Re: [jose] #24: Move JWS headers into signature block
Richard Barnes <rlb@ipv.sx> Wed, 03 July 2013 22:35 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCF111E80F9 for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 15:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0cRnSDywL3s for <jose@ietfa.amsl.com>; Wed, 3 Jul 2013 15:35:08 -0700 (PDT)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [209.85.214.169]) by ietfa.amsl.com (Postfix) with ESMTP id 7BF4321F9977 for <jose@ietf.org>; Wed, 3 Jul 2013 15:35:08 -0700 (PDT)
Received: by mail-ob0-f169.google.com with SMTP id up14so835698obb.14 for <jose@ietf.org>; Wed, 03 Jul 2013 15:35:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=oaIlZigqjhnnLjTR641jIZ8+w8UxMVZSPGpDgXuEHRQ=; b=a+LXlr6owOb1v+INelmRKMlhYS+cdhVSTruQiY3ln7vuCtjrHCthYkJZElDkrZi4J3 VApui6wCl07W32WIa6xzag4CADNhXguCJvh/+GljFtGpQxBDBIwlH0fYKqa2BJx0VGsA 9PZOgWqCPT6hRbEttxtciQUePkVen/D63OO8evLR+/918t9HJUjZt9y2L8n1BtowXR4d 6ThIwfb5VqD5BK4dr1B5/045rKvC1fKlh3NFLXheHL8GHdrVqCYw9Hs1qWV32wQ8ahD2 qHKWLAwZxANHrpTQtphXQzKukFDSLgVN7ehjY3YVuIV6dpImTjRyM4+0R4FFRvwhh5A2 kaWA==
MIME-Version: 1.0
X-Received: by 10.182.27.74 with SMTP id r10mr3095230obg.63.1372890907993; Wed, 03 Jul 2013 15:35:07 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Wed, 3 Jul 2013 15:35:07 -0700 (PDT)
X-Originating-IP: [192.1.51.93]
In-Reply-To: <CAG8k2+6exY=SOPaQEo1ceXe+8z=Tqf-wHuym_Tjp_Gr=3fL=Zg@mail.gmail.com>
References: <4E1F6AAD24975D4BA5B1680429673943678D9442@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAG8k2+6exY=SOPaQEo1ceXe+8z=Tqf-wHuym_Tjp_Gr=3fL=Zg@mail.gmail.com>
Date: Wed, 03 Jul 2013 18:35:07 -0400
Message-ID: <CAL02cgQNVQFT2pL5aYX4mX7xGYiasmfiihuXZhO23=sNwt+wcA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Daniel Holth <dholth@gmail.com>
Content-Type: multipart/alternative; boundary="089e01184b2ee2fa5e04e0a312a9"
X-Gm-Message-State: ALoCoQm52RvAdXVLQtHoRssNKDb+ej5bDorPVY/blSGfNkr8HdSJ7T9ifAgszUrDhuCRlwZtDQFM
Cc: Jim Schaad <ietf@augustcellars.com>, Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, n-sakimura <n-sakimura@nri.co.jp>, "draft-ietf-jose-json-web-signature@tools.ietf.org" <draft-ietf-jose-json-web-signature@tools.ietf.org>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [jose] #24: Move JWS headers into signature block
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 22:35:13 -0000
This issue is not about header protection. It's about whether headers
(protected or not) are global or specific to each signer.
The argument is that each signature is computed independently, so each
signer should be able to specify headers independently. In the worst case,
if all signers decide to use the same headers, they get replicated.
Having headers be signer-specific also has a simplicity benefit. Namely,
multi-signer JWS verification just turns into repeated single-signer
verification. For example, consider the following JWS-JSON in the proposed
structure:
{
"payload": "...",
"signatures": [{
"unprotected": { ... },
"protected": "...",
"signature": "..."
}, ...]
}
In this structure, the verification algorithm is simple:
1. For each element in the "signatures" array, copy the "payload" value
into the element and verify the element as a normal JWS.
2. Combine the results of the individual signature verifications in an
application-defined manner.
