IETF Logo Mail Archive

Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Mon, 20 October 2014 15:44 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D64A1A00FC; Mon, 20 Oct 2014 08:44:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDWbL0Pa-rwR; Mon, 20 Oct 2014 08:44:24 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0717.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:717]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 994611A1AE2; Mon, 20 Oct 2014 08:42:26 -0700 (PDT)
Received: from DM2PR03CA0029.namprd03.prod.outlook.com (10.141.96.28) by BY1PR0301MB1205.namprd03.prod.outlook.com (25.161.203.154) with Microsoft SMTP Server (TLS) id 15.0.1054.13; Mon, 20 Oct 2014 15:42:02 +0000
Received: from BY2FFO11FD007.protection.gbl (2a01:111:f400:7c0c::197) by DM2PR03CA0029.outlook.office365.com (2a01:111:e400:2428::28) with Microsoft SMTP Server (TLS) id 15.0.1054.13 via Frontend Transport; Mon, 20 Oct 2014 15:42:02 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD007.mail.protection.outlook.com (10.1.14.128) with Microsoft SMTP Server (TLS) id 15.0.1049.20 via Frontend Transport; Mon, 20 Oct 2014 15:42:01 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.03.0210.003; Mon, 20 Oct 2014 15:41:52 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Thread-Topic: Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
Thread-Index: Ac/nrMzTGNBz3N/vRnSiIMwvesZEcwEz2atQ
Date: Mon, 20 Oct 2014 15:41:51 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BB1AE1F@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BB0D2FD@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(13464003)(189002)(52044002)(52314003)(164054003)(51874003)(43784003)(51704005)(377454003)(199003)(87936001)(104016003)(230783001)(2656002)(44976005)(19580395003)(19580405001)(6806004)(84676001)(85852003)(69596002)(15975445006)(15202345003)(68736004)(55846006)(4396001)(33656002)(50986999)(85306004)(54356999)(76176999)(26826002)(21056001)(50466002)(97736003)(76482002)(85806002)(80022003)(46102003)(110136001)(47776003)(86612001)(20776003)(64706001)(66066001)(551544002)(86362001)(31966008)(92726001)(92566001)(81156004)(106466001)(99396003)(107046002)(95666004)(23676002)(77096002)(120916001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0301MB1205; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR0301MB1205;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 03706074BC
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/cmtemv-nhbBus8YfKgksREu3Bts
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature@tools.ietf.org" <draft-ietf-jose-json-web-signature@tools.ietf.org>
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 15:44:29 -0000

Hi Pete,

Could you take a look at the text changes made and responses your DISCUSS positions in the next few days?  We’re down to a week left to submit new drafts and if we need to make further changes for you, it would be good to know what they are before that.

For JWS:

You’d agreed to withdraw the first DISCUSS on the telechat.

You’d said that you’d review the specific uses of “accept” and “reject” and call out any specific places that you thought that implementers would be confused.

For your suggestion to convert JWSs using the Compact Serialization to the JSON Serialization, given that the reworked steps are now all steps (thanks for your feedback there!) and only necessary steps are included, given that your suggestion is not a necessary step, I would request that you drop it.  It’s an implementation suggestion – not a necessary step.

On your TLS comments, the places actually using TLS are now explicitly called out.

For JWE:

You’d agreed to withdraw this DISCUSS on the telechat.

For JWA:

Stephen said on the telechat that he would enter a DISCUSS if the implementation requirements were removed.

Jim Schaad pushed back on your suggestions that we use ASCII rather than UTF-8 as algorithm IDs and passwords.

====

The proposed resolutions were applied in response to your COMMENT positions too.

                                                            Thanks,
                                                            -- Mike


-----Original Message-----
From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Tuesday, October 14, 2014 5:46 AM
To: Pete Resnick; The IESG
Cc: jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)

The proposed resolutions below have been applied to the -34 drafts.  Also, the "steps that are not steps" have been reworked or removed.  Can you please confirm that you're willing to consider your DISCUSSes on this draft satisfied on this basis, Pete?

Note that if you supply specific locations where you believe that changes need to be made to uses of "accept" and "reject" because those specific uses may be misleading, as I believe you volunteered to do on the telechat, we can do another round of edits to address them, as needed.

