Re: [jose] #23: Make crypto independent of binary encoding (base64)
George Fletcher <gffletch@aol.com> Thu, 13 June 2013 14:25 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1279A21F9992 for <jose@ietfa.amsl.com>; Thu, 13 Jun 2013 07:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RuRe9XmZzAI for <jose@ietfa.amsl.com>; Thu, 13 Jun 2013 07:25:04 -0700 (PDT)
Received: from omr-d03.mx.aol.com (omr-d03.mx.aol.com [205.188.109.200]) by ietfa.amsl.com (Postfix) with ESMTP id 5D99E21F93FB for <jose@ietf.org>; Thu, 13 Jun 2013 07:24:59 -0700 (PDT)
Received: from mtaout-mb01.r1000.mx.aol.com (mtaout-mb01.r1000.mx.aol.com [172.29.41.65]) by omr-d03.mx.aol.com (Outbound Mail Relay) with ESMTP id 8CBBE7006569E; Thu, 13 Jun 2013 10:24:55 -0400 (EDT)
Received: from palantir.local (unknown [10.181.176.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id D77A2E00008D; Thu, 13 Jun 2013 10:24:54 -0400 (EDT)
Message-ID: <51B9D637.4060509@aol.com>
Date: Thu, 13 Jun 2013 10:24:55 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <049.69ffc5ebf959c6eac7990651822fadf9@trac.tools.ietf.org> <064.e396e921644745f7bd339ad363a7d7f7@trac.tools.ietf.org> <BF7E36B9C495A6468E8EC573603ED94115283F43@xmb-aln-x11.cisco.com> <CAL02cgSpYtAVVNe7AOiNhnBUqP-=CWaXw7NH2XwUu6eXgfZJ+w@mail.gmail.com> <CAL02cgQ+K=dWnhSa7A4w85psuxOuuf9m09uyChcOZPe17BCizQ@mail.gmail.com> <CAL02cgTDLfrVBYavY1RupxftZ_-Qr2s2vk9qyk7qpBFx4yDn3w@mail.gmail.com> <4E1F6AAD24975D4BA5B168042967394367849799@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367849799@TK5EX14MBXC283.redmond.corp.microsoft.com>
Content-Type: multipart/alternative; boundary="------------050405060704030000080403"
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5400.1158/91399
X-AOL-VSS-CODE: clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20121107; t=1371133495; bh=Gux5JQIM9/U1fG8F63uJZ8RgGRVzwgv8cKePvtxUZV0=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=U5r4uU1UBz2UxL20GkZ6p7UFwNZiGLMno1A6bcYks/BUp6qLRfgwOkZkrzZaI3jdO r+ikGbwzlRSsOLdDnJdCzmVMPe6t/JQR5bRGUrj4/t1yHY94lLCES/tBS59+ceQlhu bvgEq2qlq/sUQZTA9lXYR4TnSFE/hYtBqNZO5Qvo=
X-AOL-SCOLL-SCORE: 1:2:518173280:93952408
X-AOL-SCOLL-URL_COUNT: 1
x-aol-sid: 3039ac1d294151b9d6367b37
X-AOL-IP: 10.181.176.48
Cc: Richard Barnes <rlb@ipv.sx>, "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "<jose@ietf.org>" <jose@ietf.org>
Subject: Re: [jose] #23: Make crypto independent of binary encoding (base64)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 14:25:22 -0000
+1 Breaking deployed code as raised by Brian, Naveen and others is a critical consideration. Thanks, George On 6/13/13 10:19 AM, Mike Jones wrote: > > Jim and Karen, could you please do as Richard suggests and close this > issue as “won’t fix”. > > Thank you, > > -- Mike > > *From:*Richard Barnes [mailto:rlb@ipv.sx] > *Sent:* Wednesday, June 12, 2013 1:57 PM > *To:* jose-chairs@tools.ietf.org; Mike Jones > *Subject:* Fwd: [jose] #23: Make crypto independent of binary encoding > (base64) > > In other words: Chairs, feel free to close/wontfix :) > > ---------- Forwarded message ---------- > From: *Richard Barnes* <rlb@ipv.sx <mailto:rlb@ipv.sx>> > Date: Wed, Jun 12, 2013 at 4:55 PM > Subject: Re: [jose] #23: Make crypto independent of binary encoding > (base64) > To: "Matt Miller (mamille2)" <mamille2@cisco.com > <mailto:mamille2@cisco.com>> > Cc: jose issue tracker <trac+jose@trac.tools.ietf.org > <mailto:trac%2Bjose@trac.tools.ietf.org>>, > "<draft-ietf-jose-json-web-encryption@tools.ietf.org > <mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>>" > <draft-ietf-jose-json-web-encryption@tools.ietf.org > <mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org>>, > "<michael.jones@microsoft.com <mailto:michael.jones@microsoft.com>>" > <michael.jones@microsoft.com <mailto:michael.jones@microsoft.com>>, > "<jose@ietf.org <mailto:jose@ietf.org>>" <jose@ietf.org > <mailto:jose@ietf.org>> > > To be clear, I structured my message in two parts for a reason, to > separate the analysis from the opinion. I acknowledge that I am but > one voice here, and I'm increasingly hearing how alone I am :) > > On Wed, Jun 12, 2013 at 4:23 PM, Richard Barnes <rlb@ipv.sx > <mailto:rlb@ipv.sx>> wrote: > > <impartial-analysis> > > So just to be clear on the trade-off the WG has to make: > > On the one hand: Breaking every existing JWT implementation in the > world > > On the other hand: Eternally binding ourselves to base64 encoding, > even if binary-safe encodings become available (CBOR, MsgPack, etc.) > > </impartial-analysis > > > <personal-opinion> > > I have some sympathy with JWT implementors. It sucks to have to > refactor code. But I think we're literally talking about > something like a 5-line patch. And early JWT implementors knew or > should have known (to use a DC phrase) that they were dealing with > a draft spec. As the W3C editor's draft template says, in big > bold red print, "Implementors who are not taking part in the > discussions are likely to find the specification changing out from > under them in incompatible ways." > > As PHB pointed out in the other thread, it would be nice to use > JWS and JWE in place of CMS one day, without the base64 hit. We > should incur the implementation pain now, and get the design right > for the