IETF Logo Mail Archive

Re: [jose] #16: URI identifying a specific key in a JWK set

Richard Barnes <rlb@ipv.sx> Tue, 26 March 2013 17:58 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4B921F84F8 for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 10:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.415
X-Spam-Level:
X-Spam-Status: No, score=-2.415 tagged_above=-999 required=5 tests=[AWL=0.561, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4gWzSaPIXpw5 for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 10:58:13 -0700 (PDT)
Received: from mail-oa0-f51.google.com (mail-oa0-f51.google.com [209.85.219.51]) by ietfa.amsl.com (Postfix) with ESMTP id 6CA9C21F8512 for <jose@ietf.org>; Tue, 26 Mar 2013 10:58:13 -0700 (PDT)
Received: by mail-oa0-f51.google.com with SMTP id g12so4553200oah.10 for <jose@ietf.org>; Tue, 26 Mar 2013 10:58:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=4bJx5Vn9Qth09E+8drOgIkY5nOpXbMxbzNeLb1fiXlg=; b=JldsBF1sGnYK2XKyWSZtz08vCwcnl97A/yskPKrY4R3btYfnz0yvP863iiIB8slbqD kP6T3TaP5jCFdAPVbo9AQeEQ10F7I9rPxzeF+LEkjisTPuPWHbGyJM1nUd6+ZdYVB2d4 doAJpolNiNu5rp5t8o44rTsC93DkgWNIgcA3xG3ejT2HaanE9z0WEokB92u8jxOJnyxY oWFXbTICuJh+fO7PogsTf7EIqX2NCMlIzvdFf5wDzeg+IZRfRRTcFXS3ZBL8YcfnxzkK 81S+W0LzyIRVUWZyJPlzwswhfLLEwtHCTL7RLYyZp4BerJMpZWwF7dYH/Ko20zdrKAGL aI5g==
MIME-Version: 1.0
X-Received: by 10.182.134.138 with SMTP id pk10mr2612021obb.80.1364320692856; Tue, 26 Mar 2013 10:58:12 -0700 (PDT)
Received: by 10.60.172.146 with HTTP; Tue, 26 Mar 2013 10:58:12 -0700 (PDT)
X-Originating-IP: [192.1.255.184]
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E1150BE3C554@WSMSG3153V.srv.dir.telstra.com>
References: <058.7d398c285ac07c1a4b2f1bfd0d8b7312@trac.tools.ietf.org> <CA+k3eCRBXsBC6qwJ5_43aa1JaBU4dgKPNu67JrX5RNjeX0be9A@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1150BE3C554@WSMSG3153V.srv.dir.telstra.com>
Date: Tue, 26 Mar 2013 13:58:12 -0400
Message-ID: <CAL02cgS1RVWJusWGrCC0VqAmG+V9JSNahFAWhUr4By6htSB3fg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
Content-Type: multipart/alternative; boundary="001a11c2971642576b04d8d7aac1"
X-Gm-Message-State: ALoCoQnxma1hmaKCzZY0yPrDR6gcJMTjRI73wWOs3abpgl0yQeJ0zsomO8g+itLgeiaKnKcn2xf1
Cc: Brian Campbell <bcampbell@pingidentity.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #16: URI identifying a specific key in a JWK set
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 17:58:14 -0000

How about this change to Section 4.1.5 of JWE (and corresponding text in
JWS):  "If the JWK Set referenced by the URI contains more than one key,
then the JWE object MUST contain a "kid" parameter to identify which key
should be used."

Also, while we're on the topic of "jku": The following text should be
removed:
"""
   The
   protocol used to acquire the resource MUST provide integrity
   protection; an HTTP GET request to retrieve the certificate MUST use
   TLS [RFC2818] [RFC5246]; the identity of the server MUST be
   validated, as per Section 3.1 of HTTP Over TLS [RFC2818].
"""
TLS does not need to be mandatory here.  The only thing an adversary can do
by changing the key set is cause decryption or signature validation to
fail. [1]  At most, these MUSTs should be SHOULDs.

--Richard


[1] Under the assumption that the attacker cannot modify the JWS.  If this
assumption is false, there's not reason to protect "jku" dereferences
either.  For JWS, the only reason an attacker would modify "jku" is to make
it point to a key for which the attacker controls the private key.  If the
attacker controls the private key and can modify the JWS/JWE, then he could
just as well remove the "jku" and replace it with a "jwk", and recompute
the signature under his key. So "jku" protections add nothing.  For JWE,
it's not clear that there's any useful objective for the attacker at all.






On Mon, Mar 25, 2013 at 6:46 PM, Manger, James H <
James.H.Manger@team.telstra.com> wrote:

> > I'd always just assumed that, short of some other means of figuring it
> out, a kid header would accompany a jku to identify the specific key in the
> set. ****
>
> ** **
>
> Indeed, “jku” needs to be accompanied by “kid” to work in general — but
> this is a crappy solution. 99% of the time that a “jku” is used you want to
> identify a single specific key so “jku” should be capable of doing that
> without requiring an extra field.****
>
> ** **
>
> A JOSE header does have room for “kid” as well as “jku”. However, many
> contexts that use URIs as identifiers expect a URI to be THE identifier.
> Needing two fields to do one task is inevitably awkward.****
>
> ** **
>
> Finally, identifying 1 item from a set is a perfect match for the whole
> purpose of URI fragments so merely by the principle of least astonishment
> JWK should specify how the fragment picks 1 key.****
>
> ** **
>
> --****
>
> James Manger****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Brian Campbell
> *Sent:* Monday, 25 March 2013 11:31 PM
> *To:* jose issue tracker
> *Cc:* draft-ietf-jose-json-web-key@tools.ietf.org; jose@ietf.org;
> james@manger.com.au
> *Subject:* Re: [jose] #16: URI identifying a specific key in a JWK set****
>
> ** **
>
> I'd always just assumed that, short of some other means of figuring it
> out, a kid header would accompany a jku to identify the specific key in the
> set. ****
>
> ** **
>
> On Sun, Mar 24, 2013 at 6:40 PM, jose issue tracker <
> trac+jose@trac.tools.ietf.org> wrote:****
>
> #16: URI identifying a specific key in a JWK set
>
>  When a public key is required to process a JOSE message, providing a URI
>  for the key is a useful alternative to providing the actual key or a
>  certificate. The URI needs to identify the specific individual public key
>  required for the specific JOSE message. A URI that merely identifies a set
>  of keys (one of which is the correct one) is not sufficient.
>
>  Given that a "jku" field holds a URI pointing to a set of keys, we need to
>  define how to use the fragment part of those URIs to identify a specific
>  key in the set.
>
>  Using the "kid" (key id) in the fragment would be a sensible choice.
>
> --
> -------------------------+-------------------------------------------------
>  Reporter:               |      Owner:  draft-ietf-jose-json-web-
>   james@manger.com.au    |  key@tools.ietf.org
>      Type:  defect       |     Status:  new
>  Priority:  major        |  Milestone:
> Component:  json-web-    |    Version:
>   key                    |   Keywords:
>  Severity:  -            |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <https://tools.ietf.org/wg/jose/trac/ticket/16>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
> ** **
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>

v2.23.0 | Report a Bug | By Email