Re: [jose] WG Review: Javascript Object Signing and Encryption (jose)
Michael Jones <michael_b_jones@hotmail.com> Wed, 06 December 2023 00:41 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7706C14CEE3; Tue, 5 Dec 2023 16:41:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.234
X-Spam-Level:
X-Spam-Status: No, score=-6.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEefJO-XxVrv; Tue, 5 Dec 2023 16:41:35 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2016.outbound.protection.outlook.com [40.92.22.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 228A7C14CF0D; Tue, 5 Dec 2023 16:41:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CmTysKp6bhGLXxrwgBDYRzRFRVFr0XxAMfh3SZU0VzgTALZ4QBHX3dXNezV+Y1ujY1TjZkau5lWpxBN01TRa3EPHwxRm9NW6lEe82LGMztcY8F3+3z1UjvBDVzjS0d093pK4iOnV7BeRZeZdlP9itRXLl+wVhUDSESBUtBNUagUWYTCD1eVrO7QXclcGk4pM+1Ly6OsWh27aYsVQSMI5cYA5NvilBnUsmYx6j/brAjKJ0mdvFpxKqpFuH+BKDz2NIHY99jb5SE9t8pDeAKD82ZbPGCqyJt0fDHv91oz5g4+/3TqIHz/npPjbOuYsSXnSNl2CRrE2CK9opETGD7FBwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=st3Q+9eqaHap6Mqg/LBbeX68/GtutBsJdTx9zBfSIfo=; b=Sr/5cAWs75Eo/xzkAOd2wsKx96iPblrgAO5PJZRtY1Ho5lU/qnVqYkGAtbbbdhbfCjFbv0wHqR+eIxYRNSURERN0NfxPRFoRYMvlAftDfZrQ/Wh15PYytP+Yhj8a1u4KIodnPSrHfWGBOPcwdVHecckm8NyUv7JtAC2o/aizAPUadNvFJyn/vDfM4hcMK56NgnXFaP8TAxJUg/gDhL0FOYP1d0AAtvfKJb5/8OVyGv2w0bRBdCph/+kKmMETUrvGnPNselfpjfvnrru2noldkRv0GSEtO0CPW/tL82xJ4q3CUxUCegAO0QpXH+uHDM0R8zj8seSXKlO3B+bPHl7WXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=st3Q+9eqaHap6Mqg/LBbeX68/GtutBsJdTx9zBfSIfo=; b=YpS/FYyhRQi/Ei6e6TKMTiRmd/GrGZnCSPXsAM2EZAERoQ69Nnc+hlvchyx9oed8yVmVMpQO74AMw8R7cu8fdInSY8eIpsYkV0zmJKz1uwkZwOqnAKppkPqqEUsXSRoXvge7lZPGlkKLRtjExrZYxx1v8m1kv6jn8R4WNufsDAB+gUPWHH4vycNf0ViIc+tb2F89UxoIMnS3++HWTKoZN/nPnxCovBxb0Txr5O7b17SpRpBrbuwlEEumZn4MSqY4y0AdxfIqHeUaGRpaayGjsIC1SHCZcxuYKx0cwQNOTP1VNRl2OPJdTj53uUUSifIU5e77nOd68K5bOF9d017ekw==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by MW6PR02MB9766.namprd02.prod.outlook.com (2603:10b6:303:248::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.34; Wed, 6 Dec 2023 00:41:15 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::38a6:2b20:d72f:21cb]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::38a6:2b20:d72f:21cb%7]) with mapi id 15.20.7068.025; Wed, 6 Dec 2023 00:41:15 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "iesg@ietf.org" <iesg@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
CC: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] WG Review: Javascript Object Signing and Encryption (jose)
Thread-Index: AQHaJ89XJRZdGHrZjE+7GtrRASCED7Cbagtw
Date: Wed, 06 Dec 2023 00:41:14 +0000
Message-ID: <SJ0PR02MB7439D31C43E0D0FAA3420EB5B784A@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <170181735611.36415.15758124217867977741@ietfa.amsl.com>
In-Reply-To: <170181735611.36415.15758124217867977741@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [Z/9GC8PXJ5Wb5l4l5tWTTB0b2JgGjKWxqanFg9QNfD/d37ci14wyRhIfeM2FdnFH]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|MW6PR02MB9766:EE_
