Re: [jose] A modest proposal for JSON-izing JW*

Mike Jones <Michael.Jones@microsoft.com> Wed, 06 February 2013 19:51 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B409421F8809 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 11:51:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9TXB1DBh5TfU for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 11:51:32 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.28]) by ietfa.amsl.com (Postfix) with ESMTP id 9681321F8A6B for <jose@ietf.org>; Wed, 6 Feb 2013 11:51:32 -0800 (PST)
Received: from BY2FFO11FD003.protection.gbl (10.1.15.203) by BY2FFO11HUB006.protection.gbl (10.1.14.164) with Microsoft SMTP Server (TLS) id 15.0.609.9; Wed, 6 Feb 2013 19:51:30 +0000
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD003.mail.protection.outlook.com (10.1.14.125) with Microsoft SMTP Server (TLS) id 15.0.609.9 via Frontend Transport; Wed, 6 Feb 2013 19:51:29 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.132]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0318.003; Wed, 6 Feb 2013 19:49:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] A modest proposal for JSON-izing JW*
Thread-Index: AQHOBKBG4q7DN6ROrUmM6hkX64rTbZhtOw7A
Date: Wed, 6 Feb 2013 19:49:46 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436741806E@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgQt8cj26KunfDvez+TBKgpvsdfN6Oe1XFTbkyWuSxPA9Q@mail.gmail.com>
In-Reply-To: <CAL02cgQt8cj26KunfDvez+TBKgpvsdfN6Oe1XFTbkyWuSxPA9Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436741806ETK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(189002)(199002)(164054002)(63696002)(47976001)(20776003)(59766001)(16406001)(31966008)(51856001)(65816001)(47446002)(16236675001)(44976002)(74502001)(74662001)(15202345001)(79102001)(50986001)(56776001)(49866001)(76482001)(512954001)(77982001)(55846006)(5343655001)(5343635001)(4396001)(47736001)(53806001)(54356001)(56816002)(46102001)(54316002)(33656001)(80022001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB006; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0749DC2CE6
Subject: Re: [jose] A modest proposal for JSON-izing JW*
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 19:51:36 -0000

I'll note that these are nearly identical to the JSON Serialization encodings already specified in http://tools.ietf.org/html/draft-jones-jose-jws-json-serialization-04 and http://tools.ietf.org/html/draft-jones-jose-jwe-json-serialization-04, other than you're precluding multiple recipients.  The syntax:

     {"recipients":[
       {"header":"<header 1 contents>",
        "signature":"<signature 1 contents>"},
       ...
       {"header":"<header N contents>",
        "signature":"<signature N contents>"}],
      "payload":"<payload contents>"
     }

really isn't far from what you're proposing below.  It just has an array of per-recipient header fields, since accommodating multiple recipients is also a working group goal.

Once the rechartering is done, we'll have working group JSON serialization specifications.  It's a separate question whether to combine the compact and JSON serializations into the same document or to leave them separate.  The revised charter will allow us to do either.

                                                            -- Mike

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Wednesday, February 06, 2013 11:29 AM
To: jose@ietf.org
Subject: [jose] A modest proposal for JSON-izing JW*

Dear JOSE,

tl;dr: Let's please add a simple JSON encoding to the base JW* specs.

I've been complaining for a while that the JW* documents aren't JSON, and that the JSON serialization documents are too complex (because of the integrity check issues).  So I thought it was about time that I made an actual proposal for encoding the base JOSE object as JSON objects.  The approach would be essentially the same as in the JSON serialization documents, except with a focus on single objects.

JWE and JWS objects currently have the following form

jws = header.data.signature
jwe = header.key.iv.ciphertext.mac

The JSON encoding of a JWE/JWS would just take each of these Base64-encoded pieces and assign them a name in a JSON structure.

jws = {
    "header": header,
    "data": data,
    "signature": signature
}

jwe = {
    "header": header,
    "key": key,
    "iv": iv,
    "data": ciphertext,
    "mac": mac
}

It seems to me that these encodings are simple enough that they could be handled in a short section, in parallel to what I would call the "text serialization" in the current documents.  So I would like to propose that they be added to the base JWE and JWS documents.

Thanks,
--Richard