IETF Logo Mail Archive

Re: [jose] #23: Make crypto independent of binary encoding (base64)

Mike Jones <Michael.Jones@microsoft.com> Wed, 12 June 2013 20:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5774311E80BA for <jose@ietfa.amsl.com>; Wed, 12 Jun 2013 13:33:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WG2gEmyNGcXI for <jose@ietfa.amsl.com>; Wed, 12 Jun 2013 13:33:10 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id 3248821E809B for <jose@ietf.org>; Wed, 12 Jun 2013 13:33:09 -0700 (PDT)
Received: from BL2FFO11FD005.protection.gbl (10.173.161.201) by BL2FFO11HUB037.protection.gbl (10.173.160.241) with Microsoft SMTP Server (TLS) id 15.0.707.0; Wed, 12 Jun 2013 20:33:07 +0000
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD005.mail.protection.outlook.com (10.173.161.1) with Microsoft SMTP Server (TLS) id 15.0.707.0 via Frontend Transport; Wed, 12 Jun 2013 20:33:07 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.110]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.03.0136.001; Wed, 12 Jun 2013 20:32:58 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Thread-Topic: [jose] #23: Make crypto independent of binary encoding (base64)
Thread-Index: AQHOZwAMAj7aO3iBB0SstN6K1FxxM5kyI/iAgABjd4CAAAB88A==
Date: Wed, 12 Jun 2013 20:32:57 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436782C704@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <049.69ffc5ebf959c6eac7990651822fadf9@trac.tools.ietf.org> <064.e396e921644745f7bd339ad363a7d7f7@trac.tools.ietf.org> <BF7E36B9C495A6468E8EC573603ED94115283F43@xmb-aln-x11.cisco.com> <CAL02cgSpYtAVVNe7AOiNhnBUqP-=CWaXw7NH2XwUu6eXgfZJ+w@mail.gmail.com>
In-Reply-To: <CAL02cgSpYtAVVNe7AOiNhnBUqP-=CWaXw7NH2XwUu6eXgfZJ+w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.72]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436782C704TK5EX14MBXC283r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(51444003)(24454002)(189002)(51704005)(199002)(377454002)(49866001)(63696002)(44976003)(33656001)(47446002)(76796001)(54356001)(56776001)(74876001)(74706001)(74662001)(74366001)(31966008)(80022001)(69226001)(47976001)(74502001)(20776003)(81542001)(512954002)(76482001)(50986001)(79102001)(51856001)(54316002)(46102001)(76786001)(59766001)(6806003)(66066001)(47736001)(71186001)(56816003)(53806001)(81342001)(65816001)(55846006)(77982001)(77096001)(16236675002)(4396001)(16406001)(15202345002); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB037; H:TK5EX14MLTC104.redmond.corp.microsoft.com; CLIP:131.107.125.37; RD:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08756AC3C8
Cc: "<draft-ietf-jose-json-web-encryption@tools.ietf.org>" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, "<jose@ietf.org>" <jose@ietf.org>
Subject: Re: [jose] #23: Make crypto independent of binary encoding (base64)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 20:33:16 -0000

We shouldn't be basing decisions now on speculative binary encoding that may or may not ever come into existence or gain any traction.  We're explicitly building solutions that are intended to be easily usable with JSON as it exists today, for deployment today and into the future.

As Justin pointed out, there's an existence proof that JWS is simple enough that developers get it right.  That's actually very important, and not something that we should dismiss lightly.

If later a binary encoding has come into existence and gained traction, we could decide to recharter and do more work, if necessary.  But I'm not holding my breath on the precondition to that "if".  Besides, if people are fine with binary encodings, we already have CMS.

                                                                -- Mike

From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: Wednesday, June 12, 2013 1:24 PM
To: Matt Miller (mamille2)
Cc: jose issue tracker; <draft-ietf-jose-json-web-encryption@tools.ietf.org>; Mike Jones; <jose@ietf.org>
Subject: Re: [jose] #23: Make crypto independent of binary encoding (base64)

<impartial-analysis>
So just to be clear on the trade-off the WG has to make:

On the one hand: Breaking every existing JWT implementation in the world
On the other hand: Eternally binding ourselves to base64 encoding, even if binary-safe encodings become available (CBOR, MsgPack, etc.)
</impartial-analysis >

<personal-opinion>
I have some sympathy with JWT implementors.  It sucks to have to refactor code.  But I think we're literally talking about something like a 5-line patch.  And early JWT implementors knew or should have known (to use a DC phrase) that they were dealing with a draft spec.  As the W3C editor's draft template says, in big bold red print, "Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways."

As PHB pointed out in the other thread, it would be nice to use JWS and JWE in place of CMS one day, without the base64 hit.  We should incur the implementation pain now, and get the design right for the long run.  Base64 is a hack around JSON; we should build the system so that when we no longer need that hack, it can go away.
</personal-opinion>

--Richard



On Wed, Jun 12, 2013 at 10:27 AM, Matt Miller (mamille2) <mamille2@cisco.com<mailto:mamille2@cisco.com>> wrote:
I did at first find it curious why the cryptographic operations were over the base64url-enccoded values, but I was also very focused on JWE, where I think the field separation problem is less of an issue (at least now).  For JWS, this would certainly cause problems without some manner of unambiguous field parameterization.

I will note that unescaped NULL is not valid in JSON, so it could be used as a separator between the encoded header and the payload.  I do find it interesting if JOSE could more easily and efficiently support other encodings.  However, I think that while this is an interesting thought experiment, it seems we're too far down the path to seriously consider it unless the current state were shown to be horribly broken.


- m&m

Matt Miller < mamille2@cisco.com<mailto:mamille2@cisco.com> >
Cisco Systems, Inc.

On Jun 11, 2013, at 6:01 PM, jose issue tracker <trac+jose@trac.tools.ietf.org<mailto:trac%2Bjose@trac.tools.ietf.org>> wrote:

> #23: Make crypto independent of binary encoding (base64)
>
>
> Comment (by michael.jones@microsoft.com<mailto:michael.jones@microsoft.com>):
>
> For both serializations, you already need the base64url encoded versions
> of the JWS Header and the JWS Payload to preserve them in transmission, so
> computing them isn't an extra burden.  In the JWS Compact Serialization,
> you already need the concatenation of the Encoded JWS Header, a period
> character, and the Encoded JWS Payload, so computing that concatenation
> isn't an extra burden.  Given you already have that quantity, computing
> the signature over it is the easiest thing for developers to do, and it's
> been shown to work well in practice.  There's no compelling reason to make
> this change.
>
> Even for the JSON Serialization, the only "extra" step that's required to
> compute the signature is the concatenation with the period character - to
> prevent shifting of data from one field to the other, as described by Jim
> Schaad in the e-mail thread.  So this step isn't actually "extra" at all -
> it's necessary.  It's also highly advantageous to use exactly the same
> computation for both serializations, which is currently the case.
>
> Since there is no compelling reason to make this change, and since making
> it could enable the "shifting" problem identified by Jim, it should not be
> made.
>
> --
> -------------------------+-------------------------------------------------
> Reporter:  rlb@ipv.sx<mailto:rlb@ipv.sx>   |       Owner:  draft-ietf-jose-json-web-
>     Type:  defect       |  encryption@tools.ietf.org<mailto:encryption@tools.ietf.org>
> Priority:  major        |      Status:  new
> Component:  json-web-    |   Milestone:
>  encryption             |     Version:
> Severity:  -            |  Resolution:
> Keywords:               |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/23#comment:2>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org<mailto:jose@ietf.org>
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email