[jose] Re: Do you need the JWP JSON Serialization?
Brian Campbell <bcampbell@pingidentity.com> Thu, 08 August 2024 22:32 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8512FC1519A9 for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 15:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id owX_uCRSqohl for <jose@ietfa.amsl.com>; Thu, 8 Aug 2024 15:32:38 -0700 (PDT)
Received: from mail-vk1-xa2d.google.com (mail-vk1-xa2d.google.com [IPv6:2607:f8b0:4864:20::a2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F285C1519A6 for <jose@ietf.org>; Thu, 8 Aug 2024 15:32:38 -0700 (PDT)
Received: by mail-vk1-xa2d.google.com with SMTP id 71dfb90a1353d-4f6b67d9608so649364e0c.2 for <jose@ietf.org>; Thu, 08 Aug 2024 15:32:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1723156357; x=1723761157; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XEZI3EEK1NsBphTdhzLq35sqrZ65VWL+b0tlQrG7HLo=; b=WsJA3BgVfMQGVscqXkKxtHPyphMbfC7KOExEdaMQSquWJ/1KCGy3yPhXr7tc0koUCV Tp8JlBOxN0ZtHOZDtV9KHLboy+2dX3mm3C1h5D++8/KEixFaIgTXW0qseerH+sQNW0L0 V85soS8A6WibsD7ijRvHnPkF3/RhCvFVHTm4nWIYJD0EW/0B61n8FtpOJlLpLVYXbw9Q 5gslHrbKz7kut1tEv+CrYnS8RLH34opaclVIYlu6/+6PRImXfOE2WF+IJ6G1lJQckkp3 Szrqmbz9xiTVH+rt3m7QtzG/7k52HatuljpjVPDNmggAHmw67fIJ4NoBM/UXzb9qR6s+ xcaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723156357; x=1723761157; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XEZI3EEK1NsBphTdhzLq35sqrZ65VWL+b0tlQrG7HLo=; b=DBNrJZ0ySEAKaNv4V6jeOlm9otNHzfv8cpg/UhEqqbkZMQrQe5dqBSh3e9wSr649en echAyEv86mV5nbH2dqF/ONOGphJqYMSftVc5/8W3D7kcERhYvWWFKNUy5bPgLW06vAdn kBvrUy2HvTu4i7ap1ytMaLVI/hlscNiq/yuexYU7yh0XDF+Mnp+XI/r9K/Kvy6L8ndtz nviDFONptFltDIpfmGK+aB7v8fMKxwvUemIFTgh/YEl9akfhh+2F9iqdV8HetdiJjRzz zcoA7D4EtecPuh67lafIL21sYXbMMywOriMKUcpswUTnCWzMXsUsOF1lKh/KVoVsWb56 kboA==
X-Gm-Message-State: AOJu0Yx+3uxRBiQTFTmwLDQFgEg7y8ZjvXfRFSaRTFXNUM2lbMaF0JLr lvJZmgu1DhtKJZ8nRwfeuQ1Li9ZlkHJC8BPA6Pb7bkgcC8b9DyCEd7b/Guflb0JwCKvPPe34EDK HjqjFFH0fl1WKX2qJcoGfOHlqrCLD3ucY4lE8skGzKaHWkv9tSo7RaQHN9haJDMQ0UgG6yVlfJg C7v9bbsZZefRemFHCbKShiKQ==
X-Google-Smtp-Source: AGHT+IGsnIeyagKuM4dzFz1fDTK9xb/TlN42JimSXZ928gPqQ7X1epMoeJbCVW4+eZAJfPl4MEAPa8mT49D05B9ABIA=
X-Received: by 2002:a05:6122:4592:b0:4f5:23e4:b7c with SMTP id 71dfb90a1353d-4f902104e63mr4365828e0c.0.1723156356736; Thu, 08 Aug 2024 15:32:36 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR02MB74391ECC2D8130E1F0994C1AB7BF2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCQNWURoC=PcgNsmqGNhbd0Vpu9ukSwx+ZzJ7zLLS1hckg@mail.gmail.com> <CAN8C-_LYKz2Vg6gDQv3mRX4KsJnESeyc=Af58V_DBiLGV_Hqpg@mail.gmail.com> <CA+k3eCSw6+C3Hs3ijsUrO1rVNJbHTt8ggAp6AtcLkgRoH6vVFw@mail.gmail.com> <CAN8C-_+fh5UxVjvoQe5+VMZoWufkHM9CYaNbFagkoeN-ZNY4=A@mail.gmail.com>
In-Reply-To: <CAN8C-_+fh5UxVjvoQe5+VMZoWufkHM9CYaNbFagkoeN-ZNY4=A@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 08 Aug 2024 16:32:10 -0600
Message-ID: <CA+k3eCRu-PAmdywgfcpnxP1T-me-2FYfTyKb_oP602CrB9ADpQ@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Content-Type: multipart/alternative; boundary="00000000000089470d061f339af0"
Message-ID-Hash: F4FAIHVANGUAW3Q3Z3UJZM7Z5I5TCBL3
X-Message-ID-Hash: F4FAIHVANGUAW3Q3Z3UJZM7Z5I5TCBL3
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "jose@ietf.org" <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Do you need the JWP JSON Serialization?
