Re: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-algorithms-33: (with DISCUSS and COMMENT)
Richard Barnes <rlb@ipv.sx> Tue, 04 November 2014 02:55 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0180A1A8766 for <jose@ietfa.amsl.com>; Mon, 3 Nov 2014 18:55:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqNesAMytMMX for <jose@ietfa.amsl.com>; Mon, 3 Nov 2014 18:55:35 -0800 (PST)
Received: from mail-vc0-f180.google.com (mail-vc0-f180.google.com [209.85.220.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92F091A1BCA for <jose@ietf.org>; Mon, 3 Nov 2014 18:55:35 -0800 (PST)
Received: by mail-vc0-f180.google.com with SMTP id hy10so6132380vcb.25 for <jose@ietf.org>; Mon, 03 Nov 2014 18:55:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=29RKuDfhLmiJEV88O09bsswCGfA4keL8KPAdS3o5A6k=; b=Mcdofajp9fqwRIFppiY9sQlpbO+7lGZ2rZiwg4S7OVcOFx99q8+a9Lcuri9SNG0lJe 6mBx1wTJ33uRuVFMVN3LUXSc+huK2cVoJC4WBi06mGutUJ4OlXKnJRz1vyMNeZ1cA8JE R34qJRbKaIww88wu06TtHX0k9jrxpAznjh7ZWUg7PURibe16viiEV+aa62v7Jgh22iwu /Gq1waE0zHVABldGKCtfXWAMx37Yf6aoQyAHiF7RpAQoqv4k9G5HpW+6ioU9jH5e5sd0 j7SbD7q318qsIAhv+tqimSDX/oEgI6h9ZXk+0VdXYbQmQdDk+ZgvL7qKEJS5buDdETYc yKvA==
X-Gm-Message-State: ALoCoQkcJeOUeFUk0OV8gp2MsnhLYoXR8uYsK8ehXLUS93nqY9+aoD7id0Im4vXxfX1h5oWlsEI2
MIME-Version: 1.0
X-Received: by 10.221.67.137 with SMTP id xu9mr106851vcb.11.1415069734741; Mon, 03 Nov 2014 18:55:34 -0800 (PST)
Received: by 10.31.149.205 with HTTP; Mon, 3 Nov 2014 18:55:34 -0800 (PST)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BB262F4@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739439BB262F4@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Mon, 03 Nov 2014 21:55:34 -0500
Message-ID: <CAL02cgS4r25jPCSrGVkTR_C9giZKOmd5xwRs=_aoBZY8CXMhxg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="001a113397b0df407c0506ff9885"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/bBx94AjnPy5NvdkYdNEQ7iWSDpg
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-jose-json-web-algorithms@tools.ietf.org" <draft-ietf-jose-json-web-algorithms@tools.ietf.org>
Subject: Re: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-algorithms-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 02:55:39 -0000
Thanks, Mike. I cleared. On Sat, Oct 25, 2014 at 2:35 AM, Mike Jones <Michael.Jones@microsoft.com> wrote: > Hi Richard, > > > > The normative security considerations text for “alg”:“none” has been moved > into the algorithm definition in the -36 draft, per our agreement below. I > also added additional text referencing RFC 3447 in Section 6.3. Your other > DISCUSSes were addressed in previous drafts, including making > RSAES-PKCS1-V1_5 “Recommended-”, per our agreement. I believe that these > changes should enable you to clear your remaining DISCUSSes. > > > > Thanks again, > > -- Mike > > > > *From:* Richard Barnes [mailto:rlb@ipv.sx <rlb@ipv.sx>] > *Sent:* Monday, October 20, 2014 8:49 AM > *To:* Mike Jones > *Cc:* The IESG; jose-chairs@tools.ietf.org; > draft-ietf-jose-json-web-algorithms@tools.ietf.org; jose@ietf.org > *Subject:* Re: [jose] Richard Barnes' Discuss on > draft-ietf-jose-json-web-algorithms-33: (with DISCUSS and COMMENT) > > > > > > > > On Sat, Oct 18, 2014 at 7:09 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > > > > Section 3.6. > > > > I'm not going to object to "none", even though I think it's a very > dangerous > > > > feature because of the risk of confusion between Secured and > Unsecured JWS. > > > > But there needs to be stronger guidance: > > > > 1. An implementation SHOULD NOT support "none" unless the implementer > > > > knows that it will be used in application context s that require it. > > > > 2. If an implementation does support "none", then it MUST NOT accept > it as part > > > > of generic JWS validation. Instead, it should require the > application to explicitly > > > > signal that an Unsecured JWS is expected for a given validation > operation. > > > > > > As discussed in the working group, your concern about applications > inappropriately allowing the use of "none" actually is an instance of a > more general concern that applications not allow *any* algorithms to be > used that are not appropriate in their application contexts. This concern > is already addressed in the specification at the end of Section 5.2 as > follows: > > > > > > "Finally, note that it is an application decision which algorithms are > acceptable in a given context. Even if a JWS can be successfully validated, > unless the algorithm(s) used in the JWS are acceptable to the application, > it SHOULD reject the JWS." > > > > > > Since your specific concern is already handled in a more general way, > I would like to request that you withdraw this DISCUSS on that basis. > Also, you were one of the contributing authors to the security > considerations on this topic in Section 8.5 of JWA (Unsecured JWS Security > Considerations), so it's not clear that there's any cause for you to come > back with additional wording change requests on this topic at this point. > > > > > > Thanks for reminding me about Section 8.5. I think I would be > satisfied here if the contents of Section 8.5 were just moved up to this > section. That way all of the requirements for implementing "none" will be > together. > > > > Section 3.6 does end with the sentence "See Section 8.5 for security > considerations associated with using this algorithm" so implementers are > reminded to also pay attention to the security considerations. If we were > to do what you requested, this would be the only algorithm for which the > security considerations were included in the algorithm description, rather > than in the security considerations section, which would be fairly weird > and non-parallel, editorially. > > > > Actually, "none" is the only algorithm for which there are additional > normative requirements in the Security Considerations. So it actually > seems more sensible to move those requirements up. > > I'm really just asking for a copy/paste here, shouldn't be invasive. > But I do think the level of indirection creates security risk. > > I'm OK moving up the three sentences that actually do contain normative > requirements. Those are: > > Implementations that support Unsecured JWS objects MUST NOT accept > such objects as valid unless the application specifies that it is > acceptable for a specific object to not be integrity-protected. > Implementations MUST NOT accept Unsecured JWS objects by default. > In order to mitigate downgrade attacks, applications MUST NOT signal > acceptance of Unsecured JWS objects at a global level, and SHOULD > signal acceptance on a per-object basis. > > I'm not OK cluttering up the normative description of the algorithm with > the discussion text. Assuming you're OK leaving the discussion text and > "for example" text in 8.5, I think we have a way forward on this one. > Please let me know if that works for you. > > > > Sounds fine to me. Thanks for the compromise. > > --Richard > > > > > > Again, given that you were an author of 8.5 and seemed fine with the > resolution after the extensive discussion then, I'd ask you to clear the > DISCUSS on that basis and not request that it be reworked again. > > -- Mike > > >
- [jose] Richard Barnes' Discuss on draft-ietf-jose… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Brian Campbell
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Kathleen Moriarty
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes