IETF Logo Mail Archive

Re: [jose] Secdir review of draft-ietf-jose-json-web-signature-31

Richard Barnes <rlb@ipv.sx> Wed, 17 September 2014 13:24 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4A151A01CB for <jose@ietfa.amsl.com>; Wed, 17 Sep 2014 06:24:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6Y8DS7fTwsZ for <jose@ietfa.amsl.com>; Wed, 17 Sep 2014 06:24:29 -0700 (PDT)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90AFF1A030C for <jose@ietf.org>; Wed, 17 Sep 2014 06:24:27 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id pv20so1808805lab.22 for <jose@ietf.org>; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UNOoP9qWfXZWudfKHxTuIUtG/4zKsGMH8/reH/ZnWTo=; b=DDiV3Q1bH9cNb/rXZXrZWs77JJq808uigOU3GGW7k003ybrInwEJcZX0aPNeadyFy2 TVnwoYjRrKrkCDIDgxMFEb8R5/bHyiik7mcsb2xXKDKmkxgjmXqzIygQo7kQ+82iLHI1 xZALe19keoCKbjQJQqYgc7b6a2POMwhQrv6M5oeIzquTMf2FsM8t3BkzDI/TRnXvK3dT jKQsa7wG9RPjuUMawE34dK0f0iPi4MJVohESHuT0hQjWdRA0deVGErgBui0IGJcP1+/n L2yQarenj4CQUJuE4jbDqHB1S2OUlJeN6WequyL/uA/bE7OBMfZGR0e2M4I+/KXCvkkt u84Q==
X-Gm-Message-State: ALoCoQkI0m7g59SUh6Pz4wRl+FMFVasFLhmbS60l5hVSCtaVvl/Dw9x4IYQvfIwA7nAxKCrGeo+a
MIME-Version: 1.0
X-Received: by 10.152.116.7 with SMTP id js7mr45545522lab.12.1410960265676; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
Received: by 10.25.159.84 with HTTP; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
In-Reply-To: <21529.16232.880915.215045@fireball.kivinen.iki.fi>
References: <21512.21725.209461.976375@fireball.kivinen.iki.fi> <4E1F6AAD24975D4BA5B16804296739439AE9DD47@TK5EX14MBXC292.redmond.corp.microsoft.com> <CAL02cgSsi603XL2o4S89pAw64yLv0JRZaDg823uiyuTkm02AHA@mail.gmail.com> <21527.63989.999440.801542@fireball.kivinen.iki.fi> <CAL02cgQKfQr_dQ=0-oY19G4rmYL3928UWFLBfhDAyspwMU7W9g@mail.gmail.com> <21529.16232.880915.215045@fireball.kivinen.iki.fi>
Date: Wed, 17 Sep 2014 09:24:25 -0400
Message-ID: <CAL02cgSRmP+iRYqTPUdcgTipeDw1H8TdF3AMP-ORSqOwiWJEcQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary="001a11c2672a6d927d050342c988"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/TB-AMsVlIpdxtqJz5B6G5lY0Smw
Cc: "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, Mike Jones <Michael.Jones@microsoft.com>, "iesg@ietf.org" <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature.all@tools.ietf.org" <draft-ietf-jose-json-web-signature.all@tools.ietf.org>
Subject: Re: [jose] Secdir review of draft-ietf-jose-json-web-signature-31
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2014 13:24:30 -0000

On Wednesday, September 17, 2014, Tero Kivinen <kivinen@iki.fi> wrote:

> Richard Barnes writes:
> >     Perhaps, but is there benefits for leaving the alg without
> protection?
> >
> > Simplicity (if you omit protected headers altogether), and
> > compatibility with other signed things.  In the sense that you could
> > transform one of them into a JWS without re-signing.  This would
> > apply, for example, to an X.509 certificate -- just parse the outer
> > SEQUENCE, and re-assemble into a JWS with the tbsCertificate as
> > payload.  Same security properties that X.509 already has.
>
> Ok, having this kind of information somewhere in the draft would help
> to understand the reason. Also having text explaining that is
> possible, and that the security properties of this option (i.e. no
> problem with PKCS#1, etc... the text you had in the other email).
>
> > It's also completely unnecessary for PKCS#1 signatures, which are
> > the dominant use case today.
>
> I agree.
>
> > In general, I'm opposed to protocols baking in more
> > application-specific logic than they need to.  The point of JOSE is
> > to describe the cryptographic operation that was performed, and
> > carry the relevant bits around.  Its job is not to fix all the
> > weaknesses that every algorithm has.
>
> Yes, but this property might have security issues, so they should be
> covered by the security considerations section.


I'm perfectly happy to have it documented in the Security Considerations.

Mike: Should I generate some text, or do you want to take a stab?


> --
> kivinen@iki.fi <javascript:;>
>

v2.23.0 | Report a Bug | By Email