IETF Logo Mail Archive

Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

Brian Campbell <bcampbell@pingidentity.com> Thu, 29 August 2013 17:07 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678D311E8131 for <jose@ietfa.amsl.com>; Thu, 29 Aug 2013 10:07:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.848
X-Spam-Level:
X-Spam-Status: No, score=-5.848 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Bk7jxbWzEmt for <jose@ietfa.amsl.com>; Thu, 29 Aug 2013 10:07:10 -0700 (PDT)
Received: from na3sys009aog108.obsmtp.com (na3sys009aog108.obsmtp.com [74.125.149.199]) by ietfa.amsl.com (Postfix) with ESMTP id C37C511E812B for <jose@ietf.org>; Thu, 29 Aug 2013 10:07:02 -0700 (PDT)
Received: from mail-ie0-f178.google.com ([209.85.223.178]) (using TLSv1) by na3sys009aob108.postini.com ([74.125.148.12]) with SMTP ID DSNKUh9/ogKvKlQ5mFwE9mbDa65wPfzT1YO7@postini.com; Thu, 29 Aug 2013 10:07:02 PDT
Received: by mail-ie0-f178.google.com with SMTP id f4so1187338iea.23 for <jose@ietf.org>; Thu, 29 Aug 2013 10:06:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=H3YLFIvwwYW30Cih6Uy+x0eTAEVLci9r+MuV9rRnjS8=; b=Tf1ho56LdlAvjzt0PI5R3CrO+qhS1wviGY5z7Py6PbXCC1ry+75sOm+EVz704QViU8 FnPVzo30HMnTpMqhoPd6t39yhH/ToXIO0yKVLmdrbKDDu3WxjgkWAKREIL9mMLGN8Upl aj1j8MpI4Mc1FLMOSE52ksEKyNkCYGLOdcrY0spgxxmxPLGckDf2R0Ahet1J9ejGE1XU nkDqRJVe2AY8FXplK+UUSCo6+OoE0w/c6iDYeU0t1+6kuGESoPQu0ut/q2nh87hJ7ZIm G3lPAE4sApE8oLY93oZFjB6xsW8wlXDYdqENA4zHRxXpO5WJ5pMAI4roqzCeEXu1u82A d6dg==
X-Gm-Message-State: ALoCoQkz4KYO5ilsX2Az680UYUuccehpfk+D57Gboh/i8bLX5spWLPwFQ6GZZHJyMciJi6mnsbFCx9BiZWgLm8UHwd+wvQAIjBZKfxJEJ4sCmbTU9XmMXSmZBgFXRXicPszOBty5ekVwJtrenDL6TMGKHU/Q3OPXFw==
X-Received: by 10.50.20.195 with SMTP id p3mr2880594ige.26.1377795992313; Thu, 29 Aug 2013 10:06:32 -0700 (PDT)
X-Received: by 10.50.20.195 with SMTP id p3mr2880583ige.26.1377795992211; Thu, 29 Aug 2013 10:06:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.183.133 with HTTP; Thu, 29 Aug 2013 10:06:02 -0700 (PDT)
In-Reply-To: <1377727351.405.YahooMailNeo@web184404.mail.bf1.yahoo.com>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org> <1377727351.405.YahooMailNeo@web184404.mail.bf1.yahoo.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 29 Aug 2013 11:06:02 -0600
Message-ID: <CA+k3eCRdHYNN6+dZBUwJHZ4eXfNx2CtjdZd1JNJ7DpsF+7TwMQ@mail.gmail.com>
To: Edmund Jay <ejay@mgi1.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: Mike Jones <Michael.Jones@microsoft.com>, Justin Richer <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2013 17:07:17 -0000

Concern about accidentally leakage is fair but I don't see that
rearranging things makes any practical difference. It would break
things though, which is something I'd think the WG should try to avoid
at this point without really compelling reasons to do so.

On Wed, Aug 28, 2013 at 4:02 PM, Edmund Jay <ejay@mgi1.com> wrote:
> +1
>
> It's apparent from the current format whether an asymmetric key is public or
> private. Adding another element just causes extra checks on the format.
>
> ________________________________
> From: Justin Richer <jricher@mitre.org>
> To: Mike Jones <Michael.Jones@microsoft.com>
> Cc: "jose@ietf.org" <jose@ietf.org>
> Sent: Wednesday, August 28, 2013 12:53 PM
> Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing
> representation of private JWK fields
>
> If the leak is going to happen, it's not going to be on part of the JWK
> object or JWK set, it's going to be on the whole thing. Stuffing it into a
> sub-object isn't going to make it any safer in practice. If you want to
> generate a public key from a public/private pair, you could argue that it'd
> be simpler to have an outbound thing filter out just the ".private"
> sub-object as opposed to having something key-specific, but I think the
> latter is actually more robust against different key types since it enforces
> a per-type evaluation of what's "public" and what's "private".
>
> I agree with Mike's contention regarding symmetric keys, below -- it's
> tricky though. In the Nimbus-JOSE-JWT implementation of JWK we've taken the
> approach of saying that the "public" version of an OctetSequenceKey is null.
>
> Parallelism on the keying material overall is a good thing though, so I'd
> prefer to leave it how it is.
>
> -- Justin
>
> On 08/28/2013 03:40 PM, Mike Jones wrote:
>> This is a second issue in the issue tracker that I wanted to bring to the
>> working group’s attention for discussion.  My personal view is stated in the
>> issue tracker comment below.
>>
>>                 -- Mike
>>
>> -----Original Message-----
>> From: jose issue tracker [mailto:trac+jose@trac.tools.ietf.org]
>> Sent: Wednesday, August 28, 2013 12:36 PM
>> To: draft-ietf-jose-json-web-key@tools.ietf.org; Mike Jones
>> Cc: jose@ietf.org
>> Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set
>> Format
>>
>> #82: Section 6. Encrypted JWK and Encrypted JWK Set Format
>>
>> Comment (by michael.jones@microsoft.com):
>>
>> This comment is about part A of this issue - the suggestion that private
>> key material within a JWK be moved into a "private" element.  While I
>> understand the motivation for the suggestion, this doesn't seem like a
>> necessary or particularly useful change.  If an implementation leaks its
>> private or shared key information by disclosing a JWK containing it to a
>> party not entitled to have it, there's no security difference in whether
>> that information is in a top-level member or a member of a "private" field.
>> The information will have still been inappropriately disclosed.
>>
>> This suggestion is also ambiguously specified.  While yes, the "d"
>> elements of elliptic curve and RSA keys could be moved to be within a
>> "private" structure, what would be done for the "k" element of a symmetric
>> key?  Would that also be moved into a "private" element?  (At that point,
>> there would be no symmetric key information at the top level of the JWK,
>> which seems more than a little odd.)
>>
>> Finally, I'll note that the specs already clearly delineate public from
>> private fields, through use of the Parameter Information Class value in the
>> JSON Web Key Parameters registry (with values "Public" and "Private").  So
>> there should be no confusion which is which.
>>
>> I therefore recommend that this suggestion be resolved as "wontfix".
>>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email