Re: [jose] Chained Signatures. Re: Question regarding RFC 7515

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 12 October 2019 15:21 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F6361200D8 for <jose@ietfa.amsl.com>; Sat, 12 Oct 2019 08:21:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YjZPLfR_Jmc for <jose@ietfa.amsl.com>; Sat, 12 Oct 2019 08:21:09 -0700 (PDT)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2926120019 for <jose@ietf.org>; Sat, 12 Oct 2019 08:21:08 -0700 (PDT)
Received: by mail-wm1-x32b.google.com with SMTP id b24so12762460wmj.5 for <jose@ietf.org>; Sat, 12 Oct 2019 08:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=F280cCLHOUFis4ywtWbgqw18WlD6DVNUIUYq64h88os=; b=sEivhlKTAscJFtqphSAZRvR/eQqiK38kaA4vfNZU8Km5ORKCnt+lCsDOxNWnI1nCLi 3sOSDeC54ukwPDy/8z1yRD/3x3uQJNXelSotA0VgW76HuwePbfjsYeS4mWGcBvnzOPOH CK8ud7FKPWa8fxsry2uM9CB7zBFSGPnLpJTYl/UVHutM1POL7YQvNm8l9/VpTDBkSpJL jWoSYm5vLpRmBFBNs2EUETaBiLd07Ee89O80+K/11+uMO7gyNwA3ofjoKXdv4VZWOt5H B8VdBWvE9CxtkQAzup8J9blBuwHKjX0kdPm3hy9XiRVCIWtLur2FB+K8FMcfUKImhDef P1TA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=F280cCLHOUFis4ywtWbgqw18WlD6DVNUIUYq64h88os=; b=COA0sVwmI6CExe21+TOpqlc+9CdSXUEmmej/aciBvGRjXsbpvcHUIqPvBTF13iBRQf 9ozgoaHm3t0L7fv3u+3cVfXZl1L7sFLQCBQdvaQ6O0+IHqIrd6e2Po/0ZHKKPy5Y22Se zzeFI49Sfi+xh6P9osXXEbrTE07fU0YnGPvqlK5KqgHLZdyhbTMi3NBIx+MjBHk1Xkyc +wEuGt1W0A8DXBM1OK8c1zs+2UDn36UuOC5mZA5JmlVuUoQfFsC4aRwSLFDAt3rZ7YRf vyO8Qdfz6GYLJl7ow9NMi+0CE387w3ZxpNq1y5C9Lxrk/3Nmm2Bdh6g0p1lMveqajuBL VQeA==
X-Gm-Message-State: APjAAAVRJ5f7TCVFHdKQfOEOM1Bc21jnKKePeP5U6BvEnRZCXnTVwZiN 2iJfJlLvbSXGRa6Furvfo9DHSBQct+Q=
X-Google-Smtp-Source: APXvYqwCQkbq9X8PLkr4X6585qJoeASxEM6j5L19jPWpAFa4lkq1Fl+1bMWB1zNv7ierfg95eAcWUQ==
X-Received: by 2002:a7b:c94f:: with SMTP id i15mr7351367wml.8.1570893666697; Sat, 12 Oct 2019 08:21:06 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id r27sm34125906wrc.55.2019.10.12.08.21.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 12 Oct 2019 08:21:05 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: George Aristy <George.Aristy@securekey.com>, "jose@ietf.org" <jose@ietf.org>
References: <8ecb19bc-2524-9f2a-5c9a-6a6a41896859@securekey.com> <241f5280-0ec8-4e92-fe9b-eb12f85cb977@gmail.com>
Message-ID: <cf881029-37f4-9fb2-0304-2fe6882c2ea3@gmail.com>
Date: Sat, 12 Oct 2019 17:21:03 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <241f5280-0ec8-4e92-fe9b-eb12f85cb977@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/f38zySE7s6bRGWNAmSRffzHBVgQ>
Subject: Re: [jose] Chained Signatures. Re: Question regarding RFC 7515
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2019 15:21:12 -0000

Done :)

You may verify the following sample using an on-line "lab": https://mobilepki.org/jsf/home