x-ms-office365-filtering-correlation-id: 80a76f23-a875-43aa-12e6-08dbf5f40d69
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qtU8hLnvo24ayhosC+pog16rX4TjJvvBFwfC+Kepmis48d8RBfqBnfh2hrSndFjdzeD9YHkNFAgN2J95G2r53IZXpFfImhQS6PQUgSRB+4PW3J6XGrcr8kig1mMXHTOTWa+FEFAAvBsX3JJ0n923h/r4bIsKh+qKGlEQmwz/ElPxr+WFONt3DKzvi3nS0afIMu0eruDHavlRoq+GmZOD5evrbC4XlPCrCjgSwCR39mvNPPxn+PQeKl0jY8G2CO8cXtMuHmi0dyv2VaGF6N5dPsikeNfvYfyXrB4fOmcG1F3UAF8ldgv8zro9s1A3tPwZRDJFdv4NQnu3F0tgakJtktGsyIK6jSe2oIzl5Y3JLWoOzr3SwAhbvPeg1zCZNQIrUBBfQoYQZ/E/Gz4xORgsBGKNQk9WYMuHM58wr1hm9uM3SBIcyPVZS9XLDpXziT+bXcOTl/XHP92O1bzaxTixOztBcDEHCvvrC//D/q4HY3O1ZQCk5WmA/RcgqB7OQmoK8pWgV3RdY2/Va+3YUpe4o7P9H798jTjQ2X3rlddz6Gy4AUsqKbVA93Lngfi+v8m48oQanymKsxe1QZipkP85Vl5aKRuKThXL/LbmT83SYQKTEtaPHY1Nhj0TuA3a4BkMfLvMDaNH/PLh2jsXuykyzQ==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vD0M6T0H660ZfCq/QZZ8/X0Ka0jY64unX8eGj6h3TJRBO5va/twsT5jEVpQPWIxsCOoUomZzwP8mZZMKb5MPYQpkvQ3nhWm5/kXXP6n1/5+BR3MkF62kegIa8K1PqSKFz9O0foKHpTHzEy6FZBtxSYxKT3ND7ShuFeSX0uDY03euFAqQ0HpDw0XaF3GgEHqzH6u05I39Z+xtrJeQAoId6h2lnod4x6cEBQmjcyTQK5DOaS+v0ttOssePuEqEvn/RHCIhGndKT3zo6OCF/nR9NO8jZ0Ot3IccmezSWIstKGdDmKN+MR88ZiUKCpkoWARqZbSG+CuOnSzOq8Xv55WzJWBC7hiBufDuOlSY9S1jyuAoYPCnAv1y9IEHZ+/TRXoEJNbTzZv4BEAlO7wujO5/7fQnwZy/x01JGsEbHR2Ka7yQy685YTYw18KHbVR08Z2rzr5owx8NQy9Kgjz+MCYHXX3GywTKjfYNnvFelWvL7zOG7TleRY9uAxfLNffwLh6QSZwVh0Nz8LHJvyXKaojm53NeYZSYFCf1OJI8DIStybxOh0QQwezjUV49Vv0iubafYwkJkNIG/19Atw+XGtrZcRaKee39R78sIJAlZ1XkspBQpQOjtUuvhrY/wsARPavoVoitit/7Dzb1SMtybNiJrPgTHfhuoTbecFFpLf6B40mnzW9Ix/mmlWC2+40wIlM5ChXIX1W1xIT8BUnEOu2xbZDi5Lc3/NbEK/VpWipjEtXfyd/VUSSsT7Kp7/1IG48O6F9o44jVSUOSATYJT7sRySyOZmxXaapNPa3v9wG3S1yHS1ocdzo69ladUEg2j4DW5PE9xiHh3Xnt6L0riID+NFLVm4YlHa6tCM1qP8SS/0g/sXytdmSBqbCfWYPeL5ZdmwnB6fGLq8HsF4OgFLxvfdwKOA3HQMn4Meoia9Qtf41eiGSKwIzcHBSWO8Mcz7kJQOtHgVb+epfqWuLBU9l8r5XQh2fBYNKFXM7w5NSFYKzGhf8XPDZRYsxGizELbqjv1Qn4An0h2tGLcvTVujEW2d6iwEn3+t9l5YxOt7JN+hDt0a331R6nMuXHP+AbJYYq5um7BmrSDYCGTTv4kTMHSh01crX4CxkbEXluwSz5UUggdegqjGy2urHNOoYK+aFnKi6uNMUA2Wi2UKdLI93PkZVsikyopR7lSHUef8wHVXEsI5g+qqVq5hZm3iaMVDESL6BwPbaoxbV3Cw5blZrNKbf/mH9spziQbgWmeABU0TnvcyEevNjGmUh4uXmzYO76seYhfyP8smThHbFwo6vp7aVMrFrKCykSQ5wcwQ3VVxg=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-3d941.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 80a76f23-a875-43aa-12e6-08dbf5f40d69
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2023 00:41:14.8398 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR02MB9766
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ZV-vIqkNzUW7tqUHyejqC6cGsn0>
Subject: Re: [jose] WG Review: Javascript Object Signing and Encryption (jose)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 00:41:39 -0000
This looks good to me. Thanks, Roman.
-- Mike
-----Original Message-----
From: jose <jose-bounces@ietf.org> On Behalf Of The IESG
Sent: Tuesday, December 5, 2023 3:03 PM
To: IETF-Announce <ietf-announce@ietf.org>
Cc: jose@ietf.org
Subject: [jose] WG Review: Javascript Object Signing and Encryption (jose)
The Javascript Object Signing and Encryption (jose) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2023-12-12.
