IETF Logo Mail Archive

[jose] JOSE dependence on "Key Guessing"

Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 07 February 2018 06:03 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EADC212D88B for <jose@ietfa.amsl.com>; Tue, 6 Feb 2018 22:03:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F2hhNK08YqpJ for <jose@ietfa.amsl.com>; Tue, 6 Feb 2018 22:03:32 -0800 (PST)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9E5512DA17 for <jose@ietf.org>; Tue, 6 Feb 2018 22:03:31 -0800 (PST)
Received: by mail-wm0-x231.google.com with SMTP id i186so850051wmi.4 for <jose@ietf.org>; Tue, 06 Feb 2018 22:03:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=vDuSk0BXa9Gpnex9Nq31rZDdNv3MTN8wY8K1RWH4q1E=; b=DnxUXZVusGQLbtkYmvNGwNGmX4XhT3B5wc7UmHe/u9J7Hdu2LBAIbfbIw/avR3x1yN gFCkSc528gr4t3VwJpiq4xE/VihJyoNb6iZV2rtnS8XYrrpL14GztuvSisryJg82dcQZ VEqKKbgmY0+aZJLHOLROZr+uLTRkD5LiqzgH5t70w6L+3bPmcuVpHFXIz9JDkp7nBDZU vi6gWmhWZcd8RiKNXr25jlCukx/S4Ac0NfJZyyYl53AV8qy4atGoMAd+54D+2+18p/SO a5z0C3tsa2k/KDB4eqDBvhOBZgvNJiMAW83b0J+6AK1s/OaE06NG833KmZflgCdP/6Bx mlbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=vDuSk0BXa9Gpnex9Nq31rZDdNv3MTN8wY8K1RWH4q1E=; b=JxDSu9A8FbLMGABaj2jTPQr8WhmkincO6njqBibWk25MKH8reH0DUg1JZFVkBTWa0w V2AclsFYwO3Rpvv7H/fPB4ygAJkOWCYURWrU+phH2N0lUTXMEPo6AxUBmErGx6vTfr3Y FLHGzHsE7zOwaT+SnGfBDh+Q8jDgyOb1nRRudVTA4tL/o+T37oGsUt7kXCN+ZLWmez3B phjjdKAjMxXfgipw6pkW9ShVwDYfw36sp3EBv5vKkeF+Yh1bMn2RHMBtqOpf5XaHOx+b O+G2EoMCURWiYbZdb+4g8jRYhg7FXsbhOjtP0xgGIFS5hlO0PHoua40bJTdXox1PObpB t75w==
X-Gm-Message-State: APf1xPDtTWlSv2GfT5hczW029eKCWSTPabkgyTUq1rRWVXI8PvZhnUCt rPDFC14eX2hLO12IKBtVP2s=
X-Google-Smtp-Source: AH8x226RHWvTJNFJ/CfjzIXEmCDjgAdvP0gEK2pPD3yjNvfUMSm+WI1fMW3dkWSbV6m7aU8/RaN4iQ==
X-Received: by 10.80.165.87 with SMTP id z23mr7031117edb.300.1517983410518; Tue, 06 Feb 2018 22:03:30 -0800 (PST)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id x37sm591950edx.3.2018.02.06.22.03.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 22:03:29 -0800 (PST)
To: "jose@ietf.org" <jose@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <6b3f854d-f370-8f94-12ca-0f8ae0051362@gmail.com>
Date: Wed, 07 Feb 2018 07:03:28 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/emg4dk_muAj6nxYlX8NTUqr4FpI>
Subject: [jose] JOSE dependence on "Key Guessing"
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 06:03:34 -0000

Dear list,

Believe or not but there is a new multi-party IETF effort in the workings for dealing with "clear text" versions of JWS and JWE.  Our BOF request was though turned down due to lack of published drafts and "customers" so issues will have to go through the mailing list only.

The goal is reusing as much as possible of the existing specifications, essentially limiting the work to repackaging.

However, it turned out that I wasn't fully up-to-date on the JOSE concept "Key Guessing":
https://tools.ietf.org/html/rfc7515#appendix-D

As far I can tell they only way you would ever need to do "Key Guessing" as described in appendix-D is if you have a scheme where the sender doesn't inform the receiver which key it actually used which sounds like a poor idea as well as highly unlikely to be used anywhere in practice.

Therefore I didn't bother too much with that until I had implemented support for JKU where the sender supplies a URL to a set of keys for the receiver to try out.  That is, "Key Guessing" is not only a possibility, it is an intrinsic part of the JOSE specifications.

So the question simply boils down to: Should derived standards-to-be, inherit obvious design flaws as well? IMO, they should not.  JKU could be redefined to point to a single JWK, removing the need for "Key Guessing" altogether.  Yes, there are "workarounds" like requiring additional key identification properties...

thanx,
Anders

v2.23.0 | Report a Bug | By Email