Re: [jose] thoughts on header criticality from recent polls
Richard Barnes <rlb@ipv.sx> Mon, 25 February 2013 22:40 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C000121E8128 for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 14:40:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[AWL=0.425, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEJLEzKcaWFl for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 14:40:13 -0800 (PST)
Received: from mail-oa0-f50.google.com (mail-oa0-f50.google.com [209.85.219.50]) by ietfa.amsl.com (Postfix) with ESMTP id B017D21E80AE for <jose@ietf.org>; Mon, 25 Feb 2013 14:40:06 -0800 (PST)
Received: by mail-oa0-f50.google.com with SMTP id l20so3998320oag.37 for <jose@ietf.org>; Mon, 25 Feb 2013 14:40:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=oP7cJU2DC97XNKsFxHHRcDUTdNTft8qHf1CLibdldAg=; b=bGGiLwk7uuT5waJVcBjeABO1YL05HpgV30of7AJm3uhNtu5XLUM47Xy46p4hgnM9Oc dwhOlm30SWcNF8esgii5qO+UcY+K6Vdk4aVieGRfaXrTRHVcGDK93a645zgrglbRoevA 02sOsoJ+MPinoHKpqO7dNtCwuzgdMR2+cOE+z59D+5uHRX/RPMMOJBKWyMXg32CV7An4 1gdo9ChdsaZ+ngxr+6WqkVfSLU1JxHRoxakV6avspdR45rWdQRkgLYty971KkdcRJ+Dk ZenYter5qhUJzRNQHaZ8gRVcMYfq3VQ7WR8xFgrdScwyaxiIJVKuxNkaJ2XFKnyorXQ8 KqLg==
MIME-Version: 1.0
X-Received: by 10.182.221.105 with SMTP id qd9mr9264393obc.97.1361832006228; Mon, 25 Feb 2013 14:40:06 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Mon, 25 Feb 2013 14:40:06 -0800 (PST)
X-Originating-IP: [128.89.253.236]
In-Reply-To: <E373F270-B4B0-4FCB-8668-2F8719D72DD7@ve7jtb.com>
References: <512B4A34.9090305@isoc.org> <4E1F6AAD24975D4BA5B1680429673943674A42FA@TK5EX14MBXC284.redmond.corp.microsoft.com> <E373F270-B4B0-4FCB-8668-2F8719D72DD7@ve7jtb.com>
Date: Mon, 25 Feb 2013 17:40:06 -0500
Message-ID: <CAL02cgRHE2hQh-dcgT1MMfXssZo8CXVsKvsRhnkBmdhydvxY2g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="f46d0447f2f8f9b88c04d6943867"
X-Gm-Message-State: ALoCoQktUNijairtP+Y0kp+fbbImIwopxV8YurqBVGghfWHrEtJpdR7E9QV2Gq+hleGv4ausioFw
Cc: Mike Jones <Michael.Jones@microsoft.com>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] thoughts on header criticality from recent polls
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 22:40:15 -0000
Sorry, John, no agreement on "aad" :) If you want integrity checking on non-critical stuff, just put it in the header and mark it as non-critical. I'm willing to step back on what I said in my response to "B"; it can be much more easily mitigated by a signer putting something random (and not subject-controlled) before the unknown stuff in the header. On Mon, Feb 25, 2013 at 5:16 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > Karen & Mike, > > I think an important issue that Jim and others have tried to get at is > some information in the header is intended for the JOSE library, while > other header parameters are essentially additional associated data > (meta-data about the body) and need to be passed on to other software > layers for processing along with the body. **** > ** ** > An example of that was the proposed "iat" (issued at) element, which needs > to be processed outside of the JOSE crypto processing to be useful.**** > ** ** > I suspect a point of agreement might be having an "aad" header parameter > that is a JSON object that MUST be ignored by the JOSE library and passed > on with the body. This would provide applications a way to pass meta-data > through JOSE that is integrity protected, without JOSE having to parse it. > **** > ** ** > Once we remove a large number of the possible extension header parameters > from JOSE processing, the problem gets smaller.**** > ** ** > There is however, still the requirement that extensions for the header > parameters JOSE processes be possible.**** > ** ** > For that the list of non-critical header parameters is the best solution. > That enables a header parameter to be migrated from non-critical to > critical without changing its JSON element name.**** > ** ** > I think that a large number of people on the list favoured the single > element with an array of element names that are non-critical.**** > ** ** > My proposal is to add two new top level elements that MUST be understood:* > *** > ** ** > 1 "ign": Ignore - an array of top level elements in the envelope that an > application MUST ignore if it cannot process them.**** > 2 "aad": Additional Associated Data - a JSON object that MUST be provided > to applications along with the body if present in a JOSE header.**** > ** ** > All other top level header parameters MUST be understood by a JOSE library > or produce a processing fault resulting in an error.**** > ** ** > I would also not want elements listed in "ign" to be passed on to > applications. I think that would cause interoperability issues. That is > what "aad" is intended to provide.**** > ** ** > I know James has legitimate concerns about allowing potentially user > provided data to be included in the header (Or anywhere likely). I think > this is a separate issue that needs to be addressed by security > considerations to add entropy to the header if such data is included. > That may require a new "ent" Entropy element that MUST be ignored. This > should be a separate discussion.