[jose] JWT BCP on Compression in JWE
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 July 2017 20:00 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA8E1320E3 for <jose@ietfa.amsl.com>; Fri, 28 Jul 2017 13:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvM-_CpjwKdK for <jose@ietfa.amsl.com>; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B64FD1317E3 for <jose@ietf.org>; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
Received: by mail-pf0-x22b.google.com with SMTP id z129so59981301pfb.3 for <jose@ietf.org>; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:from:date:message-id:subject:to; bh=pjO7hzbo6zNlaPUI7+nwEY7wkHZlb6ExrDTXlZ7WVUw=; b=ROtyYfacZ2MKvHMbuyxuDFIst1Q9qCuYopAaK1OIqH0WQ8V7ppNO7tzTm7xnyXJT1q y2Vtlp/HwskH91XF2w7A/lRBQ7dE4WRbQxpp72iVjcdKQ9bBCUQ87glnX37dKtoBK5kY 1lebDw9OVeGqb2q8uIfh0OJ+20WaAM1/8gJMM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pjO7hzbo6zNlaPUI7+nwEY7wkHZlb6ExrDTXlZ7WVUw=; b=Q3R2UlKlGtK64RxNHYx3dqlIL400EahwXSSlZ9ZMSC4fnWGN1siYfFUk8p0cA0Htv/ DzF02VVz4QavoRCOnRfLNjFUzssgw81I6E/m0Dls8PKWLodjVYnNYJBDUOtxpgqy+jp+ Eq2hZLluWsCNRS7eXFX3TKbIwVXkpQQEb60+Z8IqO4FiWVFyyGa+NkIS8heTNr9G1wmA EeJgrGEFiHWYBr09v6k0dyRnn//pkN3XKZs3ulJPGJaYNGFMzFIUKI2bB8AJh+OT8XFC MX2JDlmAABTXdhZC+tl+7tEWwyx8TXetGsiaDSChL52LbGaBBqLIWxTp5GbEB2McKD6p lRKA==
X-Gm-Message-State: AIVw113+kzcDA/sruyDcBJ7LvYGBk1lQLNzLyUZqm6oAbnHAnpuwJL4r xaWhktn7LAzc66dQkqTDjTiEtdPFwRNLCO1TF2XCPFz+4xZv9R30sAKZxJdnDrMso9p34RufBHx tyYo=
X-Received: by 10.98.204.144 with SMTP id j16mr8641324pfk.25.1501272005267; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.87 with HTTP; Fri, 28 Jul 2017 12:59:34 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Jul 2017 13:59:34 -0600
Message-ID: <CA+k3eCTHfJRWSV1ZGD8-zxPir+-3wqNUtESznxXs5tzJoSU2Zw@mail.gmail.com>
To: oauth <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c11d6e295f60d0555662028"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/oK2l-VfwpL0DvdpTI6Qf9ROeOOo>
Subject: [jose] JWT BCP on Compression in JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 20:00:10 -0000
On critique of JWT I've seen a few times can be paraphrased as "JWT supports compressed plaintext so, because of CRIME and BREACH, it is dangerous and stupid." It's very possible that I am stupid (many on this list will likely attest to it) but I don't see the applicability of those kinds of chosen plaintext attacks aimed at recovering sensitive data to how JWT/JWE are typically used. I think it would be useful, if during the development of the JWT BCP, the authors or chairs or WG could somehow engage some experts (CFRG?) to understand if there's any real practical advice that can be given about using compression with JWE and the risks involved. -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [jose] JWT BCP on Compression in JWE Brian Campbell