Re: [jose] Using Jose as an encrypted document container.
Phillip Hallam-Baker <ietf@hallambaker.com> Thu, 29 December 2016 19:26 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D1E2129494 for <jose@ietfa.amsl.com>; Thu, 29 Dec 2016 11:26:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vhyn0GxDWAAU for <jose@ietfa.amsl.com>; Thu, 29 Dec 2016 11:26:45 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB7D129426 for <jose@ietf.org>; Thu, 29 Dec 2016 11:26:45 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id a197so308686930wmd.0 for <jose@ietf.org>; Thu, 29 Dec 2016 11:26:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=heVHh60JbIEak9BgByeFD9ns+vtrUys+YsvgkuZGydY=; b=KihjCDRvXC8z9PrGjK2QGevpLcuAE8J0mS7WvIN7BpJfyssbB+xyEVZidYZbf2ccIc cwTzplb6Qu2LR9OGrFWe4QJtxronI7aYN19eP3c5K2QEzkg0rgWFYCIUfeM2GHfwUX0o LTYo6mccD1YkJlZ2Y2C/4TgnKRyXoOD2hPZM/b22UofNzOjXgvHai3TCvJm96WcQ9aBq dr2ZimCaKJJC55ofb9et6BR/FVqWM1bc1Ovs/XXsF6WqH5HjUtmsedOFczhDP3P32+KA N18VtFJ1kqq9DnYeqoasSjD9TxRP54xN2nVwCQthGkbioYZjZF8DLO83YJNoTD0weR9N 5WGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=heVHh60JbIEak9BgByeFD9ns+vtrUys+YsvgkuZGydY=; b=Sur3drz+fq4DrOQOcylYdxSnynSt9ChX28jbUHH4fFwslS0CICmwcpEpbXNUqNvTmT csALBU3kDPaEGcgYjCptt9PQgBY8ClIMhykMi/vbMrE7uQOFfGtLQMH57yIl4fSnrCfp 3Ee/4rM97zlK7Dxs7YR3ElUX9mWZEu8a10EIOVRNlXzMSqT6+T0rG7JHyibopQ/8Qqhg cyGjMMuOz3SEaCTlabvKrsC49AvlYeqNTIB15RMZyUFzcYprKDhqNz4oO6yL3G0spo9D G+2HHMz2fp7dZ6Py9EDIZVbQHcsbtA8oYt3hZG5WTb6rtn04eA/rIwNIwQyRVuW4j0Zy d6Lg==
X-Gm-Message-State: AIkVDXIRStCykYdKAq2kaEk3OLB3FThonh9NhlhJ3Mwd/HmSAPpEUy63IjLCUX+Zj2g090QhNGIJPoBVJZ9YWA==
X-Received: by 10.28.211.72 with SMTP id k69mr35539331wmg.137.1483039603713; Thu, 29 Dec 2016 11:26:43 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.83.101 with HTTP; Thu, 29 Dec 2016 11:26:43 -0800 (PST)
In-Reply-To: <fba72d5e-8e55-ee9d-a17d-ca2cc3b92112@gmail.com>
References: <CAMm+Lwiq-pJb3n=_y_o6fbszhvrbeRXTYKCVN6GTv+uOfxSQsw@mail.gmail.com> <fba72d5e-8e55-ee9d-a17d-ca2cc3b92112@gmail.com>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
Date: Thu, 29 Dec 2016 14:26:43 -0500
X-Google-Sender-Auth: 06W_CA5j9lCF5afqSstlmH_h7Mc
Message-ID: <CAMm+LwjVb7L3G56_x1jFaeaK6Eanea6N7tznJ4L5OsOCk6VaoA@mail.gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Content-Type: multipart/alternative; boundary="001a11470106c46d900544d11074"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Z8v9jazNlOvup998KKdaRr6XiKA>
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Using Jose as an encrypted document container.
