Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Tue, 07 October 2014 06:12 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 688131A912C; Mon, 6 Oct 2014 23:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWXTeG_8XxrY; Mon, 6 Oct 2014 23:11:59 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0143.outbound.protection.outlook.com [207.46.100.143]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C9151A912A; Mon, 6 Oct 2014 23:11:59 -0700 (PDT)
Received: from BN3PR0301CA0069.namprd03.prod.outlook.com (25.160.152.165) by CY1PR0301MB1211.namprd03.prod.outlook.com (25.161.212.145) with Microsoft SMTP Server (TLS) id 15.0.1044.10; Tue, 7 Oct 2014 06:11:57 +0000
Received: from BY2FFO11FD025.protection.gbl (2a01:111:f400:7c0c::173) by BN3PR0301CA0069.outlook.office365.com (2a01:111:e400:401e::37) with Microsoft SMTP Server (TLS) id 15.0.1044.10 via Frontend Transport; Tue, 7 Oct 2014 06:11:57 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD025.mail.protection.outlook.com (10.1.15.214) with Microsoft SMTP Server (TLS) id 15.0.1039.16 via Frontend Transport; Tue, 7 Oct 2014 06:11:56 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.93]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0210.003; Tue, 7 Oct 2014 06:11:21 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Pete Resnick' <presnick@qti.qualcomm.com>, 'The IESG' <iesg@ietf.org>
Thread-Topic: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
Thread-Index: AQHP3fdK8YG+SRr1nECfcW20xykmgJwgtxPQgAJQ0QCAARwqgA==
Date: Tue, 07 Oct 2014 06:11:20 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439BAF370A@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <20141002041344.8073.81288.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAEBD05@TK5EX14MBXC286.redmond.corp.microsoft.com> <008a01cfe161$f0ec5090$d2c4f1b0$@augustcellars.com>
In-Reply-To: <008a01cfe161$f0ec5090$d2c4f1b0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(377454003)(51704005)(43784003)(52044002)(189002)(199003)(52314003)(51444003)(13464003)(86362001)(85306004)(23676002)(86612001)(4396001)(50466002)(21056001)(20776003)(47776003)(107046002)(80022003)(46102003)(26826002)(92726001)(64706001)(66066001)(2656002)(54356999)(120916001)(44976005)(50986999)(6806004)(87936001)(95666004)(19580405001)(15202345003)(19580395003)(76482002)(77096002)(99396003)(230783001)(92566001)(84676001)(97736003)(76176999)(85852003)(33656002)(85806002)(15975445006)(55846006)(31966008)(81156004)(104016003)(106466001)(106116001)(69596002)(68736004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB1211; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB1211;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 035748864E
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/oHeNY9oR8588l8g5vtN9wi_V0Q0
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature@tools.ietf.org" <draft-ietf-jose-json-web-signature@tools.ietf.org>
Subject: Re: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 06:12:02 -0000
> -----Original Message----- > From: Jim Schaad [mailto:ietf@augustcellars.com] > Sent: Monday, October 06, 2014 5:35 AM > To: Mike Jones; 'Pete Resnick'; 'The IESG' > Cc: jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web- > signature@tools.ietf.org > Subject: RE: [jose] Pete Resnick's Discuss on draft-ietf-jose-json-web-signature- > 33: (with DISCUSS and COMMENT) > > > -----Original Message----- > > From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones > > Sent: Saturday, October 04, 2014 6:58 PM > > To: Pete Resnick; The IESG > > Cc: jose-chairs@tools.ietf.org; jose@ietf.org; > > draft-ietf-jose-json-web- signature@tools.ietf.org > > Subject: Re: [jose] Pete Resnick's Discuss on > > draft-ietf-jose-json-web- > > signature-33: (with DISCUSS and COMMENT) > > > > Thanks for your review, Pete. I've added the working group to the thread. > > Replies are inline below... > > > > > -----Original Message----- > > > From: Pete Resnick [mailto:presnick@qti.qualcomm.com] > > > Sent: Wednesday, October 01, 2014 9:14 PM > > > To: The IESG > > > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web- > > > signature@tools.ietf.org > > > Subject: Pete Resnick's Discuss on > > > draft-ietf-jose-json-web-signature-33: (with DISCUSS and COMMENT) > > > > > > Pete Resnick has entered the following ballot position for > > > draft-ietf-jose-json-web-signature-33: Discuss > > > > > > When responding, please keep the subject line intact and reply to > > > all email addresses included in the To and CC lines. (Feel free to > > > cut this introductory paragraph, however.) > > > > > > > > > Please refer to > > > http://www.ietf.org/iesg/statement/discuss-criteria.html > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/ > > > > > > > > > > > > -------------------------------------------------------------------- > > > -- > > > DISCUSS: > > > -------------------------------------------------------------------- > > > -- > > > > > > 3.1: Why can't I use an unprotected header when I'm using the > > > Compact Serialization? This seems like a real problem, since I can't > > > convert (in a round- trippable way) between a JWS with an > > > unprotected header in the JSON Serialization to a Compact Serialization. > Why the limitation? > > > > As Richard explained during the telechat, this was a deliberate choice > > on the part of the working group to keep the compact form as simple as > > possible by removing some options. Do I