If you have global headers, then you need some complex algorithm for
merging the global and signer-specific headers.
--Richard
On Wed, Jul 3, 2013 at 6:19 PM, Daniel Holth <dholth@gmail.com> wrote:
> +1 on per signature protection. Where else would, say, the timestamp of
> the individual signature itself go? Imo the shared unprotected header is
> confusing.
> On Jul 3, 2013 5:47 PM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:
>
>> [Changing subject line to the correct thread]****
>>
>> ** **
>>
>> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
>> Of *Mike Jones
>> *Sent:* Wednesday, July 03, 2013 2:40 PM
>> *To:* John Bradley; Richard Barnes
>> *Cc:* Jim Schaad; n-sakimura;
>> draft-ietf-jose-json-web-signature@tools.ietf.org; jose@ietf.org; Dick
>> Hardt
>> *Subject:* Re: [jose] #26: Allow for signature payload to not be base64
>> encoded****
>>
>> ** **
>>
>> John, since you’re raising the topic of integrity protecting JWS header
>> values, I’d be interested in your reactions to my note encoded below.****
>>
>> ** **
>>
>> Cheers,**
>> **
>>
>> -- Mike**
>> **
>>
>> ** **
>>
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org<jose-bounces@ietf.org>]
>> On Behalf Of Mike Jones
>> Sent: Saturday, June 29, 2013 3:43 AM
>> To: jose@ietf.org
>> Subject: Re: [jose] #24: Move JWS headers into signature block****
>>
>> ** **
>>
>> Perhaps I'm in an odd frame of mind tonight, because I wouldn't normally
>> even consider re-raising a closed issue, but Ben Laurie's advice "why not
>> just protect everything" kept running my mind and I realized that the
>> current JWS JSON Serialization doesn't allow us to do that in the general
>> case. Specifically, we don't allow a per-signature "protected" headers
>> field, which would be necessary to protect the cryptographic parameters if
>> different signatures use different algorithms.****
>>
>> ** **
>>
>> So I'd at least like others' thoughts on whether we want to "fill in the
>> matrix" for the JWS JSON Serialization and allow header parameters to be
>> specified both in protected and unprotected forms, both on a shared and
>> per-signature basis. We currently support 3 of these 4 header parameter
>> locations.****
>>
>> ** **
>>
>> Note that we would not do this for JWE, since (as extensively discussed)
>> per-recipient protected content is problematic.****
>>
>> ** **
>>
>> For the signature input, if both shared and per-signature protected
>> headers were present, we'd need to concatenate the two base64url encoded
>> representations together with a separator character between (I'm thinking
>> comma (',') because it is distinct from period ('.'), which is also used as
>> a separator in the signature input).****
>>
>> ** **
>>
>> I'm fine with this issue remaining closed, but I wanted to at least run
>> this possibility by the working group for their input, since it hadn't been
>> discussed previously.****
>>
>> ** **
>>
>> Cheers,**
>> **
>>
>> -- Mike**
>> **
>>
>> ** **
>>
>> *From:* John Bradley [mailto:ve7jtb@ve7jtb.com <ve7jtb@ve7jtb.com>]
>> *Sent:* Wednesday, July 03, 2013 2:25 PM
>> *To:* Richard Barnes
>> *Cc:* Dick Hardt; Jim Schaad; n-sakimura; Mike Jones; jose@ietf.org;
>> draft-ietf-jose-json-web-signature@tools.ietf.org
>> *Subject:* Re: [jose] #26: Allow for signature payload to not be base64
>> encoded****
>>
>> ** **
>>
>> …****
>>
>> ** **
>>
>> Just for the record I am one of the people on the side of integrity
>> protecting headers unless there is a strong reason not to as is the case
>> with multiple recipients and counter mode encryption.****
>>
>> ** **
>>
>> John B.****
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>>
- [jose] #24: Move JWS headers into signature block jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… jose issue tracker
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Daniel Holth
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Richard Barnes
- Re: [jose] #24: Move JWS headers into signature b… Mike Jones
- Re: [jose] #24: Move JWS headers into signature b… Brian Campbell