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2016 19:26:47 -0000
Well 'can be' is one thing. There has to be one single way to do a thing to have a standard. I want streaming on the read and write sides which means some sort of sequence being enforced. That could mean using the log format or extending JSON. Right now, I an tending towards extending the encoding. On Thu, Dec 29, 2016 at 8:33 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: > Hi, > > JWS JSON can be streamed on the write side, we support it (though I > haven't looked yet at streaming JWE JSON). I recall asking about a possible > streaming support on the read side too but for JWS/JWE JSON the order of > the elements is not fixed so streaming on the read side would be difficult > to achieve. > > Base64 encoding can be disabled for JWS JSON. > > Cheers, Sergey > > On 28/12/16 21:33, Phillip Hallam-Baker wrote: > >> I am currently looking at using Jose as the basis for a CMS-like >> document container. This is to support the use of proxy-re-encryption to >> enable true end-to-end Web security. By which I mean that the content on >> the site is encrypted. >> >> To meet these needs I need to modify Jose to support the following >> additional requirements that the RFCs currently don't. >> >> 1) Single pass processing for encoding and decoding operations. >> 1a) Bounded state >> 1b) Support streaming, i.e. length not known in advance >> >> 2) Reduce complexity and number of options. >> >> 3) Efficient encoding of bodies, i.e. no Base64 overhead. >> >> >> On the single pass processing, the main change I have had to make is to >> add in an unprotected header to announce the digest function to be used >> for the signature calculation: >> >> "unprotected": { "dig": "S512"} >> >> This is straightforward but requires that a document that is signed with >> multiple keys be signed using a single digest. So it might well be >> better to have two entries for signatures, one at the start listing the >> set of signing keys and then a second one at the end with the actual >> values. >> >> >> To reduce complexity, I am using UDF identifiers as the sole key >> identifier mechanism. Using a single identifier for keys at every stage >> in a system really simplifies everything. Using fingerprints of the >> public key guarantees each key has one identifier. >> >> I am also removing as many options as possible. Having a 'simplified' >> way to do something only makes the code more complex because now there >> are two choices to encode rather than one. >> >> >> The big problem I am having is with avoiding Base64 encoding of the >> message body. There are two approaches I am considering. >> >> 1) Use JSON-B >> >> The simplest way to avoid the Base64 overhead of JSON is to extend the >> JSON encoding to add code points for length-data encoding of binary data >> and strings. This is all that JSON-B is. Regular JSON in UTF8 only ever >> uses bytes with values > 127 inside strings. So all those code points >> are available as extension codes. >> >> Since JSON-B is a strict superset of JSON, it is only necessary to >> implement one decoder that will accept either as input. This greatly >> simplifies negotiation of encodings. It is only necessary to advertise >> the encodings that are accepted, a sender does not need to tag content >> to specify what was sent. >> >> The document is encoded as an array entry: >> >> [ { JSON-Header } , [ <length> <DataChunk> ] + , {JSON-Trailer} ] >> >> Pro: Simple, easy to implement if you have the tools >> Con: Everyone needs to implement the new encoder/decoder >> >> >> 2) Use JSON-Log format approach >> >> The second approach is to split the document container into three parts >> and use RFC7464 record separators to delimit the boundaries, thus: >> >> <RS> JSON-Header <LF> >> [<length> <DataChunk> ] + >> <RS> JSON-Trailer<LF> >> >> In this scheme the header and trailer blocks are mandatory and there >> must be at least one entry in the body. >> >> Pro: Can use unmodified JSON encoder/decoder >> Con: Have to wrap the result in something that isn't at all like JSON. >> >> >> One issue that might tip the choice is that if you have comments in a >> chat log, or the like, you might have a sequence of comments encrypted >> to a common group key. This would enable true end-to-end encrypted chat >> and other asynchronous messaging formats. >> >> >> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> >> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] Using Jose as an encrypted document contai… Phillip Hallam-Baker
- Re: [jose] Using Jose as an encrypted document co… Sergey Beryozkin
- Re: [jose] Using Jose as an encrypted document co… Phillip Hallam-Baker
- Re: [jose] Using Jose as an encrypted document co… Martin Thomson