				Thanks again,
				-- Mike

> -----Original Message-----
> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
> Sent: Saturday, October 04, 2014 6:58 PM
> To: Pete Resnick; The IESG
> Cc: jose-chairs@tools.ietf.org; jose@ietf.org; 
> draft-ietf-jose-json-web- signature@tools.ietf.org
> Subject: Re: [jose] Pete Resnick's Discuss on 
> draft-ietf-jose-json-web-signature-
> 33: (with DISCUSS and COMMENT)
> 
> Thanks for your review, Pete.  I've added the working group to the thread.
> Replies are inline below...
> 
> > -----Original Message-----
> > From: Pete Resnick [mailto:presnick@qti.qualcomm.com]
> > Sent: Wednesday, October 01, 2014 9:14 PM
> > To: The IESG
> > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web- 
> > signature@tools.ietf.org
> > Subject: Pete Resnick's Discuss on
> > draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
> >
> > Pete Resnick has entered the following ballot position for
> > draft-ietf-jose-json-web-signature-33: Discuss
> >
> > When responding, please keep the subject line intact and reply to 
> > all email addresses included in the To and CC lines. (Feel free to 
> > cut this introductory paragraph, however.)
> >
> >
> > Please refer to
> > http://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/
> >
> >
> >
> > --------------------------------------------------------------------
> > --
> > DISCUSS:
> > --------------------------------------------------------------------
> > --
> >
> > 3.1: Why can't I use an unprotected header when I'm using the 
> > Compact Serialization? This seems like a real problem, since I can't 
> > convert (in a round- trippable way) between a JWS with an 
> > unprotected header in the JSON Serialization to a Compact Serialization. Why the limitation?
> 
> As Richard explained during the telechat, this was a deliberate choice 
> on the part of the working group to keep the compact form as simple as 
> possible by removing some options.  Do I remember correctly that you 
> said on the telechat that you would be willing to withdraw this DISCUSS on that basis?
> 
> > 5.2:
> >
> > Strike the last sentence of the second paragraph. There's no 
> > requirement here. If none of them validate, I can do what I want 
> > with the JWS. I needn't "reject" it. I might just mark it as "invalid".
> >
> > [Get rid of all talk of "rejecting" throughout this document. Again, 
> > I will note that the signatures are not valid, but rejecting is a 
> > local implementation detail.]
> 
> As discussed during the telechat and on subsequent threads, the terms "accept"
> and "reject" are commonly used in this way, for instance, in RFC 5820.  
> As Kathleen wrote after the call, "For the "reject" language, Pete 
> said on the call that he would go through each one to see where it 
> might be application specific and will suggest changes.  Thanks in advance, Pete.".
> 
> > This section would be greatly simplified if step 1 was: "If the 
> > Compact Serialization is being used, convert it to the JSON Serialization."
> 
> This would be doing a disservice to some implementers, since some 
> implementations (for instance those designed to support JWTs) will 
> only implement the Compact Serialization.  I therefore request that 
> you withdraw this DISCUSS on that basis.
> 
> > Some of these steps are not steps. I could not follow this to figure 
> > out what to do. This section could use a serious rewrite. I'm glad 
> > to work with you on that, but did not have time to provide a rewrite 
> > during my
> review.
> 
> This section has been heavily wordsmithed already by numerous 
> reviewers.  That said, I'd be glad to receive suggestion for specific proposed changes.
> 
> > 8: This section needs to be removed. There is no need for TLS in a 
> > whole host of applications that could implement this protocol.
> 
> As discussed in threads that immediately followed your review, I 
> propose to clarify to which specific features ("jku" and "x5u") this section applies.
> 
> > --------------------------------------------------------------------
> > --
> > COMMENT:
> > --------------------------------------------------------------------
> > --
> >
> > 2. A "JSON Web Signature Signature" is an unfortunate terminology choice.
> > If there is a whole *thing* that is the combination of the header, 
> > the signature, and the payload, perhaps that should have been a 
> > "JOSE Web Object", or better yet a "JOSE Object". Then you could 
> > simply have "JOSE Signature", "JOSE Payload", and "JOSE Header". I'm 
> > also unclear why the word "Web" appears in each of these things -- 
> > except "JOSE Header", which I find equally strange. They should not 
> > just be for use on the Web. This whole "JW*" terminology thing is goofy.
> 
> See my response to your JWT review for the etymology of the "JSON Web ..."
> terminology.  The "JWS" prefixes on some terms are there to indicate 
> that the defined term is being used in specific way (such as "JWS 
> Signature") versus a generic way (such as "signature").
> 
> > 3. "JWS object" is undefined. Do you just mean a JWS?
> 
> Yes, the meaning is the same.  Sometimes the word "object" is included 
> in locations that it seems to improve the readability of the text.
> 
> > Please reverse the order of section 3.1 and 3.2.
> 
> The order is intentional.  The simple serialization is intentionally 
> presented before the more general, more complicated serialization.
> 
> > 3.2:
> >
> >    In the JWS JSON Serialization, a JWS object is represented as the
> >    combination of these four values,
> >       BASE64URL(UTF8(JWS Protected Header)),
> >       JWS Unprotected Header,
> >       BASE64URL(JWS Payload), and
> >       BASE64URL(JWS Signature)
> >
> > Why is the Payload (a) part of the serialization and (b) base64ed? 
> > Are you saying that the only way I can use JWS is to include the 
> > payload as part of the JOSE object? Why can't it be a separate 
> > thing? Also, why does it
> have to be base64ed?
