IETF Logo Mail Archive

Re: [jose] JOSE.Next - Clear-Text Signatures?

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 12 January 2015 09:50 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C707B1A8A8E for <jose@ietfa.amsl.com>; Mon, 12 Jan 2015 01:50:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jVkzXr4mtriy for <jose@ietfa.amsl.com>; Mon, 12 Jan 2015 01:50:37 -0800 (PST)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFC361A8A8B for <jose@ietf.org>; Mon, 12 Jan 2015 01:50:36 -0800 (PST)
Received: by mail-wg0-f46.google.com with SMTP id x13so18213917wgg.5 for <jose@ietf.org>; Mon, 12 Jan 2015 01:50:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=duSbTPx5OtMHS6URTpb2AHkfxs2t3FcAM46njYRip+4=; b=fSNzUKzMB+V1Sz8HkovIiWNzQ0q3SyIXiWz5wm+6ZXCTI7Jw3i7BJlyXFOhhrnKI8T PUpcTJjV7ZxXrJUvw/wC3HIBhtMWxMdEs6uwrDXOO77IOi7n8ZdJxZYF2Vi/CCiGexAD RfBAm4bdwgthR/82Z0/T1X/EmmgYpVcp7WicufKq7irSZykPhl5h9ZVqo7hvAP6q5aUv zyvM5qoKjbvaDlBeHyArwmxXFCOT7DrTISfUsLxELBdguKMYRdL378I6gsNCm9wa/3wq u73LaHbEZoIWwUwlPQdwco1c5YYCyB73HNHC+0umyVs8q1qzcVf7+Jx/9208nWE/x6ea zClw==
X-Received: by 10.180.73.108 with SMTP id k12mr28263351wiv.24.1421056235386; Mon, 12 Jan 2015 01:50:35 -0800 (PST)
Received: from [192.168.1.79] (48.194.130.77.rev.sfr.net. [77.130.194.48]) by mx.google.com with ESMTPSA id fi10sm2461476wib.13.2015.01.12.01.50.33 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Jan 2015 01:50:34 -0800 (PST)
Message-ID: <54B398E5.7000409@gmail.com>
Date: Mon, 12 Jan 2015 10:50:29 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>, 'Richard Barnes' <rlb@ipv.sx>
References: <54950E89.9000000@gmail.com> <CAL02cgRT=ihbfEFbpAvkGstYJam+NhyYRuniRBTPcu3vLQcSDQ@mail.gmail.com> <5495CAFF.50404@gmail.com> <000901d01ca8$0229c640$067d52c0$@augustcellars.com> <549658E8.9060607@gmail.com>
In-Reply-To: <549658E8.9060607@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/SGWb6Zc1NLM02HB7X8lO5VyQitU>
Cc: jose@ietf.org
Subject: Re: [jose] JOSE.Next - Clear-Text Signatures?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jan 2015 09:50:40 -0000

Hi Guys,
Happy New year!
Should I interpret the silence as "no interest"?

Since it has been proved beyond doubt that there's are no unsolved/unsolvable technical
issues using the principles of JCS, communities working with "business messaging" will
most likely (due to the absence of a standard) all develop their own take of clear-text
signatures.  This is perfectly OK but reduces the value of the great JOSE work which is
the rationale for considering a clear-text alternative as a JOSE.Next task.

It's easy to get some feeling for JCS; you can test it on-line at:
https://mobilepki.org/jcs

Recently I updated JCS to use the same ECDSA signature encoding as JOSE/WebCrypto/XML DSig
rather than the encoding used by OpenSSL, Oracle JCE and CMS.  Standards? The more the better :-)

A subset (only public keys are supported) but normalization-wise 100% JCS-compliant Python
implementation shows how painfully simple JCS is:
https://code.google.com/p/openkeystore/source/browse/python/trunk/src/org/webpki/json

There's no benefit with sorting properties since predictable serialization order is anyway
something lots of people have requested.  Humans <> Computers.