Javascript Object Signing and Encryption (jose)
-----------------------------------------------------------------------
Current status: Active WG
Chairs:
John Bradley <ve7jtb@ve7jtb.com>
John Preuß Mattsson <john.mattsson@ericsson.com>
Karen O'Donoghue <kodonog@pobox.com>
Assigned Area Director:
Roman Danyliw <rdd@cert.org>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Paul Wouters <paul.wouters@aiven.io>
Mailing list:
Address: jose@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/jose
Archive: https://mailarchive.ietf.org/arch/browse/jose/
Group page: https://datatracker.ietf.org/group/jose/
Charter: https://datatracker.ietf.org/doc/charter-ietf-jose/
The original [JSON Object Signing and Encryption (JOSE) working group][1] standardized JSON-based representations for: Integrity-protected objects (JSON Web Signatures/JWS, RFC 7515), Encrypted objects (JSON Web Encryption/JWE, RFC7516), Key representations (JSON Web Key/JWK, RFC 7517), Algorithm definitions (JSON Web Algorithms/JWA, RFC 7518), and Test vectors for the above (Examples of Protecting Content Using JSON Object Signing and Encryption, RFC 7520).
These were used to define the JSON Web Token (JWT) (RFC 7519), which in turn, has seen widespread deployment in areas as diverse as [digital identity][2] and [secure telephony][3].
As adoption of these standards to express and communicate sensitive data has grown, so too has an increasing societal focus on privacy. User consent, minimal disclosure, and unlinkability are common privacy themes in identity solutions.
A multi-decade research activity for a sizeable academic and applied cryptography community has focused on these privacy and knowledge mechanisms (often referred to as anonymous credentials). Certain cryptographic techniques developed in this space involve pairing-friendly curves and zero-knowledge proofs (ZKPs) (to name just a few). Some of the benefits of ZKP algorithms include unlinkability, selective disclosure, and the ability to use predicate proofs.
The current container formats defined by JOSE and JWT are not able to represent data using ZKP algorithms. Among the reasons are that most require an additional transform or finalize step, many are designed to operate on sets and not single messages, and the interface to ZKP algorithms has more inputs than conventional signing algorithms. The reconstituted JOSE working group will address these new needs, while reusing aspects of JOSE and JWT, where applicable.
This group is chartered to work on the following goals:
- An Informational document detailing Use Cases and Requirements for new specifications enabling JSON-based selective disclosure and zero-knowledge proofs.
- Standards Track document(s) specifying representation(s) of independently-disclosable integrity-protected sets of data and/or proofs using JSON-based data structures, which also aims to prevent the ability to correlate by different verifiers.
- Standards Track document(s) specifying representation(s) of JSON-based claims and/or proofs enabling selective disclosure of these claims and/or proofs, and that also aims to prevent the ability to correlate by different verifiers.
- Standards Track document(s) specifying how to use existing cryptographic algorithms and defining their algorithm identifiers. The working group will not invent new cryptographic algorithms.
- Standards Track document(s) specifying how to represent keys for these new algorithms as JSON Web Keys (JWKs).
- Informational document(s) defining test vectors for these new specifications.
- Standards Track document(s) defining CBOR-based representations corresponding to all the above, building upon the COSE and CWT specifications in the same way that the above build on JOSE and JWT.
One or more of these goals may be combined into a single document, in which case the concrete milestones for these goals will be satisfied by the consolidated document(s).
The JOSE working group will also maintain the JOSE standard and facilitate discussion of clarifications, improvements, and extensions to JWS, JWE, JWA, and JWK. The WG will evaluate, and potentially adopt, proposed standard documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Potential candidates would not include national-standards-based algorithms that have not gone through a similar public review process. The WG may also publish informational and BCP documents describing the proper use of these algorithms in JOSE.
An informal goal of the working group is close coordination with the [rechartered W3C Verifiable Credentials WG][4], which has taken a dependency on this work for the second version of its Verifiable Credentials specification. The working group will also coordinate with the [Selective Disclosure JWT][5] work in the [OAuth][6] working group, the [Privacy Pass][7] working group, the [CBOR][8] working group, the [COSE][10] working group, and the [CFRG][9].
[1]: https://datatracker.ietf.org/doc/charter-ietf-jose/02/
[2]: https://openid.net/connect/
[3]: https://www.ietf.org/blog/stir-action/
[4]: https://www.w3.org/2022/05/proposed-vc-wg-charter.html
[5]:
https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
[6]: https://datatracker.ietf.org/wg/oauth/about/ [7]:
https://datatracker.ietf.org/wg/privacypass/about/ [8]:
https://datatracker.ietf.org/wg/cbor/about/ [9]:
https://datatracker.ietf.org/rg/cfrg/about/ [10]:
https://datatracker.ietf.org/wg/cose/about/
Milestones:
Jan 2024 - Adopt document registering cryptographic algorithm identifiers
that fully specify the cryptographic operations to be performed (as
proposed standard)
Apr 2024 - Adopt document describing the use of the NIST algorithm ML-KEM
in JOSE (as proposed standard)
Apr 2024 - Adopt document describing the use of the NIST algorithm ML-DSA
in JOSE (as proposed standard)
Apr 2024 - Adopt document describing the use of the NIST algorithm SLH-DSA
in JOSE (as proposed standard)
Apr 2024 - Adopt document describing the use of the NIST algorithm NL-DSA
in JOSE (as proposed standard)
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose