Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
Matias Woloski <matiasw@gmail.com> Fri, 30 August 2013 17:55 UTC
Return-Path: <matiasw@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5498921F9D12 for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 10:55:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7SnlRd76wyA for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 10:55:54 -0700 (PDT)
Received: from mail-ee0-x235.google.com (mail-ee0-x235.google.com [IPv6:2a00:1450:4013:c00::235]) by ietfa.amsl.com (Postfix) with ESMTP id A8B0621F9F74 for <jose@ietf.org>; Fri, 30 Aug 2013 10:55:53 -0700 (PDT)
Received: by mail-ee0-f53.google.com with SMTP id b15so1081059eek.12 for <jose@ietf.org>; Fri, 30 Aug 2013 10:55:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=AR2F8AyxIcZ6/xmREejt9B2I9XJlcdpUR68QC+bqwiY=; b=H8jh0j5YM2zH8U4EEJXCSImwAsbSQw62/k8FnZg7F6KgyviJsaWwE0FVYTe38E3KF3 3QdDg1161y3uR5RqqDd4o5DEZwEsDGphnhs+Am0xsJD2lB6/xjwEaSU4IIdJlsp9qRbu q6E9cRXUrvL62SG+8ZCHIn0EmiMfVvlsXyU3GjW3JZP18IHhOjFqkaMF3Pdr456FU0Gf A/cOfzq3P1Hu0+quHnHRcVaES1GoLhNYPv2+6ZLjnMHHm3P9IHFlPQtXS3H70WwRz6aA avNAEb5wm7gvaxaeCUo/w43KaiKMjtPM2TI6guvB8fZoHhb6JuhwD90EGa+xDcd88pBD N44Q==
X-Received: by 10.14.200.201 with SMTP id z49mr5470651een.59.1377885352772; Fri, 30 Aug 2013 10:55:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.14.147.199 with HTTP; Fri, 30 Aug 2013 10:55:32 -0700 (PDT)
In-Reply-To: <CAHBU6iuBL2smObHpgKMOMLu_XF9btKvS-ukfa5pwxAcA6x1NGw@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org> <1377727351.405.YahooMailNeo@web184404.mail.bf1.yahoo.com> <CA+k3eCRdHYNN6+dZBUwJHZ4eXfNx2CtjdZd1JNJ7DpsF+7TwMQ@mail.gmail.com> <CAHBU6iuBL2smObHpgKMOMLu_XF9btKvS-ukfa5pwxAcA6x1NGw@mail.gmail.com>
From: Matias Woloski <matiasw@gmail.com>
Date: Fri, 30 Aug 2013 14:55:32 -0300
Message-ID: <CAK+KdNUquoF_k7V7t-BMjhrDF6w5OMeZw6nEr2t5fqi5t_6Zsw@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Content-Type: multipart/alternative; boundary="047d7b343b02fe72cd04e52dee84"
Cc: Mike Jones <Michael.Jones@microsoft.com>, Brian Campbell <bcampbell@pingidentity.com>, Justin Richer <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>, Edmund Jay <ejay@mgi1.com>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 17:55:55 -0000
+1 agree with all the points exposed already On Fri, Aug 30, 2013 at 2:54 PM, Tim Bray <tbray@textuality.com> wrote: > This increases complexity, will break existing implementations and does’t > seem to actually reduce risk, in practice. +1 to wontfix > > > On Thu, Aug 29, 2013 at 10:06 AM, Brian Campbell < > bcampbell@pingidentity.com> wrote: > >> Concern about accidentally leakage is fair but I don't see that >> rearranging things makes any practical difference. It would break >> things though, which is something I'd think the WG should try to avoid >> at this point without really compelling reasons to do so. >> >> On Wed, Aug 28, 2013 at 4:02 PM, Edmund Jay <ejay@mgi1.com> wrote: >> > +1 >> > >> > It's apparent from the current format whether an asymmetric key is >> public or >> > private. Adding another element just causes extra checks on the format. >> > >> > ________________________________ >> > From: Justin Richer <jricher@mitre.org> >> > To: Mike Jones <Michael.Jones@microsoft.com> >> > Cc: "jose@ietf.org" <jose@ietf.org> >> > Sent: Wednesday, August 28, 2013 12:53 PM >> > Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing >> > representation of private JWK fields >> > >> > If the leak is going to happen, it's not going to be on part of the JWK >> > object or JWK set, it's going to be on the whole thing. Stuffing it >> into a >> > sub-object isn't going to make it any safer in practice. If you want to >> > generate a public key from a public/private pair, you could argue that >> it'd >> > be simpler to have an outbound thing filter out just the ".private" >> > sub-object as opposed to having something key-specific, but I think the >> > latter is actually more robust against different key types since it >> enforces >> > a per-type evaluation of what's "public" and what's "private". >> > >> > I agree with Mike's contention regarding symmetric keys, below -- it's >> > tricky though. In the Nimbus-JOSE-JWT implementation of JWK we've taken >> the >> > approach of saying that the "public" version of an OctetSequenceKey is >> null. >> > >> > Parallelism on the keying material overall is a good thing though, so >> I'd >> > prefer to leave it how it is. >> > >> > -- Justin >> > >> > On 08/28/2013 03:40 PM, Mike Jones wrote: >> >> This is a second issue in the issue tracker that I wanted to bring to >> the >> >> working group’s attention for discussion. My personal view is stated >> in the >> >> issue tracker comment below. >> >> >> >> -- Mike >> >> >> >> -----Original Message----- >> >> From: jose issue tracker [mailto:trac+jose@trac.tools.ietf.org] >> >> Sent: Wednesday, August 28, 2013 12:36 PM >> >> To: draft-ietf-jose-json-web-key@tools.ietf.org; Mike Jones >> >> Cc: jose@ietf.org >> >> Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set >> >> Format >> >> >> >> #82: Section 6. Encrypted JWK and Encrypted JWK Set Format >> >> >> >> Comment (by michael.jones@microsoft.com): >> >> >> >> This comment is about part A of this issue - the suggestion that >> private >> >> key material within a JWK be moved into a "private" element. While I >> >> understand the motivation for the suggestion, this doesn't seem like a >> >> necessary or particularly useful change. If an implementation leaks >> its >> >> private or shared key information by disclosing a JWK containing it to >> a >> >> party not entitled to have it, there's no security difference in >> whether >> >> that information is in a top-level member or a member of a "private" >> field. >> >> The information will have still been inappropriately disclosed. >> >> >> >> This suggestion is also ambiguously specified. While yes, the "d" >> >> elements of elliptic curve and RSA keys could be moved to be within a >> >> "private" structure, what would be done for the "k" element of a >> symmetric >> >> key? Would that also be moved into a "private" element? (At that >> point, >> >> there would be no symmetric key information at the top level of the >> JWK, >> >> which seems more than a little odd.) >> >> >> >> Finally, I'll note that the specs already clearly delineate public from >> >> private fields, through use of the Parameter Information Class value >> in the >> >> JSON Web Key Parameters registry (with values "Public" and "Private"). >> So >> >> there should be no confusion which is which. >> >> >> >> I therefore recommend that this suggestion be resolved as "wontfix". >> >> >> > >> > _______________________________________________ >> > jose mailing list >> > jose@ietf.org >> > https://www.ietf.org/mailman/listinfo/jose >> > >> > >> > >> > _______________________________________________ >> > jose mailing list >> > jose@ietf.org >> > https://www.ietf.org/mailman/listinfo/jose >> > >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- [jose] FOR WG DISCUSSION: #82 part A - Possibly c… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Edmund Jay
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Brian Campbell
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Tim Bray
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Matias Woloski
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Naveen Agarwal
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… n-sakimura
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Jim Schaad
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Manger, James H
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones