Re: [jose] #25: Detached content for the ALTO use case
"Jim Schaad" <ietf@augustcellars.com> Thu, 27 June 2013 16:34 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF11521F9E28 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 09:34:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cD6UTRmcGoc for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 09:34:15 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) by ietfa.amsl.com (Postfix) with ESMTP id 0100921F9E15 for <jose@ietf.org>; Thu, 27 Jun 2013 09:34:14 -0700 (PDT)
Received: from Philemon (mccpool-66-89.ci.monterey.ca.us [205.155.66.89]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id 3F5E338F20; Thu, 27 Jun 2013 09:34:13 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'John Bradley' <ve7jtb@ve7jtb.com>
References: <061.ff0b5e5ec612118e22556dfc646e603e@trac.tools.ietf.org> <076.edb3925c8fcf46207d36414fcad4b5e6@trac.tools.ietf.org> <03a601ce72c7$6eb58010$4c208030$@augustcellars.com> <C18B2753-41A6-4C47-BB22-A139896C44A0@ve7jtb.com>
In-Reply-To: <C18B2753-41A6-4C47-BB22-A139896C44A0@ve7jtb.com>
Date: Thu, 27 Jun 2013 09:33:17 -0700
Message-ID: <048e01ce7354$07537480$15fa5d80$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHKld+pXydVGMxINHz+GIm2S6VogAHtViClAgJhV54COfI4kJkgJ9yg
Content-Language: en-us
Cc: jose@ietf.org, draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: Re: [jose] #25: Detached content for the ALTO use case
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 16:34:19 -0000
I agree that forcing the application layer to figure out where and what the detached content is makes compete sense. This would be true if we did detached signatures or indirect content hashing. For indirect content hashing I think we would need to define the following: 1. An object structure 2. A media type for that structure 3. How to do an array of references (it is possible that we would just only allow one but I don't know that this makes sense) 4. A member for a hash value 5. A member for a hash algorithm 6. A set of hash functions with the appropriate registration 7. A member name for a content identifier in the event that we allow multiple references (optional element) I also think it would make sense to evaluate two sets of rules for evaluation that an application can just reference All or nothing - all of the contents need to be found and evaluated for the signature to be considered to be valid Optional checking - the contents are checked independently from the signature processing. Hash values are checked when and as needed. > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com] > Sent: Wednesday, June 26, 2013 6:20 PM > To: Jim Schaad > Cc: draft-ietf-jose-json-web-signature@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] #25: Detached content for the ALTO use case > > The problem is describing the detached thing in a way that will allow for > correct verification. > SOAP has a number of interesting things that can happen by getting the > receiver to verify one header part but use another for processing. > XMLdsig wrapping attacks exist and are to some minds related to detached > signatures. > > In Connect the claim defines exactly how to find the detached body. > > Leaving it to the application layer to define where the detached body is to be > located is not unreasonable. > > How are you thinking of doing that in a generic and secure enough way to be > useful in JWS itself? > > The signature itself is not really the hard part. > > As an example of a detached body that might be useful to look at is signing a > HTTP request for OAuth and including the JWS in a header. How in a generic > JWS way would you describe how to assemble the body to be hashed? > > In principal I see lats of uses at the application layer for sending a hash of > something in a JWS where the application layer describes how to assemble > some custom content for hashing, but I have a hard time seeing that happen in > a interoperable way in JWS. I could be wrong and am interested in concrete > proposals. > > John B. > > On 2013-06-26, at 7:46 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: > > > I completely disagree with your characterization that detached signatures > was either a complicated feature or that it caused interop problems. The > problems that I always had with XMLDSig were XML problems and had nothing > to do with the question of detached or non-detached, canonizied or non- > canonicized. The problem was always that XML itself was not a good thing to > try and produce a usable and reproducible octet stream for the purposes of > hashing. If you just processed it as a binary stream in a disk file then there > were no problems (assuming that you had not re-written it in some way). > > > > I also disagree that it would be any easier to do a detached signature using > an indirect rather than direct form. If you are worried about having things > change because it is a detached content, then it makes no difference if that > detached content is either directly or indirectly reference. I don't think that > going to an indirect form fixes this problem in any way. > > > > Finally, if we are going to say this is the way to do things, we need to define a > way to do this in the JOSE drafts themselves. This would expected to be a > standard technique that is used by a number of different systems. It should > therefore be a common method for doing it because otherwise you get many > different ways of doing it that are designed by non-security people and > therefore prone to error. > > > > > >> -----Original Message----- > >> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > >> jose issue tracker > >> Sent: Tuesday, June 25, 2013 5:08 PM > >> To: draft-ietf-jose-json-web-signature@tools.ietf.org; > >> michael.jones@microsoft.com > >> Cc: jose@ietf.org > >> Subject: Re: [jose] #25: Detached content for the ALTO use case > >> > >> #25: Detached content for the ALTO use case > >> > >> > >> Comment (by michael.jones@microsoft.com): > >> > >> Detached signatures was one of the complicated features of XMLDSIG that > >> caused substantial interop problems. I d thought that there was already > >> substantial sentiment in the working group not to do this because of the > high > >> complexity/benefit ratio. > >> > >> The good news, however, is that a form of detached signatures is EASY to > >> build one layer up the stack by signing a hash of the detached content. > >> ALTO could easily do this. > >> > >> There s already a deployed example of this, in fact. OpenID Connect > >> includes a hash of the OAuth Access Token as a claim in the ID Token > issued > >> with it. This allows the holder of the ID Token to verify that token > substitution > >> of a different Access Token value has not been performed by an attacker. > >> This works with JWS as it is today. > >> > >> I therefore suggest that we recommend this technique to ALTO and add a > >> description of it in the ALTO section of the Use Cases document and close > this > >> issue as won t fix . > >> > >> -- > >> -------------------------+---------------------------------------------- > >> -------------------------+--- > >> Reporter: | Owner: draft-ietf-jose-json-web- > >> ietf@augustcellars.com | signature@tools.ietf.org > >> Type: defect | Status: new > >> Priority: major | Milestone: > >> Component: json-web- | Version: > >> signature | Resolution: > >> Severity: - | > >> Keywords: | > >> -------------------------+---------------------------------------------- > >> -------------------------+--- > >> > >> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/25#comment:1> > >> jose <http://tools.ietf.org/jose/> > >> > >> _______________________________________________ > >> jose mailing list > >> jose@ietf.org > >> https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose
- [jose] #25: Detached content for the ALTO use case jose issue tracker
- Re: [jose] #25: Detached content for the ALTO use… jose issue tracker
- Re: [jose] #25: Detached content for the ALTO use… Jim Schaad
- Re: [jose] #25: Detached content for the ALTO use… John Bradley
- Re: [jose] #25: Detached content for the ALTO use… sakimura
- Re: [jose] #25: Detached content for the ALTO use… Jim Schaad
- Re: [jose] #25: Detached content for the ALTO use… John Bradley
- Re: [jose] #25: Detached content for the ALTO use… jose issue tracker