IETF Logo Mail Archive

[jose] Proposed resolution of header criticality issue

Karen O'Donoghue <odonoghue@isoc.org> Tue, 12 March 2013 00:31 UTC

Return-Path: <odonoghue@isoc.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4079521F8D10 for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 17:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.82
X-Spam-Level:
X-Spam-Status: No, score=-103.82 tagged_above=-999 required=5 tests=[AWL=-0.556, BAYES_00=-2.599, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m-zb7LA-v1Jd for <jose@ietfa.amsl.com>; Mon, 11 Mar 2013 17:31:10 -0700 (PDT)
Received: from smtp176.dfw.emailsrvr.com (smtp176.dfw.emailsrvr.com [67.192.241.176]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6A321F8D09 for <jose@ietf.org>; Mon, 11 Mar 2013 17:31:10 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp7.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id CF2A32583B0 for <jose@ietf.org>; Mon, 11 Mar 2013 20:31:09 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp7.relay.dfw1a.emailsrvr.com (Authenticated sender: odonoghue-AT-isoc.org) with ESMTPSA id 9E4B3258311 for <jose@ietf.org>; Mon, 11 Mar 2013 20:31:09 -0400 (EDT)
Message-ID: <513E774C.6090605@isoc.org>
Date: Mon, 11 Mar 2013 20:31:08 -0400
From: Karen O'Donoghue <odonoghue@isoc.org>
Organization: ISOC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: jose@ietf.org
References: <513E6A73.1090403@isoc.org>
In-Reply-To: <513E6A73.1090403@isoc.org>
X-Forwarded-Message-Id: <513E6A73.1090403@isoc.org>
Content-Type: multipart/alternative; boundary="------------070907060503010507020100"
Subject: [jose] Proposed resolution of header criticality issue
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: odonoghue@isoc.org
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 00:31:12 -0000

Folks,

A side meeting was held Sunday with a number of jose working group 
participants to try to resolve the open issue related to header 
criticality. The following are the proposed resolutions from the 
meeting. Point 5 of the proposed resolution below is actually 
independent of the other 4 points, and could be considered separately. 
This will all be discussed in Wednesday's meeting.

In addition to the text below, there was some agreement to replace the 
"understand" text with something a bit more explicit like "must 
process". However, that text has not been rolled into the summary text 
below yet.

Thank you to Jim Schaad, Mike Jones, John Bradley, Nat Sakimura, Martin 
Thomas, Eric Rescorla, Matt Miller, and Richard Barnes for your efforts 
(and my apologies if I missed someone).

Regards,
Karen

1:  Change the language "Additional members MAY be present in the JWK. 
  If present, they MUST be understood by implementations using them." to 
"Additional members MAY be present in the JWK.  If not understood by 
implementations encountering them, they MUST be ignored."  (And make the 
same change for JWK Set as well.)

2:  Characterize all existing JWS and JWE header fields as either must 
be understood or may be ignored.  "alg", "enc", and "zip" must be 
understood.  "kid", "x5u", "x5c", "x5t", "jwk", "jku", "typ", and "cty" 
can be ignored because while not using them may result in the inability 
to process some signatures or encrypted content, this will not result in 
a security violation -- just degraded functionality.  Other fields such 
as "epk", "apu", "apv", "epu", and "epv" must be understood and used 
when "alg" or "enc" values requiring them are used, and otherwise they 
may be ignored.

3.  Define a new header field that lists which additional fields not 
defined in the base specifications must be understood and acted upon 
when present.  For instance, an expiration-time extension field could be 
marked as must-be-understood-and-acted-upon.  One possible name for this 
would be "crit" (critical).  An example use, along with a hypothetical 
"exp" (expiration-time) field is:

   {"alg":"ES256",
    "crit":["exp"],
    "exp":1363284000
   }

4.  All additional header fields not defined in the base specifications 
and not contained in the "crit" list MUST be ignored if not understood.

5.  Define a new header field "asd" (application-specific data) whose 
value is a JSON structure whose contents are opaque to and ignored by 
JWS and JWE implementations but for which its contents MUST be provided 
to applications using JWS or JWE, provided that the signature/MAC 
validation or decryption operation succeeds.  The intended use of this 
field is to have a standard place to provide application-specific 
metadata about the payload or plaintext.

v2.23.0 | Report a Bug | By Email