IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

Breno de Medeiros <breno@google.com> Tue, 28 August 2012 19:06 UTC

Return-Path: <breno@google.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B5E621F8539 for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 12:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.721
X-Spam-Level:
X-Spam-Status: No, score=-102.721 tagged_above=-999 required=5 tests=[AWL=0.255, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfmPJ-tBXXeT for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 12:06:35 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id AA31921F8526 for <jose@ietf.org>; Tue, 28 Aug 2012 12:06:34 -0700 (PDT)
Received: by qcac10 with SMTP id c10so4227899qca.31 for <jose@ietf.org>; Tue, 28 Aug 2012 12:06:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=Y79hpL4tLI8FB8ddpd2m1jLCSp7Eo3yVvOdU3pX+dpE=; b=PNkAiUHDHex0BU1iZFZ9z6tR3DU/D36zD9g16uBdIvTAf1KssdP0Uxw5LSULxXgFpM RAKa2hIN6vkWoDGj81LDgJ5ZUKh5tUn7M3MRtMbj/++zDvNjDyLV+mCQpxOjUSrLQckk VkTjae2I7fNxUCkNVrg2H39/SqKBUY07U54fdfJKYEC/KvMKAKkU12jI6Md9/CMMDofd W7jE5gIuLBG4gT5q0qKlCbqhb7/FnKQXuXshSsFPHWIy7rvX1aDyu2ax5yWGMfR5i0rD fHQiDS9T4HWKlfM4kPJT6nHT2NZxeRO4w4gjZizJoqJxst4jIGzT6GRxQXYwv8ln71OM o75A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=Y79hpL4tLI8FB8ddpd2m1jLCSp7Eo3yVvOdU3pX+dpE=; b=ZtNyopkAWBbrd6777KsqWtMzeJldMSsCfaDizdQeTYGcExlDIKP1P8k66M76V6YFdr Gq2WKFXimRoNJ2vJ1V+8uMqst7q63ov3+pQyqDSbJt1ZTL5d0bpNnBxnkQteh1n+ojpX 3mOUr1J9O9Cj5XBJ468Q88MoJY9woiIUbLKUoppjALqqLMEkMTA2xHrV+uBzPAbkZqWH 2BgWe/4ec0S+vGaVWNy2wbxrtI593zepV5clwzmIR59qkv17Ue4MhxuFv0tORhFfE6rx W4kjGqil9kBQuelnwG5NmNzbq2RVOnlleCLlI3NPHZcC3bXgPEcyWKqFhGD3zRWVAvrC 4J8w==
Received: by 10.224.196.73 with SMTP id ef9mr32483059qab.36.1346180793805; Tue, 28 Aug 2012 12:06:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.196.73 with SMTP id ef9mr32483023qab.36.1346180793591; Tue, 28 Aug 2012 12:06:33 -0700 (PDT)
Received: by 10.229.162.193 with HTTP; Tue, 28 Aug 2012 12:06:33 -0700 (PDT)
In-Reply-To: <F668D905-31C6-4D76-935F-4AD4A8859876@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B1680429673943667A93F8@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAHcDwFzh6HcgsJYFXq71RWSwKWkMADBNQH7_goAtTFNmz-wSwQ@mail.gmail.com> <503CD692.4020007@mitre.org> <F668D905-31C6-4D76-935F-4AD4A8859876@ve7jtb.com>
Date: Tue, 28 Aug 2012 12:06:33 -0700
Message-ID: <CAAJ++qHK0NwCxYVoWNdF_h-of4s3nXn+bOVHVHMzeNqfmiwsMg@mail.gmail.com>
From: Breno de Medeiros <breno@google.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="20cf300fb20101662404c8582472"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQmkcGE+b0kyQ/BwWX3LRE5wzhO0oWdII7r5o6U1Y2mRD88o/AtVdznPijifZJH5RIcQsbbMzuB2jz0xSzYYOdrCTYXNEODPoqblzSefGDvgkZLHjb/FRoRNpz9LiW/r585Zb3S1PKT5ZAlCntJzU/lOshdaLFul+7dNqEwVfvmPVZ//d/lBCw179jL6lnlzZIQwQQVq
Cc: Axel Nennker <ignisvulpis@googlemail.com>, Mike Jones <Michael.Jones@microsoft.com>, Justin Richer <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>, Jim Schaad <ietf@augustcellars.com>
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 19:06:36 -0000

I agree that this should be looked independently of oauth2.

Nonce is a generally used concept in crypto, though sometimes protocol
designers have called for nonces with bad outcomes because the difficulty
of implementing nonce-checking was disregarded. However, difficulties to
implement nonces in general are not relevant if there is a compelling use
case that is able to leverage nonces effectively.

As for timestamps: we already have issued time and the nonce can embed a
timestamp additionally. So I don't think we need to concern ourselves with
timestamps when considering nonces.




On Tue, Aug 28, 2012 at 8:09 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> In OAuth 2 state gets overloaded with a bunch of things from preventing
> XSRF to providing a handle to look up who the the authorization request was
> sent to.
>
> In Connect we added a nonce sent by client that is returned inside the
> signed id_token (JWT) to allow the client to detect replay, and optionally
> reference a specific browser session that presents the id_token.
>
> The nonce I suggested for JOSE is not ether of those.
>
> I used nonce in the sense that it is used with stream cyphers when the
> same key is used over multiple messages.
>
> JOSE will be used for more than OAuth and JWT.   There are cases where
> adding entropy to the header will be a security benefit.  I would like to
> have a standard claim for doing that.
> If people want to call it something else that is fine, but it is a nonce
> by definition.
> If used it should be a random or pseudo random value that is time variant
> with sufficient granularity to ensure a nonce is used only once.
>
> John B.
>
> On 2012-08-28, at 10:32 AM, Justin Richer <jricher@mitre.org> wrote:
>
>  On 08/25/2012 03:37 AM, Axel Nennker wrote:
>
> To clarify: What is the base specification that Jim mentioned?
> Is it: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03 ?
>
> Would somebody please present a use-case for either nonce or timestamp?
> If a jwt is used with oauth2 then what is the difference between nonce and
> state? Nonce would be signed while state is not?
>
>
> Nonce would generally be generated by the entity creating the token. State
> in OAuth is generated by the client, and would only be protected if the
> client had a means to make a signed request to the server, using either a
> MAC binding or a JWT-based OIDC-style RequestObject.
>
>  -- Justin
>
> I guess I am missing some information that those in the room who voted
> "yes" had?
>
> Axel
>
> 2012/8/25 Mike Jones <Michael.Jones@microsoft.com>
>
>> I'll note for discussion purposes that a nonce and a timestamp are not
>> the same thing (although sometimes they are used to achieve similar/related
>> goals).  A nonce tends to be an opaque value that must be preserved across
>> the communication.  Whereas a timestamp typically has defined semantics -
>> sometimes simply a non-decreasing integer value - and sometimes a
>> representation of time, and then, sometimes with a uniqueness requirement.
>>
>> For discussion purposes, I'll say that the simplest thing for us to do
>> (should we decide to do anything in this regard) would be to define the
>> nonce as an opaque string value that must be preserved.
>>
>> We could also define a timestamp parameter, but as I wrote above, that
>> would likely require us to specify additional semantics - starting with
>> whether it's a non-decreasing integer or a representation of a time value.
>>  This seems much harder to define and possibly to use than a nonce.
>>
>> Would it make sense to define a nonce parameter now and hold off on
>> defining a timestamp parameter until there's a clear demonstrated use case
>> for which a nonce is not sufficient?  That would be my personal
>> recommendation.
>>
>>                                 Best wishes,
>>                                 -- Mike
>>
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
>> Jim Schaad
>> Sent: Friday, August 17, 2012 12:05 AM
>> To: jose@ietf.org
>> Subject: [jose] POLL: Nonce/Timestamp parameter
>>
>> <CHAIR>
>>
>> If you voted at the face-2-face please do not vote again.  If you want to
>> provide comments please change the title from POLL to DISCUSS.
>>
>> Do we need to define a nonce/timestamp parameter in the base
>> specification?
>>
>>
>>
>> Room vote:  6 yes, 0 no, 1 discuss
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>
>
>
> _______________________________________________
> jose mailing listjose@ietf.orghttps://www.ietf.org/mailman/listinfo/jose
>
>
>  _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>


-- 
--Breno

v2.41.0 | Report a Bug | By Email | System Status