IETF Logo Mail Archive

Re: [jose] JWP

"Zundel, Brent" <brent.zundel@avast.com> Thu, 28 July 2022 14:23 UTC

Return-Path: <brent.zundel@avast.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 266BAC157B5A for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 07:23:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.687
X-Spam-Level:
X-Spam-Status: No, score=-2.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=avast.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bEP6yI85SsQV for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 07:23:33 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78956C14F722 for <jose@ietf.org>; Thu, 28 Jul 2022 07:23:33 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id va17so3551685ejb.0 for <jose@ietf.org>; Thu, 28 Jul 2022 07:23:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=avast.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mn0ZLZoAjbw336vfoqwe/WOBD4aAj/+pY6Z8wfA1YsM=; b=EMJkIVqcJNcE4KoLkXTsj14X/o3GHGRZ1k9Yq8sGzA7bGaJBxV4DUr8fJ3iTQfe1y2 +BMzJ1V5iJb33+rfiN/ErGw2ViK/pqh1UcJmPnnzBtMDS38ORfKMPKwegaxUDBo9cNd+ XdYIMXHnpBIFFh+s2DB8qnkpDT4m8/P0BFpuM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mn0ZLZoAjbw336vfoqwe/WOBD4aAj/+pY6Z8wfA1YsM=; b=1ziDiRDBcHdrJQs7VZJIrTLhNU5znqTf7X8ThOynfcUPi8j9SMcZlwbaipG9YLgy+e 4zo5DNQB8JrZmseH8qokHvI3z9pHQHfZpn6GZ8elqivlv067XYaiS6MLN6ZHIzToeH5I WF1cIXk8cwCGIUUmiZ16zD+FW+IvZa5nlNlX4pTGmRTndQ8BLgY/bDNJQtKvofWFGpEh v9GIKvNflX0QEnvwQd6J2EG4bTuVNA+0V8UvcXpdQ2uOauLc/IH8rAGyIicsXO2du4L8 Z7Yfja3Y5b9v9WKItg3WlMHCJ7Kf9gWL/9oisC7pjW5X6IO3jnP1WwiK01NA86yVUQ1v 9dRw==
X-Gm-Message-State: AJIora89qf/DWddiCDqBW9XOvj9A+8wKzXCJi4BODcUuWoVZxa7DzvS/ y9twJe5I5+oe5yLiWXOQf0zFLmEm8uA3Ra67pVdD2sRB3OfYFyIO
X-Google-Smtp-Source: AGRyM1s6sNsnxD61YpMOzXNbuJiBegk/TqkBhpgrmF8Q+7pu+1LkAy6PPDdR327sDXvNKI1ypSmtgo+fKE4F46Unn2A=
X-Received: by 2002:a17:907:284a:b0:72b:74ac:a83 with SMTP id el10-20020a170907284a00b0072b74ac0a83mr20622799ejc.560.1659018210855; Thu, 28 Jul 2022 07:23:30 -0700 (PDT)
MIME-Version: 1.0
References: <124E4FB5-F8E2-4C3B-8413-12CDE31D5621@lodderstedt.net> <C5E63713-6E81-4EE5-8A68-E2AB1A2D2C1D@forgerock.com> <CAGum7cGdj6nz4Q6Jm3-SWbmMMdGahKxzn-6Lr9La7Vv9mrJwCg@mail.gmail.com>
In-Reply-To: <CAGum7cGdj6nz4Q6Jm3-SWbmMMdGahKxzn-6Lr9La7Vv9mrJwCg@mail.gmail.com>
From: "Zundel, Brent" <brent.zundel@avast.com>
Date: Thu, 28 Jul 2022 10:23:18 -0400
Message-ID: <CAGi82uNbTa2DbGWRhRov4yHCrLv5JCr_6s29K_AquazWFHA_+Q@mail.gmail.com>
To: Tobias Looker <tplooker@gmail.com>
Cc: Neil Madden <neil.madden@forgerock.com>, Torsten Lodderstedt <torsten@lodderstedt.net>, jose@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002328e105e4de4724"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/rNlzSPEo_LnLGf0pQZm9xBHxAZQ>
Subject: Re: [jose] JWP
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2022 14:23:37 -0000

The desire from my side is to have an interoperable JSON data structure
that works with the short group signatures we've already implemented (such
as BBS and CL).
While I suppose it may be possible to jump through hoops and bend over
backwards in an attempt to recreate to some extent the capabilities already
inherent in the new signature schemes while also using existing JOSE
structures, trying to do so does not make sense to me. I already have a
signature with those capabilities.

I would say that the goals of JWP are not to enable selective disclosure
and unlinkability, but rather to support signatures that already do so;
signatures which are incompatible with existing JWTs (and even SD-JWTs).

On Thu, Jul 28, 2022, 08:13 Tobias Looker <tplooker@gmail.com> wrote:

> > (Can the holder choose to selectively not disclose that “cnf” claim? If
> so, yikes).
>
> No, to prevent this the issuer simply puts these sorts of claims in the
> header, which is not subject to selective disclosure, e.g the prover cannot
> create a valid proof/presentation without disclosing the original
> un-modified header.
>
> > In current usage, PoP is usually applied and linked to clients (apps)
> not individual users, so one simple approach would be to take the
> FIDO/WebAuthn approach and require the client to reuse the same key for at
> least 10,000 users to prevent linkability. That’s obviously not a
> universally applicable approach, and I would be in favour of new
> privacy-preserving PoP schemes.
>
> Yes and to be clear cryptographic schemes like BBS are IMO an example of
> what you describe as a privacy-preserving PoP scheme, they just also
> support selective disclosure.
>
> Thanks,
> Tobias
>
> On Thu, Jul 28, 2022 at 3:56 AM Neil Madden <neil.madden@forgerock.com>
> wrote:
>
>>
>> On 28 Jul 2022, at 08:30, Torsten Lodderstedt <torsten@lodderstedt.net>
>> wrote:
>>
>> 
>>
>> Am 28.07.2022 um 08:57 schrieb Neil Madden <neil.madden@forgerock.com>:
>>
>> {
>> “iss”: “gov.uk”,
>> “over_18”: true
>> }
>>
>> If this is signed using a deterministic signature algorithm (eg EdDSA)
>> then the token will be identical for everyone that is over 18 and so
>> naturally unlinkable.
>>
>>
>> Such a credential needs to be bound to the legit holder, which is
>> typically achieved by adding a public key (reference) to it (which is
>> missing in your example). The holder must then create a presentation signed
>> with the corresponding private key to proof possession and with that
>> legitimate holdership. That key results in likability.
>>
>>
>> Well, it doesn’t *need* to be bound to such a key. Bearer credentials are
>> still widely used, after all.
>>
>> But even if it does, the problem then seems to be one of defining
>> unlinkable proof of possession (PoP) schemes, not a JWT alternative.
>> Indeed, this would seem to be a problem in JWP too - if an issuer adds a
>> PoP constraint via a “cnf” claim (RFC 7800) then that PoP scheme needs to
>> be unlinkable regardless of the use of JWP. (Can the holder choose to
>> selectively not disclose that “cnf” claim? If so, yikes).
>>
>> In current usage, PoP is usually applied and linked to clients (apps) not
>> individual users, so one simple approach would be to take the FIDO/WebAuthn
>> approach and require the client to reuse the same key for at least 10,000
>> users to prevent linkability. That’s obviously not a universally applicable
>> approach, and I would be in favour of new privacy-preserving PoP schemes.
>>
>> — Neil
>>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email