[jose] Comments on the -03 JSON Web Signature document
"Jim Schaad" <ietf@augustcellars.com> Sat, 12 November 2011 08:52 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61CF421F85C7 for <jose@ietfa.amsl.com>; Sat, 12 Nov 2011 00:52:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.38
X-Spam-Level:
X-Spam-Status: No, score=-2.38 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id an27FvyY05ZF for <jose@ietfa.amsl.com>; Sat, 12 Nov 2011 00:52:33 -0800 (PST)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id 6250A21F84ED for <jose@ietf.org>; Sat, 12 Nov 2011 00:52:33 -0800 (PST)
Received: from Tobias (unknown [210.229.158.64]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id DED3A2CA13; Sat, 12 Nov 2011 00:52:31 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: draft-jones-json-web-signature@tools.ietf.org
Date: Sat, 12 Nov 2011 17:51:58 +0900
Message-ID: <017201cca118$5883ee30$098bca90$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: AcydAC1ZyMCYdH1nSHiQnx6fNbxIaQ==
Cc: jose@ietf.org
Subject: [jose] Comments on the -03 JSON Web Signature document
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2011 08:52:34 -0000
The following comments are personal and do not necessarily reflect the opinions of the chairs. I just started at the front and started reading so there are probably duplicates with section 9 1. I have a personal problem with the fact that the draft is still named "JSON Web Signature" rather than something like "JSON Integrity Objects". I doubt that I am the only person who has this issue given the number of people who gave opinions during the charter discussion and the resulting charter description "JSON-structured integrity protection to data". This becomes a major re-write of the document internally as well. 2. As per the charter description, I expect that section 6 is moving to a new document. When should this be expected? 3. In Section 2, why not describe the JWS Header as the JSON object rather than as the string containing the object. Additionally I would note that the integrity protection is applied to the Encoded JWS Header and the Encoded JWS Payload in the current document. 4. Please re-write the term "Digital Signature" in section 2 to reflect charter consensus. 5. In section 2 - Base64url Encoding - s/to the he/to the/ 6. In section 3 (pre 3.1), this does not seem to be a reasonable place to put a MUST - it would go better in the description of the header itself. 7. In section 3 para #1 - I don't know why there should be a reference at this point to JWTs. JWTs should become a profile of this document and the encryption document. At most it is a driving reason for doing this document and not the other way around. (i.e. lose the text from 'as is done' on) 8. In section 3 para #2 - The second sentence does not flow from the first. Either you are describing what the Payload is in a basic thing - or you need to describe the fact that the JWS header is signed in the previous sentence so that the "A portion of" clause makes sense. 9. Is "member names" considered to be a normal method to refer to the elements in an object? If so then no objections, if not then I would rationalize the string. I normally see something like name/value pairs so I don't know where "member" came from. 10. In section 3.1 - you need to respect the limit on number of columns in your example. 11. In section 3.1 - you have not completed the example as you have not shown the final JWS encoding. 12. In section 4 - Is JWS being rejected for processing the same as saying the integrity protection failed or is it a different error? Is this protocol dependent in terms of what type of errors are to be returned by the surrounding protocol? 13. Section 4.1 - I find the table version to be difficult to read given the amount of text in the semantics field. Having this many really short lines inhibits readability. 14. 'alg' says both that the parameter is required and that "if present". If it is required then the "if present" would seem to be incorrect. 15. The values in table 3 are not reserved but defined (i.e. we are not reserving them for future use) 16. The text states that the key must be associated with the signer of the content. The current document for json keys does not have any way of associating a key with the signer. What does this requirement really mean? 17. I would suggest that the text reference the fact that an IANA table is going exist with a set of publicly defined values for the alg header parameter. 18. It would be useful to know if there was going to be any registry for the "typ" header. If not, then it would be useful to state that the values of the "typ" header are based on agreement between the parties. It would also be useful to state the expected behavior in the case the the value of the typ field is either unknown, does not match the expected value or is missing. Are values of the "typ" field supposed to have the same type of public/private values as does algorithm? If not what happens when a collision exists between two different applications? 19. 'kid' parameter - I want to write a library to deal with this specification I don't know what to do with the kid parameter. It would be more useful if you specified what would go in this value if the jku or x5u fields were used. Why would I not use the kid field rather than the x5t parameter using the same value? Why is this parameter even defined if one does not know how to use it. 20. 'x5u' parameter - I think you want to be able to allow for a bare x509 certificate w/ no packaging. This is a very common method of having pointers to certificates as well. This would not be pulling a certificate chain (which would require a CMS degenerate signed data blob) but a single certificate. 21. 'x5t' parameter - there may be push back from the security ADs on the IESG about the fact that this is not an algorithm agnostic manner of doing this. What would the correct way be for using the SHA-256 hash rather than the SHA-1 hash as a thumbprint for the certificate? One way would be to do an <algorithm>:<value> pair and saying that the "sha1:" can be omitted. 22. Please give me a test that I can use to validate the following protocol requirement from section 4.2: In each case, the definer of the name or value MUST take reasonable precautions to make sure they are in control of the part of the namespace they use to define the header parameter name. This is a case where I believe that the MUST should not be a protocol requirement. 23. Having done a much more detailed read. The last para in section 4.2 can be expanded as follows: New header parameters should be introduced sparingly, an implementation which does not understand a newly introduced parameter will fail validate of the JWS. However, uses which use the JWS structure but define additional semantics, such as the JSON Web Token usage, are expected to define additional public header parameters. 24. Why MUST I do the following steps (since to me this implies an order of operations). Is there a reason that I cannot do things in the order of 3, 4, 5, 1, 2, 6, 7? 25. In section 5,create step 3 - I am confused because when you say create the object I think of the code Obj = {"alg": "RSA-SHA256"} Given that, I don't understand what the text dealing with canonicalization and white space is about. This would deal with the serialized object rather than the object itself. But you have not said create and serialize the object. In my mind an object is a blob and a serialized object is one representation of the object, but it is not the actual object. 26. Reverse steps 1 and 2 in the validation process. That is the more likely order to be dealing with things. I would also move steps 3 and 5 to before the current step 2. It makes more sense to completely deal with the header and then move the body rather than jumping back and forth. If you make the result prescriptive rather than the steps it will allow people to do things in any order desired. 27. There is a lack of flow between the paragraph that says see section 8 because comparing Unicode strings is hard and the text in that says this is how to do it. 28. It would be good at this point to say if the normal methods of looking up an field name are going to work according to the text you have outlined. i.e. should one expect that aobj.alg is going to return the right answer? 29. Add reference to RFC 4868 30. Section 6.1 - step 2 - it was not immediately clear to me which was the previously generated HMAC - i.e. the one from step 1 or the one from the previous step 1. 31. Section 6.1 - is there a reason to compare the values as base64url encoded rather than in the native binary values? 21, Section 6.1 - The last para states that there is a correspondingly longer key and result. While the result is going to be longer, there is no requirement that the key be longer unless you are going to make a statement to that effect. One could use a 512 bit key for all of the algorithms. 22. section 6.2 - I don't consider the header parameter methods to necessarily be retrieval methods - i.e. hash of cert does not tell you how to find it. 23. Section 6.4 - I would have a recommendation that the the xml digsig (and the mime?) ones would not be permittable if there is a different one defined here. Also you do not say what should be done if I wanted to use the RSA PSS XML Digsig url in terms of setting paraemters - do I put the xml encoding into the parameters? 24. Section 8.1 - can JSON names include strings outside of the Basic Multlingual plane?