long run. Base64 is a hack around JSON; we should build > the system so that when we no longer need that hack, it can go away. > > </personal-opinion> > > --Richard > > On Wed, Jun 12, 2013 at 10:27 AM, Matt Miller (mamille2) > <mamille2@cisco.com <mailto:mamille2@cisco.com>> wrote: > > I did at first find it curious why the cryptographic operations > were over the base64url-enccoded values, but I was also very > focused on JWE, where I think the field separation problem is less > of an issue (at least now). For JWS, this would certainly cause > problems without some manner of unambiguous field parameterization. > > I will note that unescaped NULL is not valid in JSON, so it could > be used as a separator between the encoded header and the payload. > I do find it interesting if JOSE could more easily and > efficiently support other encodings. However, I think that while > this is an interesting thought experiment, it seems we're too far > down the path to seriously consider it unless the current state > were shown to be horribly broken. > > > - m&m > > Matt Miller < mamille2@cisco.com <mailto:mamille2@cisco.com> > > Cisco Systems, Inc. > > > On Jun 11, 2013, at 6:01 PM, jose issue tracker > <trac+jose@trac.tools.ietf.org > <mailto:trac%2Bjose@trac.tools.ietf.org>> wrote: > > > #23: Make crypto independent of binary encoding (base64) > > > > > > Comment (by michael.jones@microsoft.com > <mailto:michael.jones@microsoft.com>): > > > > For both serializations, you already need the base64url encoded > versions > > of the JWS Header and the JWS Payload to preserve them in > transmission, so > > computing them isn't an extra burden. In the JWS Compact > Serialization, > > you already need the concatenation of the Encoded JWS Header, a > period > > character, and the Encoded JWS Payload, so computing that > concatenation > > isn't an extra burden. Given you already have that quantity, > computing > > the signature over it is the easiest thing for developers to do, > and it's > > been shown to work well in practice. There's no compelling > reason to make > > this change. > > > > Even for the JSON Serialization, the only "extra" step that's > required to > > compute the signature is the concatenation with the period > character - to > > prevent shifting of data from one field to the other, as > described by Jim > > Schaad in the e-mail thread. So this step isn't actually > "extra" at all - > > it's necessary. It's also highly advantageous to use exactly > the same > > computation for both serializations, which is currently the case. > > > > Since there is no compelling reason to make this change, and > since making > > it could enable the "shifting" problem identified by Jim, it > should not be > > made. > > > > -- > > > -------------------------+------------------------------------------------- > > Reporter: rlb@ipv.sx <mailto:rlb@ipv.sx> | Owner: > draft-ietf-jose-json-web- > > Type: defect | encryption@tools.ietf.org > <mailto:encryption@tools.ietf.org> > > Priority: major | Status: new > > Component: json-web- | Milestone: > > encryption | Version: > > Severity: - | Resolution: > > Keywords: | > > > -------------------------+------------------------------------------------- > > > > Ticket URL: > <http://trac.tools.ietf.org/wg/jose/trac/ticket/23#comment:2> > > jose <http://tools.ietf.org/jose/> > > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org <mailto:jose@ietf.org> > > https://www.ietf.org/mailman/listinfo/jose > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose -- George Fletcher <http://connect.me/gffletch>
- [jose] #23: Make crypto independent of binary enc… jose issue tracker
- Re: [jose] #23: Make crypto independent of binary… jose issue tracker
- Re: [jose] #23: Make crypto independent of binary… jose issue tracker
- Re: [jose] #23: Make crypto independent of binary… Dick Hardt
- Re: [jose] #23: Make crypto independent of binary… Tim Bray
- Re: [jose] #23: Make crypto independent of binary… John Bradley
- Re: [jose] #23: Make crypto independent of binary… Roland Hedberg
- Re: [jose] #23: Make crypto independent of binary… Justin Richer
- Re: [jose] #23: Make crypto independent of binary… Matt Miller (mamille2)
- Re: [jose] #23: Make crypto independent of binary… Richard Barnes
- Re: [jose] #23: Make crypto independent of binary… Breno de Medeiros
- Re: [jose] #23: Make crypto independent of binary… Mike Jones
- Re: [jose] #23: Make crypto independent of binary… Tim Bray
- Re: [jose] #23: Make crypto independent of binary… Dick Hardt
- Re: [jose] #23: Make crypto independent of binary… Richard Barnes
- Re: [jose] #23: Make crypto independent of binary… Dick Hardt
- Re: [jose] #23: Make crypto independent of binary… John Bradley
- Re: [jose] #23: Make crypto independent of binary… Naveen Agarwal
- Re: [jose] #23: Make crypto independent of binary… Phillip Hallam-Baker
- Re: [jose] #23: Make crypto independent of binary… Ludwig Seitz
- Re: [jose] #23: Make crypto independent of binary… John Bradley
- Re: [jose] #23: Make crypto independent of binary… Brian Campbell
- Re: [jose] #23: Make crypto independent of binary… Mike Jones
- Re: [jose] #23: Make crypto independent of binary… George Fletcher
- Re: [jose] #23: Make crypto independent of binary… jose issue tracker