{
   "now": "2019-02-10T11:23:06Z",
   "name": "Joe",
   "id": 2200063,
   "signature": {
     "chain": [{
       "algorithm": "ES256",
       "publicKey": {
         "kty": "EC",
         "crv": "P-256",
         "x": "censDzcMEkgiePz6DXB7cDuwFemshAFR90UNVQFCg8Q",
         "y": "xq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeY"
       },
       "value": "z3YILoyx1GURBuQaF6Oo9XBIOEXfzeulkq_8kDyXGo3raAmGMLiRTsyqwgLFHNMuih41GIdmYfJ4zs7pvtF6uA"
     },{
       "algorithm": "RS256",
       "publicKey": {
         "kty": "RSA",
         "n": "hFWEXArvaZEpSP5qNX7x4C4Hl28GJQTNvnDwkfqiWs63kXbdyPeS06bz6GnY3tfQ_093nGauWsimqKBmGAGMPtsV83Qxw1OIeO4ujbIIb9pema0qtVqs0MWlHxklZGFkYfAmbuEUFxYDeLDHe0bkkXbSlB7_t8pCSvc8HLgHjEQjYOlFRwjR0D-uLo-xgsCbpmCtYkB5lcT_zFgpRgY4zJNLSv7GZiz2S4Fc5ArGjd34lL47-L8bozuYjqNOv9sqX0Zgll5XaJ1ndvr7UqZu1xQFgm38reoM3IarBP_SkEFbt_v9iak602VO3k28fQhMaocP7JWR2YLT3kZM0-WTFw",
         "e": "AQAB"
       },
       "value": "G0ZEFIhcsVPG5r7-XMNjruXXvN7V63H9dnAVzcrsbwWk9Z8x9fIjT0UEazsWzpMvgKRsDayuMk6WIl7nOYiDrTOM6C_BI0U7jDxrK7dunIGQ-z5RN6pvF4Q27mOHx7yjVVsPBN5VTl4JVT6HQnfpzPe1uZiFRG2hw5BYZa-vvkBcZb6bWOClTsn2i7zLQbVA-5vTGa7zJtOmuLwBEf_GFf_o3pN0Bjx94S87KwoaWfLAaBPMgFZIDoNGgW5hmBJj1-YKp4l9WgsX2I7M8rvg5ptEupV9HDRiH3kivybUHDibOoun1-D1bkKRgA447ug1gxrvpI3dSLKb-QQd4j7b7A"
     }]
   }
}

On 2019-10-12 05:34, Anders Rundgren wrote:
> On 2019-10-11 19:41, George Aristy wrote:
>> Hi
>>
>> Are there any plans to support signature chains?
> 
> Hi George,
> 
> The JOSE WG is concluded and no successor has to my knowledge been proposed.
> JSF (JSON Signature Format) is a live specification (https://cyberphone.github.io/doc/security/jsf.html) which currently only supports multiple signatures like below.  It would though be a small thing adding "chained" to the spec where it would syntactically be at the same place as "signers".
> 
> {
>     "now": "2019-02-10T11:23:06Z",
>     "name": "Joe",
>     "id": 2200063,
>     "signature": {
>       "signers": [{
>         "algorithm": "ES256",
>         "publicKey": {
>           "kty": "EC",
>           "crv": "P-256",
>           "x": "censDzcMEkgiePz6DXB7cDuwFemshAFR90UNVQFCg8Q",
>           "y": "xq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeY"
>         },
>         "value": "yI_ucBjb2uOGK07B5y5swXmTRO8jqrCAktE4mQlxLhc05hAksE-MuSEgnO14InByLcxWwe2xp6qXDQZlOHjFAg"
>       },{
>         "algorithm": "RS256",
>         "publicKey": {
>           "kty": "RSA",
>           "n": "hFWEXArvaZEpSP5qNX7x4C4Hl28GJQTNvnDwkfqiWs63kXbdyPeS06bz6GnY3tfQ_093nGauWsimqKBmGAGMPtsV83Qxw1OIeO4ujbIIb9pema0qtVqs0MWlHxklZGFkYfAmbuEUFxYDeLDHe0bkkXbSlB7_t8pCSvc8HLgHjEQjYOlFRwjR0D-uLo-xgsCbpmCtYkB5lcT_zFgpRgY4zJNLSv7GZiz2S4Fc5ArGjd34lL47-L8bozuYjqNOv9sqX0Zgll5XaJ1ndvr7UqZu1xQFgm38reoM3IarBP_SkEFbt_v9iak602VO3k28fQhMaocP7JWR2YLT3kZM0-WTFw",
>           "e": "AQAB"
>         },
>         "value": "aF3qTpIFGcJxB5En-JFQZWGqX-vOoGrs27SKBz_mNjmJRDdAeE-0NnmF16elUh2YmFWFfZd_SLnbrlkKE2adlOqxqWiQYcB1smKSOQ3dTwAYLcD4ebuBgDBKRs9ZO_GPBeSpwH5FGpUQbSPGh7BWD69OPF6Ik5vHPikfls-fr1qgrxpYARY1vUhXvl-QFtBvnd3Xn_n63kFQl4GZDeP6TZyuoaulTKsFBvhHu0OfqknoOzEUYJYMhS9r5rDz_AVbnx_F1Key-gQnm6UmuVothu_ApYy_NW4HEVKZfxhU_nYzuGYQD9VUI9WYmstBcLyS3uNPHDECoEy0hQ4UpZPMBg"
>       }]
>     }
> }
> 
> JSF is not on "standards track" but may emerge as an independent RFC.  In case you are programming in Java, code is readily available.
> 
> Regards,
> Anders
> 
>>
>> -- 
>> *George Aristy* | Software Engineer, Exchange Team | *SecureKey Technologies*
>> 4101 Yonge Street, Suite 501 | Toronto, ON M2P 1N6 | Phone: +1.905.251.6502
>> <https://verified.me/>
>>
>> <https://itunes.apple.com/ca/app/verified-me/id1090441769?ls=1&mt=8> <https://play.google.com/store/apps/details?id=com.securekey.verifiedme>
>>
>> This email and any attachments are for the sole use of the intended recipients and may be privileged, confidential or otherwise exempt from disclosure under law. Any distribution, printing or other use by anyone other than the intended recipient is prohibited. If you are not an intended recipient, please contact the sender immediately, and permanently delete this email and its attachments.
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>