> > It could be a UTF-8 string, or it could be a large binary object 
> > that I'm using in a non-JSON context, neither of which I want to 
> > bloat by base64ing it. This seems bogus.
> 
> It is base64url encoded because JSON has no way of representing 
> arbitrary octet sequences.  This enables the "binary object" case that you're describing to work.
> Also note that this was extensively discussed by the working group in 
> the context of issue #26 http://trac.tools.ietf.org/wg/jose/trac/ticket/26.
> 
> > 3.3:
> >
> > OLD
> >    The following example JWS Protected Header declares that the encoded
> >    object is a JSON Web Token (JWT) [JWT] and the JWS Protected Header
> >    and the JWS Payload are secured using the HMAC SHA-256 [RFC2104, SHS]
> >    algorithm:
> >
> > There's a could of typos in there. I think you meant:
> >
> > NEW (1)
> >    The following example JWS Protected Header declares that the encoded
> >    object is a JSON Web Token (JWT) [JWT] and the JWS Payload is secured
> >    using the HMAC SHA-256 [RFC2104, SHS] algorithm:
> >
> > However, I'm not clear why that's an example of a *Protected* Header.
> > Looks like it could be any old header. So I think better is:
> >
> > NEW (1)
> >    The following example JOSE Header declares that the encoded object is
> >    a JSON Web Token (JWT) [JWT] and the JWS Payload is secured using the
> >    HMAC SHA-256 [RFC2104, SHS] algorithm:
> >
> > Then you would fix:
> >
> > OLD
> >    Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected
> >    Header)) gives this value:
> > NEW
> >    If this were a JWS Protected Header, the encoding of
> >    BASE64URL(UTF8(JWS Protected Header)) gives this value:
> >
> > This one:
> >
> >    Encoding this JWS Payload as BASE64URL(JWS Payload) gives this 
> > value
> 
> Both the JWS Payload and the JWS Protected Header *are* 
> integrity-protected, hence the inclusion of the "JWS Protected Header" language in the description.
> 
> > I'll get back to in Section 5. Finally:
> >
> >    Concatenating these values...
> >
> > This section is not about the compact serialization. If you want to 
> > give both example serializations in this section, fine, but if you 
> > are giving a general "Example JWS" as the title of the section 
> > states, don't just give
> the compact.
> 
> The point is to give a simple example to familiarize readers with the 
> idea of a JWS - not for the example section to be a complete tutorial on the possibilities.
> Note, however than an example using the JSON Serialization *is* 
> present in Appendix A.6 and many are present in 
> http://tools.ietf.org/html/draft-ietf-jose-
> cookbook-03.
> 
> > 4.1.1/4.2: Why even bother mentioning that the alg could be a
> > "Collision- Resistant Name" (what a term!)? The alg should be registered.
> > If it's not, you're in private agreement space anyway, so it needn't 
> > be specified in the spec. Same thing for Public Header Parameter
> > Names: If you're going to do this interoperably, you're going to 
> > have to know what the thing means; otherwise, it's out of band 
> > anyway. I say get rid of the whole concept of using non-registered names.
> 
> Per the response to a similar comment in Stephen Kent's secdir review:
> 
> This specification will be used both in open environments, in which 
> multiple organizations will need to have a common understanding of any 
> extensions used, and closed environments, which the producing and 
> consuming organization will always be the same and private values could be safely used.
> IANA registration is definitely the right thing to do for open 
> environments.  It’s probably unnecessary for deployments in closed environments.
> 
> > 4.1.9 (and elsewhere): "Sender" is the wrong term here. (Same with
> > "recipient".) "Generators" and "interpreters" seems much better.
> 
> Thanks.   What about using the terms "producers" and "consumers"?
> 
> > 5.1: s/MUST perform/performs
> 
> I don't think I understand the motivation for this suggested change.  
> All the steps must be performed...
> 
> >   2. Why is BASE64URLing the payload required? If I want to use a 
> > binary payload, or something that I know is a string, why not just use it as-is?
> > The encoding of the payload should be application dependent.
> 
> See my response to your comment on the same issue in Section 3.2.
> 
> >   3. There might not be a Protected Header. Better to say "the JWS 
> > Protected Header and/or the JWS Unprotected Header, as appropriate."
> 
> Thanks
> 
> >   4. Strike the parenthetical "(which can only happen...)". Sounds 
> > like you are discouraging use of the JSON Serialization and the 
> > Unprotected
> Header.
> 
> It's not pejorative - it's intended to be informative to implementers.
> 
> >   5. Again, why BASE64URL the payload? Also, I don't understand the 
> > need for the second sentence. Please explain.
> 
> The same answer applies as to the previous times this question was asked.
> 
> >   7 is not a step that you MUST perform.
> 
> You're right.  I'll consider whether text of this form needs to 
> remain, and if so, how to write it in an actionable fashion.
> 
> >   9. Replace with "Create the desired serialized output, as 
> > described in Section 7." Stop privileging Compact.
> 
> The fact is that the Compact Serialization is (intentionally!) simple 
> enough it can be fully described in the single sentence.  Same cannot 
> be said of JSON Serialization, hence the need for the section reference.
> 
> > 5.2: s/MUST be taken/are performed.
> 
> Same response as to your related comment on 5.1
> 
> > 5.3: I don't understand why this section is necessary.
> 
> String comparison rules are necessary both for interoperability and 
> security.  If comparisons of security-sensitive elements were done 
> differently by different implementations, that would result in an ample attack surface.
> 
> 				Thanks again,
> 				-- Mike
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email