Re: [jose] JWK Thumbprint in JWS/JWE Header
Nathaniel McCallum <npmccallum@redhat.com> Tue, 09 August 2016 12:56 UTC
Return-Path: <npmccallum@redhat.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD5E12D7F3 for <jose@ietfa.amsl.com>; Tue, 9 Aug 2016 05:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.149
X-Spam-Level:
X-Spam-Status: No, score=-7.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jft2WuyC9vPC for <jose@ietfa.amsl.com>; Tue, 9 Aug 2016 05:56:30 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 905BF12D104 for <jose@ietf.org>; Tue, 9 Aug 2016 05:56:30 -0700 (PDT)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0B419C02738E; Tue, 9 Aug 2016 12:56:30 +0000 (UTC)
Received: from vpn-48-200.rdu2.redhat.com (vpn-48-200.rdu2.redhat.com [10.10.48.200]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u79CuSfM020659 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 Aug 2016 08:56:29 -0400
Message-ID: <1470747388.3029.2.camel@redhat.com>
From: Nathaniel McCallum <npmccallum@redhat.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 09 Aug 2016 14:56:28 +0200
In-Reply-To: <CA+k3eCRJxTb=PxSKUxkuqm9et_4FyB3DDrr6wRPFAzOrjahzEQ@mail.gmail.com>
References: <1468939736.8067.91.camel@redhat.com> <F817D984-D424-4335-BBC4-3CC88B1C8223@mit.edu> <1468944564.8067.95.camel@redhat.com> <1469120446.3182.50.camel@redhat.com> <CA+k3eCRJxTb=PxSKUxkuqm9et_4FyB3DDrr6wRPFAzOrjahzEQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 09 Aug 2016 12:56:30 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Xm0sxuTHdiKBax6vEGS-sQW3bXM>
Cc: "jose@ietf.org" <jose@ietf.org>, Justin Richer <jricher@mit.edu>
Subject: Re: [jose] JWK Thumbprint in JWS/JWE Header
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 12:56:32 -0000
The problem with the "parties involved need to know ... the hash alg" is that it makes transitions to new hashes difficult. Something explicit would be helpful. And we already have a mechanism for this (x5t). On Fri, 2016-07-22 at 07:46 +0200, Brian Campbell wrote: > There was more or less such a thing in an earlier draft (https://tool > s.ietf.org/html/draft-ietf-jose-jwk-thumbprint-01#section-4) of what > would become RFC 7638: There was some disagreement about it that I > don't quite remember the details of and it was pulled out. I think > what Justin said did come up as justification for not needing > something more explicit. If a thumbprint is used as a kid, then the > parties involved need to know that and also know the hash alg. I > realize that doesn't really answer the question but is a little > background/context. > > > > On Thu, Jul 21, 2016 at 7:00 PM, Nathaniel McCallum <npmccallum@redha > t.com> wrote: > > Specifically, I'm thinking of the problem of validating a > > thumbprint. > > > > The RFC does not define a hash function. Nor does the output format > > contain a hash function name. > > > > So if I hand JWK to an entity, how does that entity validate that > > the > > thumbprint in the kid is actually a valid thumbprint and wasn't > > modified? I supose the entity could try all its supported hash > > functions; but that seems a little heavy handed. > > > > The existing kid could be used with contents like: > > <hash>.<thumbprint> > > > > Alternatively, RFC 7517 uses the x5t and x5t#S256 variants. This is > > precisely why I wondered about a thumbprint specific attribute. > > Something like thp and thp#S256 would make this explicit. > > > > Thoughts? > > > > On Tue, 2016-07-19 at 12:09 -0400, Nathaniel McCallum wrote: > > > Has there been any talk about using a prefix to specify the hash > > > algo? > > > > > > On Tue, 2016-07-19 at 11:24 -0400, Justin Richer wrote: > > > > > > > > This was discussed on the list a while ago, and the thought was > > > > that > > > > you could easily use the JWK thumbprint *as* the “kid” value > > > > instead > > > > of defining a new field for this use case. The header values > > are > > > > protected by the signature in the normal (compact) JWS/JWE > > formats, > > > > and ought to be protected in the JSON representations too for > > > > exactly > > > > the reasons you’re talking about. > > > > > > > > — Justin > > > > > > > > > > > > > > > > > > > On Jul 19, 2016, at 10:48 AM, Nathaniel McCallum <npmccallum@ > > redh > > > > > at > > > > > .com> wrote: > > > > > > > > > > The JWS and JWE specs defined the "kid" header value that can > > be > > > > > used > > > > > to identify the key used for signing or encryption. > > Subsequently, > > > > > the > > > > > JWK thumbprint method was defined. > > > > > > > > > > Has anyone put any thought into registering a header value > > for > > > > > JWS > > > > > and > > > > > JWE headers that indicates the thumbprint of the key used for > > > > > signing > > > > > or encryption? This would be very helpful for key indexes > > > > > especially > > > > > when using unprotected headers since the value of "kid" might > > be > > > > > modified. > > > > > > > > > > _______________________________________________ > > > > > jose mailing list > > > > > jose@ietf.org > > > > > https://www.ietf.org/mailman/listinfo/jose > > > > > > > > > > _______________________________________________ > > > jose mailing list > > > jose@ietf.org > > > https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > > >
- Re: [jose] JWK Thumbprint in JWS/JWE Header Nathaniel McCallum
- Re: [jose] JWK Thumbprint in JWS/JWE Header Sergey Beryozkin
- Re: [jose] JWK Thumbprint in JWS/JWE Header Nathaniel McCallum
- Re: [jose] JWK Thumbprint in JWS/JWE Header Sergey Beryozkin
- Re: [jose] JWK Thumbprint in JWS/JWE Header Brian Campbell
- Re: [jose] JWK Thumbprint in JWS/JWE Header Nathaniel McCallum
- Re: [jose] JWK Thumbprint in JWS/JWE Header Nathaniel McCallum
- Re: [jose] JWK Thumbprint in JWS/JWE Header Justin Richer
- [jose] JWK Thumbprint in JWS/JWE Header Nathaniel McCallum