the same key for at least 10,000 users to prevent linkability. That’s obviously not a universally applicable approach, and I would be in favour of new privacy-preserving PoP schemes. Yes and to be clear cryptographic schemes like BBS are IMO an example of what you describe as a privacy-preserving PoP scheme, they just also support selective disclosure. Thanks, Tobias On Thu, Jul 28, 2022 at 3:56 AM Neil Madden <neil.madden@forgerock.com> wrote: > > On 28 Jul 2022, at 08:30, Torsten Lodderstedt <torsten@lodderstedt.net> > wrote: > > > > Am 28.07.2022 um 08:57 schrieb Neil Madden <neil.madden@forgerock.com>: > > { > “iss”: “gov.uk”, > “over_18”: true > } > > If this is signed using a deterministic signature algorithm (eg EdDSA) > then the token will be identical for everyone that is over 18 and so > naturally unlinkable. > > > Such a credential needs to be bound to the legit holder, which is > typically achieved by adding a public key (reference) to it (which is > missing in your example). The holder must then create a presentation signed > with the corresponding private key to proof possession and with that > legitimate holdership. That key results in likability. > > > Well, it doesn’t *need* to be bound to such a key. Bearer credentials are > still widely used, after all. > > But even if it does, the problem then seems to be one of defining > unlinkable proof of possession (PoP) schemes, not a JWT alternative. > Indeed, this would seem to be a problem in JWP too - if an issuer adds a > PoP constraint via a “cnf” claim (RFC 7800) then that PoP scheme needs to > be unlinkable regardless of the use of JWP. (Can the holder choose to > selectively not disclose that “cnf” claim? If so, yikes). > > In current usage, PoP is usually applied and linked to clients (apps) not > individual users, so one simple approach would be to take the FIDO/WebAuthn > approach and require the client to reuse the same key for at least 10,000 > users to prevent linkability. That’s obviously not a universally applicable > approach, and I would be in favour of new privacy-preserving PoP schemes. > > — Neil >
- [jose] JWP Richard Barnes
- Re: [jose] JWP Tobias Looker
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Tobias Looker
- [jose] Fwd: JWP Orie Steele
- Re: [jose] JWP Mike Prorock
- Re: [jose] JWP David Waite
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Torsten Lodderstedt
- Re: [jose] JWP Anders Rundgren
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Tobias Looker
- Re: [jose] JWP Zundel, Brent
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Mike Jones
- Re: [jose] JWP Zundel, Brent
- Re: [jose] JWP Richard Barnes
- Re: [jose] [EXTERNAL] Re: JWP Christian Paquin