IETF Logo Mail Archive

Re: [jose] SPI proposal

John Bradley <ve7jtb@ve7jtb.com> Mon, 11 February 2013 18:01 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 773A321F8A8B for <jose@ietfa.amsl.com>; Mon, 11 Feb 2013 10:01:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[AWL=-0.699, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KuJR5F-CkBUC for <jose@ietfa.amsl.com>; Mon, 11 Feb 2013 10:01:58 -0800 (PST)
Received: from mail-gg0-x236.google.com (mail-gg0-x236.google.com [IPv6:2607:f8b0:4002:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id DE2C821F8A89 for <jose@ietf.org>; Mon, 11 Feb 2013 10:01:57 -0800 (PST)
Received: by mail-gg0-f182.google.com with SMTP id d1so721949ggn.13 for <jose@ietf.org>; Mon, 11 Feb 2013 10:01:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=0moMR/MZ75HK0HRR+WvWVKQyTBJZxr4fQYO/uJUY+OI=; b=o/ztK7GkhUesy8G0t4DTCZkWgiqH1S1VpwnTIgbojxzwceUddbGJ5faqYoC/zn6ARG 0V9hmvABGSN2gma8YZ3yCZZgTFNhrPyfHC8tIW/M56nPFrwGeKwy9D08JHNXt3dnLRZx sdV7UJnKpmrXiRQnHjR9HnJwTciILRM6eygCCkiFD4WvSM9fePtrZyOx/ymno02nvGJj 4dtR2PQuQNobXPLKxBgn4xOfe/REvs50QkZq3Upz3otGLjTwcvj9PIGIffwQ2OadtZxa Vv1Y+r/KewIA5z8Vf/u6z5cn1jd48U/qu1LHkdBSEPMhx7CDSmnsLmIykhWiSm4KXnOP bRUA==
X-Received: by 10.236.150.175 with SMTP id z35mr18970981yhj.4.1360605713429; Mon, 11 Feb 2013 10:01:53 -0800 (PST)
Received: from [192.168.1.213] (190-20-50-112.baf.movistar.cl. [190.20.50.112]) by mx.google.com with ESMTPS id y9sm69101546yhg.1.2013.02.11.10.01.45 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 Feb 2013 10:01:51 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_855BBD31-E5EC-422D-A2D8-9F88D9296F0B"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CA+k3eCS=8F_zJsDE2ueU0YnNWXg7nwvUhxMbmzhk3oLGRqR2Wg@mail.gmail.com>
Date: Mon, 11 Feb 2013 15:01:32 -0300
Message-Id: <39DED8E4-C964-4DAA-A7F2-FF52ABE7D0E1@ve7jtb.com>
References: <CAL02cgSt7w5CrP+DXo7bz_+YsxKsVMoRbZLNWa6EHjnAyScWMg@mail.gmail.com> <CA+k3eCQ_bsTxYq6u5BVe_Xk1ycOhAwWe=ebfAwk+66JavJJQfA@mail.gmail.com> <CAL02cgRvUvf39RyDOStRXZ1Ne6p9gLrAxjtH8kfmdhE4kWG-3w@mail.gmail.com> <CA+k3eCSgXXit3KbK0XHzbhadyXTOGxvrRBm6ha8XJQhieoY0nQ@mail.gmail.com> <DAD30B11-CE37-45A1-B764-C30D91F70390@gmx.net> <CA+k3eCS=8F_zJsDE2ueU0YnNWXg7nwvUhxMbmzhk3oLGRqR2Wg@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlmGEHgeBCCTIAmA+R4lpFjN3VrAMneeLmDFiRAXCT2adME7eoye1wrXJ2Uh00QrxPHZSyf
Cc: Richard Barnes <rlb@ipv.sx>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 18:01:59 -0000

I am also quite sure that kid is the thing we should use for naming keys as is the current case.

The question is if we want to be able to pass other combinations of header parameters by reference rather than by value.   Sort of the JOSE equivalent of OAuth scope.

The concern I have is that the sender of a JWE is not verifiable (unless we how mown a known rat hole)  without that you have a global name problem, and potentially others.

I would prefer to not have consideration of this optimization hold up the overall spec.

John B.

On 2013-02-11, at 12:24 PM, Brian Campbell <bcampbell@pingidentity.com> wrote:

> I believe the "kid" Key ID header parameter already meets the need for named keys.
> 
> 
> On Sat, Feb 9, 2013 at 4:45 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> Hi Brian,
> 
> keys need to have a name.
> 
> Whether you call it SPI, key id, or something else does not really matter.
> 
> It also does not matter whether the keys (and the associated parameters) are established manually, or using some key management.
> 
> In the context of OAuth there are actually various keys flying around and therefore they need to have different names.
> I was referring to the key used between the client and the resource server when used with
> 
> I believe even without Richard's proposal the necessary pieces are already in the current document; what is need is to further clarify them.
> Ciao
> Hannes
> 
> On Feb 8, 2013, at 4:21 PM, Brian Campbell wrote:
> 
> > Seems to me that, in the absence of more advanced management, the use of spi is potentially very very fragile. And that, in many cases, such advanced management would be a lot more trouble than it's worth. But maybe I'm missing the bigger picture.
> >
> > My own applications of JOSE are in OpenID and OAuth (and similar) and the JOSE message is generally sent from one entity to another thought a web browser user agent as an intermediary. That situation doesn't lend itself well to use of spi or even easily creating some management protocol around it.
> >
> > WRT collision and scoping to sender, I had the same thought but there's not, AFAIK, a reliable way to identify the sender. No?
> >
> > Anyway, I get the point of just establishing the basic behavior. But I'd like to be careful not to inadvertently impose a lot of complexity or potential operational or security issues when doing so.
> >
> >
> >
> >
> >
> >
> > On Thu, Feb 7, 2013 at 7:52 AM, Richard Barnes <rlb@ipv.sx> wrote:
> > The motivation here is not very deep.  A lot of the current design (e.g., the three-letter names) is focused on reducing header size.  The SPI proposal further compresses header size in cases where two entities will be exchanging many JOSE objects.  I understood from some discussions with OpenID folks that this was often the case for their use cases.
> >
> > Obviously, you could build a whole management protocol around this stuff (cf. IKE for IPsec).  Whatever application is using this would need to figure out how to deal with the issues you note, as well as things like what happens when an object shows up with an unknown SPI.  (I don't think collision is an issue, if you can scope to sender; the sender just ensures uniqueness.)  The idea of this basic proposal is to establish the basic behavior, around which you could then wrap more advanced management.
> >
> > --Richard
> >
> >
> > On Thu, Feb 7, 2013 at 9:42 AM, Brian Campbell <bcampbell@pingidentity.com> wrote:
> > Admittedly I'm not really up on this spi issue or the motivation behind it but a couple questions came to mind when I saw this. How does the receiver protect against unbounded growth of the cache? And index collision? And for distributed environments, it seems supporting this could be very cumbersome.
> >
> >
> >
> >
> >
> >
> >
> >
> > On Wed, Feb 6, 2013 at 3:11 PM, Richard Barnes <rlb@ipv.sx> wrote:
> > To move us toward closing Issue #9 [9], here is some proposed text for an SPI [1] field.  To recall, SPI stands for "security parameters index", borrowing a term from IPsec.  The idea is that in cases where the same crypto parameters are being used repeatedly, this would save the parties from having to re-send the same parameters.
> >
> > The below text is designed for the JWE spec, but could be adapted for JWS (just keep header, ignore part about key/iv).  Similar text is probably needed for the encryption/decryption/signing/verification sections.
> >
> > Feedback welcome,
> > --Richard
> >
> > -----BEGIN-----
> > Section 4.1.X. "spi" Header Parameter
> >
> > The "spi" (Security Parameters Index) header parameter contains an opaque byte string that labels a set of security parameters.  This index is designed to enable the use of smaller headers in cases where entities will be re-using the same security parameters for several messages.
> >
> > Entities supporting the use of the "spi" parameter MUST maintain a table of cached security parameters.  When an entity receives an object whose header contains both "spi" and "alg" values, then it MUST cache the following values from the JWE, indexed by the "spi" value:
> > -- Contents of the JWE header
> > -- Encrypted Key
> > -- Initialization Vector
> >
> > If an object containing an "spi" parameter but no "alg" parameter, then it MUST NOT contain an Encrypted Key or Initialization Vector.  That is, it will have the form "header.ciphertext.integrity_value".  When a recipient receives such an object, it uses the "spi" value to retrieve cached header, key, and initialization vector and reconstructs a full JWE.  This full JWE can then be further processed according to the normal JWE processing rules.  If the recipient has no cached parameters for the "spi" value, the process MUST fail.
> > -----END-----
> >
> >
> > [9] http://tools.ietf.org/wg/jose/trac/ticket/9
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
> >
> >
> >
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email