IETF Logo Mail Archive

Re: [jose] JWP

Mike Prorock <mprorock@mesur.io> Wed, 27 July 2022 23:29 UTC

Return-Path: <mprorock@mesur.io>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 472A9C16ECD5 for <jose@ietfa.amsl.com>; Wed, 27 Jul 2022 16:29:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kip8E4AFShPH for <jose@ietfa.amsl.com>; Wed, 27 Jul 2022 16:29:31 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4B20C14CF1B for <jose@ietf.org>; Wed, 27 Jul 2022 16:29:31 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id v17so266789edc.1 for <jose@ietf.org>; Wed, 27 Jul 2022 16:29:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MDM1PgHpFG472sEqGhaKAWj8pIYH1R7jmxYg01svaO4=; b=QnusQygyPJ6VLfPcnd0WuhB6swVE/ntWxDfzYYrWDsLaF2QppHI5Yv17eU2rF2Z1yM q1WO24N9Kwa0jjCdRyymIKtuIXa69sqE/y4wiU93e94pUvjIz1yRsRsAbRrL8l8hARZS LNk54y27bDhGENo24RiStDrbCT9e0nEYxdk4WhmGc+9AOwR1w1FIrRb1iuuhPU/BDiYf 8QHPtFuYfpLKvGk1IBSqozq/X9o82nhFlaveAXXpyNDxhhImDcDzENrWOF2Bdtgc22Vm ExY2Hj3LUYRyGy4ERRTi0XSlxCgspQStBMDAugCIZOKBMoY5pOJSNIlpB/9KNOeB5W7Q fSMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MDM1PgHpFG472sEqGhaKAWj8pIYH1R7jmxYg01svaO4=; b=XLe/sIjiuLnmiVL3yZsOFihcbzrHzjVr+AkcMkVjr1VVwK7zbYgkLPGBZ6+5tGx1tS QmUJq1goenqCIc9z0rTZQwnRZ3CQ+YHev9zW+IUQQiVj2SI2+G7Zj+aAajg9KMKgmsFX L2VfVncecOOf3v2jHK/bW7s4I1qnn1Z4S14qNR7QPpn90J5W9SyfxTe3XLmVhMOaXyGh YHek2bOhO3/k4gfTf8eyzf0eO7VYlU3RMSoRK8gRg9bUG8TarQIUvooH49FbqEXDcFsA XdizXCZTBUpjowG/Yv8cs/2pV6Api0zjd5H8NfgCmQEVRmd8bKFct3kqXIfbk6KEoXey uaQw==
X-Gm-Message-State: AJIora8eMadHnXIlY4HclhtQoUMUQSq7o51APH2mNOau+qqymzLEz1Yi B848nk28aGNTQN8zKnZGtV8D0bFTuz7jTUWOe+LWJPbcm8cT
X-Google-Smtp-Source: AGRyM1uK52Sh1qnd0rhNsWFKjpA/8V3AHmJSE457FVIxfPwaPvA0/mFpr6wxpGpI7SEe5PcsPhURBol352gma003Ngc=
X-Received: by 2002:aa7:c052:0:b0:43b:74ab:aebd with SMTP id k18-20020aa7c052000000b0043b74abaebdmr25146062edo.164.1658964568947; Wed, 27 Jul 2022 16:29:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAGum7cEz-_XTJDJDXuMVexfN5emmG6VZ60X4XfyeKb_Zvbj2Lg@mail.gmail.com> <A8154191-F45F-4FDE-9BC5-118F4EFAF4F8@forgerock.com> <CAGum7cFFUg2qzom1Vu8wsNJapeOkWFoqe_aD4FyGcxr6nwcCgQ@mail.gmail.com>
In-Reply-To: <CAGum7cFFUg2qzom1Vu8wsNJapeOkWFoqe_aD4FyGcxr6nwcCgQ@mail.gmail.com>
From: Mike Prorock <mprorock@mesur.io>
Date: Wed, 27 Jul 2022 19:29:19 -0400
Message-ID: <CAGJKSNQVPxhhtGQyB0oksMWr+MQSdtUpcTP0gUXf0pGDUjwrxw@mail.gmail.com>
To: Tobias Looker <tplooker@gmail.com>
Cc: Neil Madden <neil.madden@forgerock.com>, jose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d3d1f505e4d1c98c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/mPAv7c7rS0AFtqSjtv-RdqKTL-E>
Subject: Re: [jose] JWP
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 23:29:35 -0000

Tobias,
A good example of this that we deal with is in the Agriculture space.  A
credential is signed and issued with complete details back to the
regulatory agency or an authorized third party.  At that point, depending
on the results and details of the inspection they may selectively disclose
portions of that inspection based on a need to know to other parties
involved in the supply chain.  What needs to be disclosed, and to whom, is
not always known at time of issuance, and this type of operation typically
occurs in areas where network connections can be quite spotty, making
additional data overhead undesirable.

This is a simple case, but quite normal, and the proposed approach with
BBS+ very neatly meats the requirements that we have from a technical side,
while also meeting our customers' needs.  Cases similar to this, but more
complex as a result of having hardware in the mix, also arise with
telemetry data related to pesticide and herbicide applications, etc.

Mike Prorock
mesur.io

On Wed, Jul 27, 2022, 19:09 Tobias Looker <tplooker@gmail.com> wrote:

> > If you’re going to do this, why not just ask the issuer to give you
> multiple tokens in the first place, each containing some subset of claims
> you want to disclose? In the limit you could issue a separate JWT for each
> claim. Is there a fundamental reason this doesn’t work?
>
> If I understand you correctly, the biggest limitation with that approach
> is that it requires the holder/prover to be online and able to contact the
> issuer in realtime to get what it requires for presentation. That might be
> an acceptable constraint for some use-cases but not all.
>
> Issuing each claim as a JWT as an approach to selective disclosure makes
> the representation of every claim pretty large too (e.g claim name +
> value + a base64 header + base64 signature). You'd probably want to wrap
> all of these in another JWT also to establish their relationship to one
> another which further bloats the overall credentials representation.
>
> Thanks,
> Tobias
>
> On Wed, Jul 27, 2022 at 5:16 PM Neil Madden <neil.madden@forgerock.com>
> wrote:
>
>>
>> On 27 Jul 2022, at 17:20, Tobias Looker <tplooker@gmail.com> wrote:
>> [..]
>>
>> SD-JWT is designed for a single specific cryptographic approach to
>> realize selective disclosure, its a simple and effective scheme. However,
>> the notable limitation to this approach is that you cannot use it to
>> achieve un-linkability (if your usecase requires this) you instead need a
>> fundamentally different approach from a cryptographic perspective. For
>> instance a scheme such as BBS signatures does not hash each claim value
>> with a unique salt as is the case with SD-JWT, instead it requires no
>> per-claim salt at all. This means the `_sd` style structure that SD-JWT
>> uses inside the JWT payload
>> does not fit.
>>
>> JWP accounts for this in its design by encoding each claim value that is
>> to be selectively disclose-able separately so it can then be appropriately
>> handled at the cryptographic layer by different algorithms.
>>
>>
>> If you’re going to do this, why not just ask the issuer to give you
>> multiple tokens in the first place, each containing some subset of claims
>> you want to disclose? In the limit you could issue a separate JWT for each
>> claim. Is there a fundamental reason this doesn’t work?
>>
>> — Neil
>>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email