remember correctly that you > > said on the telechat that you would be willing to withdraw this DISCUSS on > that basis? > > > > There was an explicit decision by the group that the JWT case did not require a > multiple signature capability. Thus when the JSON form was developed it was > determined that this would not be back ported into that format. I think that > until we have a case that wants the compact format and needs multiple signers > this is a reasonable decision. Agreed. It's understood by at least some in the working group how we could do a compact serialization representation enabling multiple signatures, but this could easily be addressed in a subsequent specification, if an actual need for it arises. (BTW, the design thinking didn't apply to just the JWT use case - it applied to any simple JWS use case.) > > > 5.2: > > > > > > Strike the last sentence of the second paragraph. There's no > > > requirement here. If none of them validate, I can do what I want > > > with the JWS. I needn't "reject" it. I might just mark it as "invalid". > > > > > > [Get rid of all talk of "rejecting" throughout this document. Again, > > > I will note that the signatures are not valid, but rejecting is a > > > local implementation detail.] > > > > As discussed during the telechat and on subsequent threads, the terms > > "accept" and "reject" are commonly used in this way, for instance, in > > RFC 5820. As Kathleen wrote after the call, "For the "reject" > > language, Pete said on the call that he would go through each one to > > see where it might be application specific and will suggest changes. Thanks in > advance, Pete.". > > > > > This section would be greatly simplified if step 1 was: "If the > > > Compact Serialization is being used, convert it to the JSON Serialization." > > > > This would be doing a disservice to some implementers, since some > > implementations (for instance those designed to support JWTs) will > > only implement the Compact Serialization. I therefore request that > > you withdraw this DISCUSS on that basis. > > Mike, I have a higher opinion of most implementers than you apparently do. I > don't think this would really be an issue to change from that perspective. > > Pete, If I had proposed this to the group while things were in progress. I would > have ended up declaring myself in the weeds. For better or worse, the main > focus of the WG was on the compact serialization and not on the JSON > serialization. This means that, IMHO, the JSON serialization was always a > second class item in the document. I will admit that when I did a fast and dirty > implementation I did exactly what you suggested in terms of doing the > conversion before (and then after) everything else was done. > > If this change was done, then it would also require that the first paragraph be re- > written so that the algorithm becomes something other than normative. That is > it would need to say that any algorithm that produced an equivalent result > would be acceptable. It's not that I have a low opinion of implementers (quite the contrary!) or that I think they wouldn't understand the specification if it were revised in the way that Pete suggests. The disservice would be to write the prescriptive steps to validate a JWS in a way that said that it was necessary to convert any JWSs using the compact serialization to the JSON serialization in order to validate them. This demonstrably isn't a necessary step. Only semantically necessary steps should be in the list. Since this step isn't necessary, I therefore request that you withdraw this DISCUSS on that basis, Pete. > > > Some of these steps are not steps. I could not follow this to figure > > > out what to do. This section could use a serious rewrite. I'm glad > > > to work with you on that, but did not have time to provide a rewrite > > > during > > my review. > > > > This section has been heavily wordsmithed already by numerous reviewers. > > That said, I'd be glad to receive suggestion for specific proposed changes. > > > > > 8: This section needs to be removed. There is no need for TLS in a > > > whole host of applications that could implement this protocol. > > > > As discussed in threads that immediately followed your review, I > > propose to clarify to which specific features ("jku" and "x5u") this section > applies. > > > > > -------------------------------------------------------------------- > > > -- > > > COMMENT: > > > -------------------------------------------------------------------- > > > -- > > > > > > 3.2: > > > > > > In the JWS JSON Serialization, a JWS object is represented as the > > > combination of these four values, > > > BASE64URL(UTF8(JWS Protected Header)), > > > JWS Unprotected Header, > > > BASE64URL(JWS Payload), and > > > BASE64URL(JWS Signature) > > > > > > Why is the Payload (a) part of the serialization and (b) base64ed? > > > Are you saying that the only way I can use JWS is to include the > > > payload as part of the JOSE object? Why can't it be a separate > > > thing? Also, why does > > it have to be base64ed? > > > It could be a UTF-8 string, or it could be a large binary object > > > that I'm using in a non-JSON context, neither of which I want to > > > bloat by base64ing it. This seems bogus. > > > > It is base64url encoded because JSON has no way of representing > > arbitrary octet sequences. This enables the "binary object" case that > > you're describing to