**** > ** ** > Finally, for JWK, I believe that we should just state that not-understand > elements should be ignored. When including a JWK header parameter this is > also allows for extension to the JWK parameter, as the MUST understand in > JWE/JWS only allies to the top level parameter's, and not the sub > parameters they may contain.**** > ** ** > My proposal doesn't neatly fit into fit into one of the poll answers, but > I think it may address the majority of concerns.**** > ** ** > Regards**** > John B. > On 2013-02-25, at 7:41 AM, Mike Jones <Michael.Jones@microsoft.com> wrote: > > Thanks for sending this, Karen. Hopefully your analysis will help the > working group reach a resolution on this issue soon. I’m writing this note > primarily as an editor to help inform the working group’s discussions, > rather than as an individual contributor.**** > > First, I want to point out that while we’ve been discussing criticality of > header parameters, the specs actually currently have the “MUST be > understood” language in the JWK specification as well, as that’s another > potential extension point. The JWK description says “Additional members > MAY be present in the JWK. If present, they MUST be understood by > implementations using them.” The same language is present for the JWK Set. > For our resolution of the issue to be complete, it should address those > uses too. Given that a number of additional JWK fields are being > discussed, I expect that extensions will occur there.**** > > Second, if we do decide to go with your approach (1), I’ll summarize for > the list what I believe the two syntax proposals on the table are for doing > this. One proposal is 2A in > http://www.ietf.org/mail-archive/web/jose/current/msg01353.html (which > I’ll call the FLAT SYNTAX) and the other is the syntax that Dick Hardt > proposed in > http://www.ietf.org/mail-archive/web/jose/current/msg01457.html (which > I’ll call the STRUCTURED SYNTAX). I believe that it would be useful for > the working group to discuss which of those they would prefer in parallel > to discussing the questions that you asked, so that if we do go with > approach (1) or something like it, we’ll know which to use.**** > > FLAT SYNTAX:**** > {"alg":"ES256",**** > "ign":["notes"],**** > "notes":"This header field can be safely ignored"**** > }**** > > STRUCTURED SYNTAX:**** > {"alg":"ES256",**** > "ign":{**** > "notes":"This header field can be safely ignored"**** > }**** > }**** > > As I see it, the advantage of the flat syntax is all header fields are in > the same place. This makes processing header fields easier and is more > regular. The disadvantage is that the list of fields that may be safely > ignored repeats those field names.**** > > As I see it, the advantage of the structured syntax is that nothing is > repeated, resulting in cleaner JSON syntax. The disadvantage is that then > some header fields are in one place and some are in another, making the > processing rules for header fields more complicated.**** > > Between these two, it seems to come down to a choice between cleaner > syntax or cleaner semantics. (I’d personally lean towards the simpler > processing rules resulting from the flat syntax, but I would be fine with > this coming out either way.)**** > > Finally, I’ll point out that I don’t believe that your approaches (1) and > (2) are mutually exclusive. We could conceivably leave it up to > application specifications using the JOSE specs whether they require header > fields to be understood by default AND provide a syntax for declaring which > fields may be safely ignored for use in those application contexts where > the application spec does require that header fields be normally > understood. In fact, one might consider this to fall under the “(possibly > providing guidance directed to those applications in the JOSE specs)” > that you suggested below.**** > > I hope the points above help further a productive discussion of this topic. > **** > > -- Mike**** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf Of > *Karen O'Donoghue > *Sent:* Monday, February 25, 2013 3:26 AM > *To:* jose@ietf.org > *Subject:* [jose] thoughts on header criticality from recent polls**** > ** ** > > Folks, > > Thank you for your patience with me regarding the recent polls on header > criticality. I realize I have taken too long to respond from a chairs > perspective with some results and direction. I had hoped to provide either > a decision or a clear set of choices, but after analyzing the poll results, > rereading all the email traffic (multiple times), and talking to a few > working group members, I find I am not quite able to do so. So, what next... > > > First, what I do believe... > > I think it is clear that the working group remains divided on this issue > with a significant number of members feeling that an approach