Cheers,
Anders

On 2014-12-21 06:21, Anders Rundgren wrote:
> On 2014-12-20 23:55, Jim Schaad wrote:
>>
>>
>>> -----Original Message-----
>>> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Anders Rundgren
>>> Sent: Saturday, December 20, 2014 11:16 AM
>>> To: Richard Barnes
>>> Cc: jose@ietf.org
>>> Subject: Re: [jose] JOSE.Next - Clear-Text Signatures?
>>>
>>> On 2014-12-20 18:33, Richard Barnes wrote:
>>>    > Clear-text signing requires c14n or some other representation-fixing.
>>>    > If you have proposals for at least one of those, this may be viable.
>>>
>>> As mentioned in the "prospectus" there are multiple ways ahead.  Some kind
>>> of canonicalization scheme is undoubtedly one of them.
>>>
>>>    > Relying on implementation quirks is not OK.
>>>
>>> My specific proposal does not build on implementation quirks but on an
>>> explicitly required serialization method which doesn't "scramble" data.
>>> This may or may not be supported by the target JSON parser.  Since JSON
>>> parsers usually are pretty simple I don't see this as a insurmountable
>> obstacle:
>>> https://openkeystore.googlecode.com/svn/resources/trunk/docs/jcs.html#Int
>>> eroperability
>>
>> Based on a quick scan of this, all we need to do is to define a new parser,
>> a new data format (need to keep both the original text and the value for
>> some types) and a new serializer and we are home free.
>>
>> I don't think that is a viable proposal.
>
> The floating point issues may be a show-stopper from a standardization
> point of view but it has few practical implications since the target for
> JCS is security-protocols (its "cradle") and payments which rarely depends
> on floating point data.  99% "coverage" seems good enough :-)
>
> There's no need for new parser, a minute update of existing such may be required in some cases.
> A quick scan of programmer hangouts like "stackoverflow" shows that quite a few
> people ask for JSON parsers that honor property order regardless of the fact that
> JSON doesn't in any way require that so such an update have uses outside of signatures.
>
> As an exercise you could visualize the following counter-signed message in JWS:
> https://openkeystore.googlecode.com/svn/wcpp-payment-demo/trunk/docs/messages.html#UserAuthorizesTransaction
> Well, to make it easier, here it is:
>
>       {
>         "payload":"<base64>",
>         "protected":"<base64>",
>         "header":<base64>,
>         "signature":"<base64>"
>       }
>
> Now consider how you would communicate that to a payment community who
> to date have been using XML.
>
> Somewhat related: Although Google's U2F is incompatible with "gold standards"
> like ISO 7816 and PKCS #11/NSS, it has gotten the biggest interest I have
> ever seen in this space.  The "traditional" software industry bogged down by
> legacy designs and ideas would never be able to pull off such a stunt.
>
> Anders
> "almost" standards-compliant
>
>> Jim
>>
>>
>>>
>>> Targeting the lowest common denominator is the governing standards
>>> strategy.
>>> IMO, this [often] thwarts innovation and creates lousy systems so I don't
>> care
>>> :-)
>>>
>>> Cheers,
>>> Anders
>>>
>>>
>>>>
>>>> --Richard
>>>>
>>>> On Sat, Dec 20, 2014 at 12:52 AM, Anders Rundgren
>>> <anders.rundgren.net@gmail.com
>>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>>>
>>>>       Hi List,
>>>>       In theory JOSE is done since we have key containers, as well as
>> signature
>>> and encryption constructs.
>>>>
>>>>       In reality it is not because the topic I raised a long time ago
>> namely the
>>> ability to sign clear-text
>>>>       JSON data in a similar fashion like in XML DSig simply isn't going
>> away:  No,
>>> it is not only yours
>>>>       truly who is into JSON clear-text signing although it seems that
>> everybody
>>> is dealing with this
>>>>       issue in quite different ways.  This may actually only be good since
>> then
>>> there are some
>>>>       real-world (tested) schemes to select from.  AFAICT they all have
>> (even
>>> including my own take
>>>>       on the subject...), clearly identifiable pros and cons.
>>>>
>>>>       The rationale is simple: Documentation, Validation, Development and
>>> Debugging of
>>>>       complex JSON messages becomes easier if the content is provided in
>>> clear.
>>>>
>>>>       There could be justification for IETF taking on such a work-item.
>>>>
>>>>       Anders
>>>>
>>>>       _________________________________________________
>>>>       jose mailing list
>>>>       jose@ietf.org <mailto:jose@ietf.org>
>>>>       https://www.ietf.org/mailman/__listinfo/jose
>>>> <https://www.ietf.org/mailman/listinfo/jose>
>>>>
>>>
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>>
>

v2.23.0 | Report a Bug | By Email