work. Also note that this was extensively > > discussed by the working group in the context of issue #26 > http://trac.tools.ietf.org/wg/jose/trac/ticket/26. > > Pete, I tried to strongly argue that this change should be made and in the end > had to declare myself in the weeds as far as the working group was considered. > The reasons that were given by people in the group did not have to do with > security, i.e. that one or the other was more or less secure, and had more to do > with "We have already deployed code that uses the base64 as the input rather > than the raw data and don't feel it would be reasonable to change at this time." > The initial impetus for doing and use the base64 was the compact serialization. > The strings that were parsed directly from the serialization could be hashed and > thus those strings are kept rather than the base64 decoded strings. > > The working group would not be happy with this change. Yes, that's an understatement. This was vigorously discussed on the thread http://www.ietf.org/mail-archive/web/jose/current/msg02645.html "[jose] #26: Allow for signature payload to not be base64 encoded" (33 messages) in the context of http://trac.tools.ietf.org/wg/jose/trac/ticket/26, following a preceding discussion that also covered the much of the same ground of issue http://trac.tools.ietf.org/wg/jose/trac/ticket/23 on the thread http://www.ietf.org/mail-archive/web/jose/current/msg02493.html "[jose] #23: Make crypto independent of binary encoding (base64)" (39 messages). Working group discussion of #23 and #26 is also recorded in the minutes of IETF 87 at http://www.ietf.org/proceedings/87/minutes/minutes-87-jose. > > > I'll get back to in Section 5. Finally: > > > > > > Concatenating these values... > > > > > > This section is not about the compact serialization. If you want to > > > give both example serializations in this section, fine, but if you > > > are giving a general "Example JWS" as the title of the section > > > states, don't just > > give the compact. > > > > The point is to give a simple example to familiarize readers with the > > idea of a JWS - not for the example section to be a complete tutorial > > on the possibilities. Note, however than an example using the JSON > > Serialization > > *is* present in Appendix A.6 and many are present in > > http://tools.ietf.org/html/draft-ietf-jose-cookbook-03. > > At a minimum I think that there should be a sentence that points to the appendix > for an example of a compact serialization. I would be good if the example was > the same as this one, but that may be stretching the issue too far. I don’t think > that Pete is to far out of line in requesting that there be a paragraph at the end > that says "The equivalent to this example using the JSON serialization would be: > ...." I'm OK adding a forward reference to the JSON serialization example in A.6. > > > 4.1.1/4.2: Why even bother mentioning that the alg could be a > > > "Collision- Resistant Name" (what a term!)? The alg should be registered. > > > If it's not, you're in private agreement space anyway, so it needn't > > > be specified in the spec. Same thing for Public Header Parameter > > > Names: If you're going to do this interoperably, you're going to > > > have to know what the thing means; otherwise, it's out of band > > > anyway. I say get rid of the whole concept of using non-registered names. > > > > Per the response to a similar comment in Stephen Kent's secdir review: > > > > This specification will be used both in open environments, in which > > multiple organizations will need to have a common understanding of any > > extensions used, and closed environments, which the producing and > > consuming organization will always be the same and private values could be > safely used. > > IANA registration is definitely the right thing to do for open > > environments. It s probably unnecessary for deployments in closed > environments. > > > > I have a small agreement here with Pete. If this is really a closed environment > then the uses would not care if they violated this type of statement. There is no > 2119 language regarding this feature. I am a bit more sympathetic to keep the > collision resistant naming as this means that we won't get people saying we are > going to use FOOBAR for algorithm foo and never get it registered so we end up > with FOOBAR and foo as two different names for the same algorithm. It would > be clear that one was assigned by a specific entity and did not go through IANA. > What happens if they then ask for OID:1.2.3.4.5 to be the assigned name in the > IANA table does become an interesting question. Yes, the point of the collision-resistant name language is that Example org could use the algorithm name https://schemas.example.com/algorithms/2014/10/super-duper without having to register it, because no naming collisions would result. > > Thanks again, > > -- Mike > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Kathleen Moriarty
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Pete Resnick
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Jim Schaad
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Kathleen Moriarty
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Pete Resnick
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… John Bradley
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones
- Re: [jose] Pete Resnick's Discuss on draft-ietf-j… Mike Jones