IETF Logo Mail Archive

Re: [jose] #26: Allow for signature payload to not be base64 encoded

John Bradley <ve7jtb@ve7jtb.com> Wed, 03 July 2013 21:25 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 222D511E80EA for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 14:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogXUw6IvIxrS for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 14:25:22 -0700 (PDT)
Received: from mail-ie0-f173.google.com (mail-ie0-f173.google.com [209.85.223.173]) by ietfa.amsl.com (Postfix) with ESMTP id 4E19511E80EE for <jose@ietf.org>; Wed, 3 Jul 2013 14:25:22 -0700 (PDT)
Received: by mail-ie0-f173.google.com with SMTP id k13so1661304iea.18 for <jose@ietf.org>; Wed, 03 Jul 2013 14:25:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=E5eN2/nMazRZUiaV2wGc5KAJdPn4zf8RmHHROklWQaI=; b=VUViF0HCGNxRo8UEupQgnpHTD9hFBvT9dh4d9rq5+u67fBMxf1LiZ+fpH+2X93jI4N n2R20PaHPAi4NGsWbAmH4n4jEYJzg/5kijRZm5niE3cn/82bHoDbL1ChVjeSafXQHC22 FvL40Af4Ejzx3XROhh4imUN12aXdfUh8IjYsEupAg/xnb6BWqeHPUBvJPgMucbvz6Dem WqcffILcnT3funlE7o6AaJonItaqyiR77v5LfmdKZ5uzwfSsf1ahIj7/wOoGMMJ/YP8r O0YusYSltowbItHcLHUrfT022by3zQiGXsLktnVDWeweTY63WeAn425OoN3I0tcgvxWB /NGg==
X-Received: by 10.50.1.20 with SMTP id 20mr25401710igi.56.1372886721525; Wed, 03 Jul 2013 14:25:21 -0700 (PDT)
Received: from [192.168.1.216] (190-20-22-133.baf.movistar.cl. [190.20.22.133]) by mx.google.com with ESMTPSA id vc13sm25628700igb.1.2013.07.03.14.25.09 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Jul 2013 14:25:19 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_1F8EDA90-7FD3-46CC-B3E1-EE39C6D38319"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAL02cgSEbk9OQ6ZJMnpXCdi9Tt7fLrFpwmLPAZYpx-MzVzNKRg@mail.gmail.com>
Date: Wed, 03 Jul 2013 17:24:59 -0400
Message-Id: <612E223E-64FA-44BC-9291-58FF7434BFF6@ve7jtb.com>
References: <061.c2fcfec0a75d48eb8b194991ce56157e@trac.tools.ietf.org> <076.3f5d1244c042cd87bfb07814924fcbc9@trac.tools.ietf.org> <033a01ce729b$26bc3910$7434ab30$@augustcellars.com> <51CBA981.4050006@nri.co.jp> <048f01ce7355$19f05bc0$4dd11340$@augustcellars.com> <4E1F6AAD24975D4BA5B1680429673943678A0114@TK5EX14MBXC283.redmond.corp.microsoft.com> <04bf01ce7359$5ab862c0$10292840$@augustcellars.com> <CAL02cgTkUrQptGqOfQyhCembS1e3Qxw3peRFnO5QjswUW=XR-w@mail.gmail.com> <CAD9ie-sZ+w_HADMTnnkTC8XRJmjZvwYOmA+AhvJGTNPhhK=Z4g@mail.gmail.com> <CAL02cgQbAQ8zhumdR_uvXjhbZM0iXpfPnmgcJrMUuh4+bj11NA@mail.gmail.com> <CAD9ie-sBGnv5QbjFeQiXiMJ0Git06LPsAkoNeN7KZxRNqukv3w@mail.gmail.com> <CAL02cgSFjiBUECdUoVbArdszRCPgsfLX_Yr11zDUjrrX3RTPaw@mail.gmail.com> <DED9A23D-E0C9-4498-B894-D2A461EA67C1@gmail.com> <CAL02cgQ2kiYJb2ucQLLHbYrQNg7_1nvuBoqyZKqWZiZoEmcjZA@mail.gmail.com> <CAD9ie-vs_Rv1bQFV6r-viNd9CLLOhY6Ty23PaJM7HQPGYu3ZEA@mail.gmail.com> <CAL02cgSEbk9OQ6ZJMnpXCdi9Tt7fLrFpwmLPAZYpx-MzVzNKRg@mail. gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1508)
X-Gm-Message-State: ALoCoQm9KttHxuBRMYWlzayr/KdQjw2V/i9ocGkkKkodnr69LIlyztkgbv4xFdmUCBZwiM5bquby
Cc: Dick Hardt <dick.hardt@gmail.com>, Jim Schaad <ietf@augustcellars.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, n-sakimura <n-sakimura@nri.co.jp>, "draft-ietf-jose-json-web-signature@tools.ietf.org" <draft-ietf-jose-json-web-signature@tools.ietf.org>
Subject: Re: [jose] #26: Allow for signature payload to not be base64 encoded
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 21:25:27 -0000

For a JWT the content is a JSON object.  For JOSE that restriction doesn't apply, and the content could be any binary data.  That is one of the reasons people want to put additional JSON in the envelope as they may not be able to that easily as part of the body.

Just for the record I am one of the people on the side of integrity protecting headers unless there is a strong reason not to as is the case with multiple recipients and counter mode encryption.

John B.

On 2013-07-03, at 5:15 PM, Richard Barnes <rlb@ipv.sx> wrote:

> On Wed, Jul 3, 2013 at 1:55 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
> On Wed, Jul 3, 2013 at 9:04 AM, Richard Barnes <rlb@ipv.sx> wrote:
> On Tue, Jul 2, 2013 at 8:14 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
> Hi Richard, thanks for the example, some comments and questions:
> 
> To clarify, in the JSON (non-compact) version, the payload is restricted to being a string? ie. it cannot be a JSON object? If so, that seems really limiting.
> 
> The payload can be anything that can be expressed as a JSON string.  The payload needs to be serialized, not as a JSON entity (object, array, number), because it's going to be input to a signature verification operation (so it needs to be canonical).  Every JSON string has a unique representation in UTF-8, so we can use that for anything that can be put into a string.
> 
> So it is just a string that has had control characters escaped (",\,/,backspace, formfeed, newline, carriage return, horizontal tab)
> 
> This is in sharp contrast to the compact form that takes a JSON object.
>  
> I have a hard time understanding how this even fits into the WG Charter as your proposal is not transporting JSON. (yes, a JSON string is part of JSON, but it does not have the value proposition that a JSON object has)
> 
> Am I missing something?
> 
> -- Dick
> 
> Yeah, I think you might be a little confused.  Right now, the payload can be any octets -- JSON, UTF-8, EBCDIC, JPEG, QuickTime, whatever. That's true for both the JSON and compact serializations. And that's why in general, the payload has to be base64-encoded to be able to carry it in JSON.  
> 
> This proposal is just saying that when you have content that can be represented as UTF-8 (e.g., JSON or HTML), you don't have to base64 encode it, you can just stick it in a JSON string.
> 
> --Richard
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.36.0 | Report a Bug | By Email | System Status