IETF Logo Mail Archive

Re: [jose] #23: Make crypto independent of binary encoding (base64)

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Wed, 12 June 2013 00:02 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 684C721F9AC9 for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 17:02:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVUH6AhrytSm for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 17:01:57 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id ACA9D21F9AC6 for <jose@ietf.org>; Tue, 11 Jun 2013 17:01:53 -0700 (PDT)
Received: from localhost ([127.0.0.1]:36272 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UmYVR-0003yf-ES; Wed, 12 Jun 2013 02:01:41 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Wed, 12 Jun 2013 00:01:41 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/23#comment:2
Message-ID: <064.e396e921644745f7bd339ad363a7d7f7@trac.tools.ietf.org>
References: <049.69ffc5ebf959c6eac7990651822fadf9@trac.tools.ietf.org>
X-Trac-Ticket-ID: 23
In-Reply-To: <049.69ffc5ebf959c6eac7990651822fadf9@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130612000154.ACA9D21F9AC6@ietfa.amsl.com>
Resent-Date: Tue, 11 Jun 2013 17:01:53 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #23: Make crypto independent of binary encoding (base64)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 00:02:03 -0000

#23: Make crypto independent of binary encoding (base64)


Comment (by michael.jones@microsoft.com):

 For both serializations, you already need the base64url encoded versions
 of the JWS Header and the JWS Payload to preserve them in transmission, so
 computing them isn't an extra burden.  In the JWS Compact Serialization,
 you already need the concatenation of the Encoded JWS Header, a period
 character, and the Encoded JWS Payload, so computing that concatenation
 isn't an extra burden.  Given you already have that quantity, computing
 the signature over it is the easiest thing for developers to do, and it's
 been shown to work well in practice.  There's no compelling reason to make
 this change.

 Even for the JSON Serialization, the only "extra" step that's required to
 compute the signature is the concatenation with the period character - to
 prevent shifting of data from one field to the other, as described by Jim
 Schaad in the e-mail thread.  So this step isn't actually "extra" at all -
 it's necessary.  It's also highly advantageous to use exactly the same
 computation for both serializations, which is currently the case.

 Since there is no compelling reason to make this change, and since making
 it could enable the "shifting" problem identified by Jim, it should not be
 made.

-- 
-------------------------+-------------------------------------------------
 Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
     Type:  defect       |  encryption@tools.ietf.org
 Priority:  major        |      Status:  new
Component:  json-web-    |   Milestone:
  encryption             |     Version:
 Severity:  -            |  Resolution:
 Keywords:               |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/23#comment:2>
jose <http://tools.ietf.org/jose/>

v2.23.0 | Report a Bug | By Email