IETF Logo Mail Archive

[jose] Hurdles when Converting XML/XML DSig to JSON

Anders Rundgren <anders.rundgren.net@gmail.com> Sun, 18 August 2013 09:01 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE5611E8270 for <jose@ietfa.amsl.com>; Sun, 18 Aug 2013 02:01:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42I4mXpu+J+A for <jose@ietfa.amsl.com>; Sun, 18 Aug 2013 02:01:00 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) by ietfa.amsl.com (Postfix) with ESMTP id 0114F11E8266 for <jose@ietf.org>; Sun, 18 Aug 2013 02:00:59 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id z5so2278853lbh.23 for <jose@ietf.org>; Sun, 18 Aug 2013 02:00:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=YXpDfX1YoeKDlUGCns1oCYoyJ39uAk9sunXr0xChVRY=; b=00fsNORK/SjgMKKSIiqfi1fFx6lgjEX7y0dVqpQRB/HwK+2qLZJXzgyWkLForbVTUF db4c4lmg5odNKoMA1PrB1XVVot0aWN94Hy99fMqW1OQeBqO/EjuQi1qi56urVf8tX0gM fykF4/La+1FgUwB1EC4d5aA1BkcjFwUmSwX4VqqBzG+ddJHqQ6L881vvpnj0epHgD5Ub l3ifj36Fiyi8lztuE56lGMgpALWM225r9rETUAiPZTisd7gy2a2jq1q8MUcTQG6YeFCf LzCuZOgaQDuRNlEugc5lG6cXePIh5HDy/lRVxWI1OW04ORF4m3o8BjZMmAWLjpXTLizR qDAw==
X-Received: by 10.112.14.67 with SMTP id n3mr6241158lbc.12.1376816458903; Sun, 18 Aug 2013 02:00:58 -0700 (PDT)
Received: from [192.168.0.2] (37.250.206.30.bredband.tre.se. [37.250.206.30]) by mx.google.com with ESMTPSA id qa1sm2203839lbb.1.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 18 Aug 2013 02:00:58 -0700 (PDT)
Message-ID: <52108D45.70904@gmail.com>
Date: Sun, 18 Aug 2013 11:00:53 +0200
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "jose@ietf.org" <jose@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [jose] Hurdles when Converting XML/XML DSig to JSON
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2013 09:01:01 -0000

Hi,
I have begun seriously thinking about converting the KeyGen2 protocol into JSON.
Unfortunately I'm not too pleased with the result if I follow the current JOSE specifications.
In particular the JWS signature scheme makes the end-result violate a fundamental quality its XML counterpart: readability.

If you have a few minutes to spare, feel free looking into my pathetic (?) efforts coming up with a workaround:
http://webpki.org/papers/PKI/converting-xmldsig-2-json.pdf

BTW, I noted one issue that could be of general applicability and that is the use of indirect (2-level) signatures in XML DSig, PDF and possible several other schemes as well.
Question: are limitations in cryptographic subsystems for combined hashing and signing huge amounts of data only a historical artifact these days?

FWIW, the workaround solution adopts this idea to not impose any signature-related restrictions on message size.

Cheers,
Anders
http://webpki.org/papers/keygen2/doc/keygen2schema.html

v2.23.0 | Report a Bug | By Email