IETF Logo Mail Archive

Re: [jose] PKCS #11 for JWK

Nathaniel McCallum <npmccallum@redhat.com> Wed, 05 July 2017 13:05 UTC

Return-Path: <nmccallu@redhat.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B06131CED for <jose@ietfa.amsl.com>; Wed, 5 Jul 2017 06:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEUbdoQjcWtC for <jose@ietfa.amsl.com>; Wed, 5 Jul 2017 06:05:13 -0700 (PDT)
Received: from mail-io0-f173.google.com (mail-io0-f173.google.com [209.85.223.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79F0D1329FE for <jose@ietf.org>; Wed, 5 Jul 2017 06:04:58 -0700 (PDT)
Received: by mail-io0-f173.google.com with SMTP id z62so85243548ioi.3 for <jose@ietf.org>; Wed, 05 Jul 2017 06:04:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/Dsyx/L4cNdDFbjIqx2CGNJiAFlmmTqMFm2gdgn0vWQ=; b=lFdVptRd4Bxodcm8CidFbAfGbB1PozKDs3jVfeEo8yb8bPQEPW+gZndAByMC99+cfj HcdRdWV33g9nU3L07dHV/57mSdsX5i1z5JiDElPf+6Y2OfKQMFlrvBrjMBnCCZ9vP3FC MLXroW1vTuaq/cuenpGug7E0IM5Hp/tAVnCm3aIlDpzU9yPf4cokiSIM8RPAhaNwLzHE wqJweGyk5Dm6wmdyjwZjg4059EIxYyBVDmA3xihuQXjMa1XOR4bhpG5gbQxQx/md0yQs fnMei2KR7oEtrSKyofMRFRPqQV6l442Vh/waTq6XVZD7RaBZWoMXO19/AXVxvE0tqpIa 6kcw==
X-Gm-Message-State: AIVw111CbRII8BLotcuzrRy6DiBCGhubZP89kvRmgiCs7XGSIKKBv2vn LvqhUrsK5cvR9tlJPtZkLfTNcKwSt4g7
X-Received: by 10.107.160.202 with SMTP id j193mr13134507ioe.49.1499259897703; Wed, 05 Jul 2017 06:04:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.132.88 with HTTP; Wed, 5 Jul 2017 06:04:57 -0700 (PDT)
In-Reply-To: <1498896051.11334.78.camel@redhat.com>
References: <CAOASepNR_1XjDaCHUyLL_o63EvBcQ6L1TyeMhdUzrbmtYSWRNg@mail.gmail.com> <1498896051.11334.78.camel@redhat.com>
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Wed, 05 Jul 2017 09:04:57 -0400
Message-ID: <CAOASepOYo4hnqdFCJ5-Oxf1C5eLWj-qavQUwfXt_nG-1pZ=cMw@mail.gmail.com>
To: Simo Sorce <simo@redhat.com>
Cc: jose@ietf.org, Nikos Mavrogiannopoulos <nmav@redhat.com>, Daiki Ueno <dueno@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/WgjELtwcNunqaujVD6Cw_KiWONQ>
Subject: Re: [jose] PKCS #11 for JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 13:05:15 -0000

On Sat, Jul 1, 2017 at 4:00 AM, Simo Sorce <simo@redhat.com> wrote:
> Later on you talk about performance penalty and say:
>
>    Implementations SHOULD perform public
>    key operations, such as asymmetric signature verification or
>    asymmetric encryption, without using PKCS #11
>
> I think this should be at most a MAY. If I wanted to be more pedantic I
> would say you should take in consideration there may be PKCS#11 modules
> that are already smart enough to implement such functions in software
> so that they do not incur in performance penalties, so the whole this
> would have to be wrapped in something like:
>  "If the PKCS#11 implementation perform public key operation in hardare
> that may result in poor performance then implementations MAY perfrom
> public ..."

I did some reflection on this over the long weekend. If we wanted to
support offloading public key operations to PKCS #11, we'd need to
have a "p11pub" JWK property which defines the URI to the public key
to perform the operation on. This duplicates the existing public key
information in the JWK.

We could allow three modes:
1. pubkey-only; no PKCS #11
2. URI-only; PKCS #11
3. both; optional PKCS #11

In mode #3, there is a possibility for public key mismatch. However,
no attacks exist which don't also exist for mode #1.

My worry is that this is a lot of complexity for minimal gain. JOSE
implementations already have to support #1. At best, mode #2 is going
to be as fast as #1. I just don't see any compelling reason to support
public key URIs. Do you?

As an aside, I do see value in exporting X.509 material from
certificate URIs and placing them in the already established JWK
parameters. However, I do not think standardization is required to
support this; implementations can do this in a compatible way without
any new RFCs once they have "p11".

v2.23.0 | Report a Bug | By Email