IETF Logo Mail Archive

Re: [jose] Proposal about the SPI proposal

Richard Barnes <rlb@ipv.sx> Wed, 27 February 2013 18:50 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F93421F8A55 for <jose@ietfa.amsl.com>; Wed, 27 Feb 2013 10:50:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.734
X-Spam-Level:
X-Spam-Status: No, score=-2.734 tagged_above=-999 required=5 tests=[AWL=0.242, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2eZ8ii9XD9dS for <jose@ietfa.amsl.com>; Wed, 27 Feb 2013 10:50:04 -0800 (PST)
Received: from mail-oa0-f46.google.com (mail-oa0-f46.google.com [209.85.219.46]) by ietfa.amsl.com (Postfix) with ESMTP id 637B321F8A52 for <jose@ietf.org>; Wed, 27 Feb 2013 10:50:04 -0800 (PST)
Received: by mail-oa0-f46.google.com with SMTP id k1so1894066oag.5 for <jose@ietf.org>; Wed, 27 Feb 2013 10:50:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=KoWLdcxt1mgApFOSXqVqlic3AAzaLQ/SxFL88tdkUhE=; b=E1VUqpaC6AHxYd2cHcoPrpWATg03djmWcz/Hw6YiYEKq+hnuEIAKWaMCQklKoWx2xX ZWyYdWNCTb+/QVRPZ/PoKVq+93MFXyjdUpazQotGRms4eG5L2k8gs95CTqWOYqlFHSgV 9wlBXd8BTY21JEayBdNJ2Vpv6OQTQBPe4H8sPx95Q9dakl4FmkK2zBm/RM03Hl7EPmaE 3QciygUcVavVUN93JDzWZIFvFWiQaCZOuy3kxG1f6J89M4a+ou0HOJCqF53JRbPeGFzY ZI8lQI2/nhyzwLnnUgd1KXyXNOaCLMoBjGVJ1UakwF3lzp7yIhxU4bx7oH67R2DD38MR TzjA==
MIME-Version: 1.0
X-Received: by 10.182.202.73 with SMTP id kg9mr3191870obc.95.1361991003886; Wed, 27 Feb 2013 10:50:03 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Wed, 27 Feb 2013 10:50:03 -0800 (PST)
X-Originating-IP: [192.1.51.63]
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436747B244@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CA+k3eCTo_=P_SQCG_ypiksVb-bfjuJ4Q9vt4r10wpuKPbFUWBg@mail.gmail.com> <1360628984.83146.YahooMailRC@web184403.mail.bf1.yahoo.com> <CABzCy2D9MVw2WTZCFn9PaQ8Mw1e2=Abguf2Q2QzuFshqJqUtZQ@mail.gmail.com> <CAL02cgRQ9nWwpUgLbx1yE_dj=kg9-L-+cJS6std53-W9Ac_CaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436747B244@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Wed, 27 Feb 2013 13:50:03 -0500
Message-ID: <CAL02cgS63UrQVvKXi46Xk3yuba84izZA=TY6OWjEdqtfaqb06A@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8f6436fcf9bffc04d6b93d33"
X-Gm-Message-State: ALoCoQlLT7oVngRAZLCdM56jr2TXBzumVh4hkxyp61GYKjrzCE4M6LZmMfMH8yMzsBDV81zGpYH1
Cc: Brian Campbell <bcampbell@pingidentity.com>, Nat Sakimura <sakimura@gmail.com>, "jose@ietf.org" <jose@ietf.org>, Edmund Jay <ejay@mgi1.com>
Subject: Re: [jose] Proposal about the SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 18:50:07 -0000

Ah, sorry I never got around to those.  Responses inline.

  - What are the security implications of repeatedly reusing the same CMK
> and IV and how can/should they be mitigated?
>

Good point.  Re-using IVs is a terrible idea.  SPI should represent some
set of pre-negotiated parameters, where the set of parameters that are
pre-set is part of the pre-negotiation.  So one application might
pre-negotiate algorithms, but pass keys in-band, but another might
pre-negotiate algorithms and keys.  (You could even envision agreeing on an
IV generation procedure...)


> ****
>
>   - Is having the absence of an “alg” field, paired with the presence of
> an “spi” field the best way to handle this?
>

"alg" is an indicator of key wrapping technique.  So if this is one of the
pre-negotiated parameters, then it should be absent.


> ****
>
>   - What are the complexity implications of having JWEs no longer contain
> a fixed set of field?
>

Very little.  SPI would add a little pre-processing to populate the missing
fields in a JWE/JWS


> ****
>
>   - Would JWSs similarly have a different number of fields?
>

Yes.


> ****
>
>   - Indeed, is the proposal even applicable in the JWS case, or does it
> only make sense for JWEs?
>

There's less of a need for JWS.  You could say SPI "1234" indicates that
I'm signing under a given 4096-bit RSA key, saving yourself hundreds of
octets.  So it would be like "jku", with fewer octets and without the
implication that you could go fetch it over the Internet.


> ****
>
>   - What are the motivating use cases for this functionality?
>

As I said before, cases where there's some out-of-band mechanism to
pre-negotiate certain parameters.  For example, the OpenID Connect
discovery process.
<
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
>



> ****
>
>   - What syntax would be used for the “spi” parameter?  Unrestricted
> Unicode strings?  Base64url-encoded byte strings?  UUIDs? …
>

Doesn't really matter.  Make it the same as "kid" (i.e., string); they're
both opaque identifiers.



> ****
>
> ** **
>
> I don’t think a number of them have been answered.****
>
> ** **
>
>                                                             Thanks,****
>
>                                                             -- Mike****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Wednesday, February 20, 2013 10:04 AM
> *To:* Nat Sakimura
> *Cc:* Brian Campbell; jose@ietf.org; Edmund Jay
> *Subject:* Re: [jose] Proposal about the SPI proposal****
>
> ** **
>
> Obviously, this will not be in a -00 draft for Orlando.  So discussion
> should continue based on the text proposed to the list.****
>
> ** **
>
> Does anyone have further technical comments?****
>
> ** **
>
> --Richard****
>
> ** **
>
> On Wed, Feb 20, 2013 at 11:25 AM, Nat Sakimura <sakimura@gmail.com> wrote:
> ****
>
> ditto. ****
>
> 2013/2/11 Edmund Jay <ejay@mgi1.com>****
>
> +1 for new I-D.
>
> ****
>
> ** **
>  ------------------------------
>
> *From:* Brian Campbell <bcampbell@pingidentity.com>
> *To:* "jose@ietf.org" <jose@ietf.org>
> *Sent:* Fri, February 8, 2013 3:01:51 PM
> *Subject:* [jose] Proposal about the SPI proposal****
>
> ** **
>
> Maybe this was apparent from my comments/questions on the SPI proposal
> over the last couple days[1] but I have concerns that run the gamut from
> operational complexity and fragility to security problems. I believe
> strongly that, without considerably more analysis and specification detail,
> the current SPI work is much too risky to consider go in the current base
> JOSE WG drafts.****
>
> As an alternative I'd like to request/propose that the SPI stuff be
> submitted as new I-D to help facilitate that additional discussion and
> analysis that I think it needs.****
>
> ** **
>
> Thanks,
> Brian****
>
>
> [1] http://www.ietf.org/mail-archive/web/jose/current/msg01500.html****
>
> ** **
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
>
>
> ****
>
> ** **
>
> --
> Nat Sakimura (=nat)****
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
> ** **
>

v2.23.0 | Report a Bug | By Email