[jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
"Richard Barnes" <rlb@ipv.sx> Thu, 02 October 2014 04:21 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9065C1A0059; Wed, 1 Oct 2014 21:21:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2fgWvhaKTFq; Wed, 1 Oct 2014 21:21:50 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2259C1A005B; Wed, 1 Oct 2014 21:21:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Richard Barnes <rlb@ipv.sx>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.3.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20141002042150.11117.29199.idtracker@ietfa.amsl.com>
Date: Wed, 01 Oct 2014 21:21:50 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/mfWrllxnjqizAfScsNcjLL8LDI8
Cc: jose-chairs@tools.ietf.org, jose@ietf.org, draft-ietf-jose-json-web-signature@tools.ietf.org
Subject: [jose] Richard Barnes' Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 04:21:52 -0000
Richard Barnes has entered the following ballot position for draft-ietf-jose-json-web-signature-33: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Overall, this document is in much more solid shape than when it began. Thanks to the WG for a lot of hard work. I only have two remaining concerns, which should hopefully be easy to address. Section 7.2. I've had several implementors trying to use JWS in the JSON serialization ask why it was necessary to include a "signatures" array in cases where there's only one signer. It seems like this is going to be a major barrier to deployment and re-use, so I would propose including the following text: """ In cases where the JWS has been signed by only a single signer, the "signatures" array will contain a single object. In such cases, the elements of the single "signatures" object MAY be included at the top level of the JWS object. A JSON-formatted JWS that contains a "signatures" field MUST NOT contain a "protected", "header", or "signature" field, and vice versa. """ This may also require some other changes where "signatures" is relied on, e.g., in Section 9 of the JWE spec. Section 6. """ These Header Parameters MUST be integrity protected if the information that they convey is to be utilized in a trust decision. """ This smells really fishy to me. What's your attack scenario? I'm pretty certain that there's no way any of these fields can be altered in such a way that (1) the signature will validate, and (2) the recipient will accept a key it shouldn't. By way of contrast, CMS doesn't sign the certificate fields, and the Certificate payload in TLS is only signed as a side effect of the protocol's verification that the remote end has been the same through the whole handshake (which doesn't apply here). ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2. In the definition of "Unsecured JWS", it would be good to note that this requires "alg" == "none". Section 3.3. Why doesn't this section have a JSON-encoded form as well? Appendix A.5. I would prefer if this example could be removed. JWT is the only use case for Unsecured JWS right now, and there's already an example in that document. Thanks for Appendix C. FWIW, it has been implemented: http://dxr.mozilla.org/mozilla-central/source/dom/crypto/CryptoBuffer.cpp#85
- [jose] Richard Barnes' Discuss on draft-ietf-jose… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Jim Schaad
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… ⌘ Matt Miller
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Richard Barnes
- Re: [jose] Richard Barnes' Discuss on draft-ietf-… Mike Jones