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/NBOxR_BMO9eA428HHVRd-CKiUAc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Thu, Aug 8, 2024 at 12:18 PM Orie Steele <orie@transmute.industries> wrote: > That's fair : ) > > Let's replace "suspicion" with "I would have argued for a different > design". > That's fair :) But I would have vehemently argued against that different design. > In JOSE, ~ is just used as a placeholder for "missing unprotected header". > This is entirely incorrect. > You still need to validate that the correct mutable data was included, and > that no "unexpected mutable data" was included. > > That's a "verifier policy over mutable data". > > In the context of SD-JWT that means checking disclosures, matching their > hash to the kbt and making sure the kbt is signed by the cnf. > That is basically a summary of some of how SD-JWT works. Except it's missing the whole salted hash to disclosure check that ensures the integrity (as issued by the issuer) of the selectively disclosable claims. Which is arguably the core and most important feature of SD-JWT. This section tries to describe what is integrity protected and by whom in what situations: https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-10.10 that might help or further derail this conversation. > > That is very similar to the kind of unprotected header processing that > COSE supports, see: > > https://www.rfc-editor.org/rfc/rfc9338.html#section-2 > There are some similarities but I'd be careful not to overstate them. > Sure maybe it's less obvious that jwt (cnf) -> disclosures -> hash -> kbt > signed by cnf is a kind of counter signature. > Sure, I guess it is a kind of counter signature. Kinda. But really it's a purpose built proof-of-possession mechanism that also happens to be a signature that includes a hash based integrity check over the set of selected disclosures. It's there because some folks thought it was needed (I'm still not totally convinced but rough consensus and everything so it's there and it doesn't hurt anything other than added complexity and more potential interoperability problems). > But it is a second signature, over a specific set of disclosures that is > grouped together with the first signature, which are verified together. > > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-10#section-9.1 > Speaking strictly as an individual - those new unprotected headers in the JWS JSON serialization for SD-JWT are an extremely awkward design from a data model perspective. There are "reasons" it ended up that way but that doesn't make the design a good one or something to point to as a pattern to follow. The entire SD-JWT JWS JSON serialization is arguably a mistake. One which was necessitated by a series of mistakes that came before it; starting with the JOSE JSON serialization, which I'll suggest never should have existed. > """ > Unprotected headers other than disclosures are not covered by the digest, > and therefore, as usual, are not protected against tampering. > """ > > This is similar to how values in unprotected headers in COSE are not > protected, unless there is some "verification process" such as checking a > counter signature, or merkle tree inclusion proof. > Amusingly (to me anyway), I gave Dr. Daniel Fett a hard time (in a hopefully friendly way) when he wrote the very sentence you quoted. I thought it was kind of silly to point out the obvious like that. But maybe the need to write something like that underscores some of the potential pitfalls inherent in a feature like unprotected headers. > > Isn't JWP meant to replace SD-JWT in some cases that require stronger > unlinkability? > I do think there are people who perceive it that way. > > IIRC SD-JWT and OAUTH had good reasons to define a JSON Serialization, > OAuth in general has never had need for the JOSE JSON Serializations. And, as alluded to above, the reasons behind the SD-JWT JSON Serialization are not widely considered good. > and if it's used, those users should be able to switch to JWP or CWP in > the future. > Any such switch is going to require some changes in some places. Probably a lot of them. Trying to design for and/or optimize for a hypothetical future switch does not seem to me like it should be high on the priority list of considerations. > OS > BC > > > > > > On Thu, Aug 8, 2024 at 12:33 PM Brian Campbell <bcampbell@pingidentity.com> > wrote: > >> >> >> On Thu, Aug 8, 2024 at 11:27 AM Orie Steele <orie@transmute.industries> >> wrote: >> <snip> >> >>> >>> If JWTs had unprotected headers, I suspect SD-JWT would have used them >>> for the mutable part (disclosures). >>> >> >> That suspicion is entirely incorrect. >> >> <snip> >> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.* > > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [jose] Do you need the JWP JSON Serialization? Michael Jones
- [jose] Re: Do you need the JWP JSON Serialization? Bret Jordan
- [jose] Re: Do you need the JWP JSON Serialization? Michael Jones
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Carsten Bormann
- [jose] Re: Do you need the JWP JSON Serialization? David Waite
- [jose] Re: Do you need the JWP JSON Serialization? Carsten Bormann
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Neil Madden
- [jose] Re: Do you need the JWP JSON Serialization? Orie Steele
- [jose] Re: Do you need the JWP JSON Serialization? Brian Campbell
- [jose] Re: Do you need the JWP JSON Serialization? David Waite