IETF Logo Mail Archive

Re: [jose] DISCUSS: Nonce/Timestamp parameter

John Bradley <ve7jtb@ve7jtb.com> Tue, 28 August 2012 14:47 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EEFD21F84BF for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 07:47:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.492
X-Spam-Level:
X-Spam-Status: No, score=-3.492 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Up+zu7XdXalX for <jose@ietfa.amsl.com>; Tue, 28 Aug 2012 07:47:29 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6689E21F84B3 for <jose@ietf.org>; Tue, 28 Aug 2012 07:47:29 -0700 (PDT)
Received: by qcac10 with SMTP id c10so3995653qca.31 for <jose@ietf.org>; Tue, 28 Aug 2012 07:47:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=E5Wf/Z27amOqSpnQRNvg8M7fMMW2NMvkUkylz/A9AQY=; b=KP/klX4mPGPTa6UViPdMzJOnqvvXik8LByjlGK3YhPZp6SYALQlW1VSjn73jehZpXM nTc8BHagGB//pnZVxdQ/6BwhrwsDOd1EtQrJsOHdEokVh9EhfeFGDJeWikfhYPeRhNmL hvC4qo/GgEeh6B7x/dKOmo3MP1QdMo6r9dn/ntG9mo2gX24EbLwcwvZvTZonFjkhgXMg c1GkwKpoupVBuLq1wNUxFwtEWKvTUWMJJ6X+TJI4VbTsLl/L+6xfV29d8GGAzshk6YFj k00mUM1oYjdDlcgu9JUQ8KfmoSzSz6NyYBBQ8WqvKY1RPPvs/5YRMoVhJf1FsdpVm1dr jEzQ==
Received: by 10.224.116.210 with SMTP id n18mr22187926qaq.46.1346165244395; Tue, 28 Aug 2012 07:47:24 -0700 (PDT)
Received: from [192.168.1.211] (190-20-54-75.baf.movistar.cl. [190.20.54.75]) by mx.google.com with ESMTPS id gx4sm8725433qab.3.2012.08.28.07.46.28 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 28 Aug 2012 07:47:21 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_839AED85-2B44-4F3E-805C-E12482C609BC"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <B26C1EF377CB694EAB6BDDC8E624B6E75EA38E51@BL2PRD0310MB362.namprd03.prod.outlook.com>
Date: Tue, 28 Aug 2012 10:46:11 -0400
Message-Id: <2EF4D842-C6A3-418F-82B2-DEBB92F4565B@ve7jtb.com>
References: <CE8995AB5D178F44A2154F5C9A97CAF402517E00B8B5@HE111541.emea1.cds.t-internal.com> <CE8995AB5D178F44A2154F5C9A97CAF402517E00C0E7@HE111541.emea1.cds.t-internal.com> <8777DAED-4ADA-4691-B5CD-0E5CF308BC1C@gmail.com> <CALT9B_Tnz+9=a-NPuUTeSb31fFMi1cJMB-SeM7QJmSh=XrhHTA@mail.gmail.com> <B26C1EF377CB694EAB6BDDC8E624B6E75EA38E51@BL2PRD0310MB362.namprd03.prod.outlook.com>
To: Anthony Nadalin <tonynad@microsoft.com>
X-Mailer: Apple Mail (2.1486)
X-Gm-Message-State: ALoCoQkBIigj8h4nWwFM7KQrviNisc0hDsrA+eqA8BtM1wiPoicvKo741qivxLRr7UzMECPABT8F
Cc: Brian Eaton <beaton@google.com>, "ietf@augustcellars.com" <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>, "Axel.Nennker@telekom.de" <Axel.Nennker@telekom.de>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 14:47:30 -0000

There are attacks that we have seen in the past that are possible if the attacker can predict the header and control what is signed in the body.

Perhaps nonce is not the best name for it.   People seem to have kept to the conclusion that it is used to maintain session state between parties.

I raised it as a standard place to add per message entropy, as JOSE doesn't control the content of the body.
I was not saying that it is required, it is not in cases where the signer is producing the body without external input.

It is intended as a optional claim who's value may not be processed by the receiver at all. 

Some applications might code something into the nonce, or use it to prevent replay, that was however not my primary intent.

John B.

On 2012-08-27, at 5:02 PM, Anthony Nadalin <tonynad@microsoft.com> wrote:

> Depends on what the nonce is used for as if this is for key entropy then I would say there is very little overhead and storage issues and in this case I would expect the header to contain the nonce, if it’s for state of some sort then I would expect it at the application level and  not as a header and more of a JWT claim.
>  
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Brian Eaton
> Sent: Monday, August 27, 2012 1:06 PM
> To: Dick Hardt
> Cc: ietf@augustcellars.com; jose@ietf.org; Axel.Nennker@telekom.de
> Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter
>  
> On Mon, Aug 27, 2012 at 12:11 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
> I have an application for JWT that is not OAuth2.
>  
> Should nonce and timestamp logic go in the application level protocol?
>  
> Having said that, nonce's are difficult to implement at scale and I have heard of many sites that don't implement them fully.
>  
> Nonce alone can't be implemented efficiently.  You have to have time stamps as well, otherwise you are stuck storing ever nonce you've ever seen, forever.
>  
> Even nonce + time stamp is challenging in distributed systems.  It adds a lot of complexity.  That complexity is sometimes merited, but not always.
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.43.4 | Report a Bug | By Email | System Status