Re: [jose] issues with x5c in JWE

John Bradley <ve7jtb@ve7jtb.com> Wed, 30 January 2013 03:04 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573CD21F886F for <jose@ietfa.amsl.com>; Tue, 29 Jan 2013 19:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sT4TNm5Mp5O1 for <jose@ietfa.amsl.com>; Tue, 29 Jan 2013 19:04:21 -0800 (PST)
Received: from mail-qa0-f47.google.com (mail-qa0-f47.google.com [209.85.216.47]) by ietfa.amsl.com (Postfix) with ESMTP id 487D521F886A for <jose@ietf.org>; Tue, 29 Jan 2013 19:04:21 -0800 (PST)
Received: by mail-qa0-f47.google.com with SMTP id j8so2015709qah.20 for <jose@ietf.org>; Tue, 29 Jan 2013 19:04:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=QoyqUOz9FxuHxi2bZtNv58PVER8zyU6wmP8Uw+ZGmj0=; b=QiGtSAh9cSpl9AqsLEhlxcOqJVsxIJQU1HZSYC+YLKuVzO4/Bhyy4K3YAkK5hxYBQA 2PMY4yDue3jMoRkwGmSoAMSt+0ln1+E8QZZi9oZotUmVcfAlUgjBQnBALUpq+3YazWfC pulS0gFqg0SMCma9IhnOMm8K/dICR0xcumCMoVYZgJMhf+8IwUv7so6bIAI1P6I1yDNH L9xIsVNnnMl0nbmZT+k4Cd6iqRfDe6rcujFwLE+46jYXalQLVVGkfB+hR9cfZcOJs8sS 5Z4EqMKifkV2qLBvdaTgjV5FGynZUCcmS5+3X2lVjE7pLwu9Tb9I6N7ffCjq802gMqZ1 rSQg==
X-Received: by 10.49.75.226 with SMTP id f2mr3842931qew.43.1359515060315; Tue, 29 Jan 2013 19:04:20 -0800 (PST)
Received: from [192.168.1.211] (190-20-44-204.baf.movistar.cl. [190.20.44.204]) by mx.google.com with ESMTPS id u8sm44010qeu.2.2013.01.29.19.04.17 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Jan 2013 19:04:19 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_ABDEC8A6-12EE-48FB-93A0-3A3469229449"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com>
Date: Wed, 30 Jan 2013 00:04:09 -0300
Message-Id: <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlZHpTtnOJTYF4MDKxMM53j4DAgDynQdZNiDCkLcpOEnA1kr1Dqe1ohUO8oGOcVmvxFbZev
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] issues with x5c in JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2013 03:04:22 -0000

Yes for encryption (Leaving ECDH-SS aside ) the recipoient decrypts with a secret.  I would expect a kid in the header.  

I suppose they if the recipient published a x5c that the sender used to encrypt with then you could include the x5c as a reference though a thumbprint would be simpler as the recipient is probably keeping its private keys in a key-store of some sort.

In any event we would minimally want to change that to 
> "The certificate containing the public key of the entity that is to decrypt the JWE MUST be the first certificate."

Thanks Brian

John B.


On 2013-01-29, at 11:08 PM, Brian Campbell <bcampbell@pingidentity.com> wrote:

> I just noticed a couple of things in the JWE's x5c definition that struck me as maybe not right.
> 
> From http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.9
> 
> "The certificate containing the public key of the entity that encrypted the JWE MUST be the first certificate." - but it's not the public key of the entity that encrypted, is it? It's the public key of the entity that will decrypt. The other entity.
> 
> "The recipient MUST verify the certificate chain according to [RFC5280] and reject the JWE if any validation failure occurs." - maybe I'm missing something but why would the recipient verify it's own certificate chain?
> 
> And the first hyperlink in "See Appendix B of [JWS] for an example "x5c" value" takes you to Appendix B of JWE, which is Acknowledgements, rather than JWS as the text would suggest.
> 
> So all those little nits could be fixed. But maybe it'd be better to just remove x5c from JWE all together? As Richard pointed out previously, http://www.ietf.org/mail-archive/web/jose/current/msg01434.html, there's really no point in sending a whole chain to help the recipient identify its own key.
> 
> 
> 
> 
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose