IETF Logo Mail Archive

Re: [jose] Header criticality -- hidden consensus?

"Vladimir Dzhuvinov / NimbusDS" <vladimir@nimbusds.com> Mon, 11 February 2013 07:48 UTC

Return-Path: <vladimir@nimbusds.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8027121F89A6 for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 23:48:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPhsvnSXHWe2 for <jose@ietfa.amsl.com>; Sun, 10 Feb 2013 23:48:07 -0800 (PST)
Received: from n1plwbeout07-01.prod.ams1.secureserver.net (n1plsmtp07-01-02.prod.ams1.secureserver.net [188.121.52.106]) by ietfa.amsl.com (Postfix) with SMTP id DAC4B21F89B3 for <jose@ietf.org>; Sun, 10 Feb 2013 23:48:06 -0800 (PST)
Received: (qmail 22587 invoked from network); 11 Feb 2013 07:48:05 -0000
Received: from unknown (HELO localhost) (188.121.52.246) by n1plwbeout07-01.prod.ams1.secureserver.net with SMTP; 11 Feb 2013 07:47:57 -0000
Received: (qmail 27743 invoked by uid 99); 11 Feb 2013 07:47:57 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Originating-IP: 95.43.62.175
User-Agent: Workspace Webmail 5.6.32
Message-Id: <20130211004756.cc40c4f3d92d2001859047cd8cabb9ab.97b00dd614.wbe@email07.europe.secureserver.net>
From: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, "jose@ietf.org" <jose@ietf.org>
Date: Mon, 11 Feb 2013 00:47:56 -0700
Mime-Version: 1.0
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 07:48:08 -0000

Hi James,

Yes, the three JWS validators (MAC/RSA/EC) that we have in the crypto
algs package are intended to be extended. They do just the basic
signature validation and accept only the "alg", "typ" and "cty"
parameters. They could serve as a starting point for creating more
complex validators, e.g. a validator that uses the "kid" to look up the
MAC key in a database.

We will probably add extended validators with key lookup support as we
progress into our OIDC server implementation (the part which deals with
signed OpenID request objects).

Inside the crypto package there's also a hidden JWSHeaderFilter
implementation, we'll probably make it public, as an aid to other
developers who choose to write their own extended validators.

https://bitbucket.org/nimbusds/nimbus-jose-jwt/src/bef49c225aae/src/main/java/com/nimbusds/jose/crypto/DefaultJWSHeaderFilter.java?at=master


Vladimir

--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com



-------- Original Message --------
Subject: Re: [jose] Header criticality -- hidden consensus?
From: "Manger, James H" <James.H.Manger@team.telstra.com>
Date: Sun, February 10, 2013 10:14 pm
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>,
"jose@ietf.org" <jose@ietf.org>


Vladimir,

It is useful to see actual APIs and code trying to implement this
MUST-understand-everything rule.

I can't quite see how your API allows a caller to indicate that is
understands a new header parameter. Your HeaderFilter lets the caller
*see* which field names the library "understands". JWSHeaderFilter goes
further and allows the caller to *set* the accepted algorithms. I
couldn't find, say, setAcceptedParameters(...).

Perhaps you are supposed to extend, say, MACVerifier with your own class
that lists an extra field?


--
James Manger

> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
> Vladimir Dzhuvinov / NimbusDS
> Sent: Saturday, 9 February 2013 5:35 PM
> To: Richard Barnes; jose@ietf.org
> Subject: Re: [jose] Header criticality -- hidden consensus?
> 
> Hi Richard,
> 
> I understand your concern. With some bit of interface engineering we
> managed to have this requirement covered at library level, by allowing
> client apps to specify additional accepted parameters. If the JOSE
> library encounters a header with an unexpected name, it will mark the
> message as bad on the spot, so it won't be passed on to the app code at
> all.
> 
> You can take a look at the interface Javadocs here:
> 
> http://nimbusds.com/files/jose-
> jwt/javadoc/com/nimbusds/jose/HeaderFilter.html
> 
> And the actual code at the Git repo:
> 
> https://bitbucket.org/nimbusds/nimbus-jose-
> jwt/src/bef49c225aae194b6c40a376aee36b9af37a5da6/src/main/java/com/nimb
> usds/jose/HeaderFilter.java?at=master
> 
> 
> 
> What's more, this interface allows even certain standard headers from
> the JWS/JWE spec to not be denied (say if the client app doesn't want
> to
> accept X509 cert URLs, etc).
> 
> 
> I hope this helps,
> 
> Vladimir
> 
> 
> --
> Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com
> 
> 
> 
> 
> -------- Original Message --------
> Subject: [jose] Header criticality -- hidden consensus?
> From: Richard Barnes <rlb@ipv.sx>
> Date: Fri, February 08, 2013 11:11 pm
> To: "jose@ietf.org" <jose@ietf.org>
> 
> We're 24 votes into the header criticality poll, so I thought I would
> go
> ahead and take a look at how the results are shaping up. My initial
> tabulation is below. The result on the FIRST POLL (the main one) is as
> follows:
> 
> No: 10
> Yes: 14
> 
> 
> What I find striking, however, is that every single person that voted
> "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody
> who thinks that all headers should be critical thinks that a JOSE
> library should actually be required to enforce this constraint. And
> that means that enforcing that all headers are supported cannot be a
> MUST according to RFC 2119.
> 
> 
> So I wonder if there's consensus to remove the following text from JWE
> and JWS:
> -----BEGIN-JWE-----
> 4. The resulting JWE Header MUST be validated to only include
> parameters and values whose syntax and semantics are both
> understood and supported.
> 
> -----END-JWE-----
> -----BEGIN-JWS-----
> 4. The resulting JWS Header MUST be validated to only include
> parameters and values whose syntax and semantics are both
> understood and supported.
> 
> -----END-JWS-----
> 
> 
> Otherewise, a JOSE library conforming to these specifications would be
> REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains
> an unknown header, contradicting all those "Yes" votes on the SECOND
> POLL.
> 
> 
> --Richard
> 
> 
> 
> 
> 
> 
> -----BEGIN-Tabulation-----
> 1 2 3 Name:
> N - - Bradley
> N - - Ito
> N N A Yee
> N N B Barnes
> N N B Rescorla
> N N C Manger
> N N C Octman
> N Y A Fletcher
> N Y A Miller
> N Y A Sakimura
> Y Y - D'Agostino
> Y Y A Biering
> Y Y A Brault
> Y Y A Hedberg
> Y Y A Jay
> Y Y A Jones
> Y Y A Marais
> Y Y A Nadalin
> Y Y A Nara
> Y Y A Nennker
> Y Y A Solberg
> Y Y B Hardt
> Y Y B Medeiros
> Y Y C Matake
> Y Y C Mishra
> 
> -----END-Tabulation-----
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email