must be > defined that safely allows for some header fields to be considered > non-critical. I think there is general consensus that there must be > reasonable mechanisms for extensibility, and that the approach must be > generic. Based on that, I would like to ask the working group to move > forward with the strategy that all headers cannot be considered critical > and move on to the discussion of how to approach non-critical headers. > > In my review of the mailing list traffic (and my apologies if I missed > something), I have seen a number of basic approaches proposed (summarized > by Jim Schaad on 9 Oct 2012 with the response by James Manager on 10 Oct > 2012). In particular, I found James' list of requirements to be very > helpful, and I have repeated it here... > > A. Want to be able to define messages with new semantics in future, > without any risk that old implementations will misinterpret them with old > semantics. > > B. Want to be able to *redefine* (or constrain) the semantics of > *existing* fields in future, without any risk that old implementations will > misinterpret them with old semantics (or without the constraints). > > C. Want to prevent large blobs of ignored data appearing in messages, as > similar blobs have been used to create hash collisions between legitimate & > malicious certificates that use weak algorithms (eg MD5). > > D. Want to strongly discourage future extensions (feature-creep), under > the philosophy that even well-intentioned extensions tend to do more harm > (by adding complexity that is only deployed sporadically) than the good of > any new functionality they bring. > > E. Loosely coupling clients and servers is generally considered a good > thing; but strongly coupling them is more appropriate for a secure message > format for [insert a reason here]. A possible reason is that people are too > likely to choose to make an extension non-critical for short-term ease of > interoperability, instead of making it critical for better long-term > security. > > From this list, I believe A is definitely a requirement. I am unclear > regarding working group consensus on B, C, and E, and I believe D is not a > requirement. > > QUESTION: Is there working group consensus on the requirements we are > trying to address? Perhaps a short discussion clarifying these would help > drive consensus on the overall approach. > > As for possible solutions, we appear to have evolved to the point where we > are of two minds: > > 1) Define a header field that explicitly lists the fields that may be > safely ignored if not understood. (Here I am assuming that we aren't > going to define a separate header for non-critical elements.) > > 2) Remain silent on header criticality in the JOSE specifications and > leave it up to the various application specifications (possibly providing > guidance directed to those applications in the JOSE specs). > > I sense that there is more support for the first approach, but I am > concerned that there is a significant minority that favor the second > approach. > > QUESTION: Can the working group agree on whether to work on approach 1 or > approach 2? > > In conclusion, I am asking three things in this missive: > 1. I am asking the working group to move forward based on a non-critical > headers approach. > 2. I am asking the working group to clarify the requirements driving the > non-critical header discussion (A, B, C, D, E, or ?). > 3. I am asking the working group to decide whether the right approach is > to develop a specific syntax (if so, what?) or to defer to the applications > with appropriate guidance (if so, what level of guidance)? To address this > item, I welcome concise proposals of text. > > I realize this message is long and not as specific or prescriptive as some > would like, and I apologize in advance for any mistakes and > misunderstandings on my part. > > Regards, > Karen O'Donoghue**** > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] thoughts on header criticality from recent… Karen O'Donoghue
- Re: [jose] thoughts on header criticality from re… Mike Jones
- Re: [jose] thoughts on header criticality from re… Richard Barnes
- Re: [jose] thoughts on header criticality from re… John Bradley
- Re: [jose] thoughts on header criticality from re… Tim Bray
- Re: [jose] thoughts on header criticality from re… Anthony Nadalin
- Re: [jose] thoughts on header criticality from re… Richard Barnes
- Re: [jose] thoughts on header criticality from re… John Bradley
- Re: [jose] thoughts on header criticality from re… Richard Barnes
- Re: [jose] thoughts on header criticality from re… John Bradley
- Re: [jose] thoughts on header criticality from re… Richard Barnes
- Re: [jose] thoughts on header criticality from re… Mike Jones
- Re: [jose] thoughts on header criticality from re… Mike Jones
- Re: [jose] thoughts on header criticality from re… Jim Schaad
- Re: [jose] thoughts on header criticality from re… Manger, James H
- Re: [jose] thoughts on header criticality from re… John Bradley