IETF Logo Mail Archive

Re: [jose] PKCS #11 for JWK

Vladimir Dzhuvinov <vladimir@connect2id.com> Mon, 03 July 2017 13:21 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F47613161A for <jose@ietfa.amsl.com>; Mon, 3 Jul 2017 06:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s0ObpF08CAGU for <jose@ietfa.amsl.com>; Mon, 3 Jul 2017 06:21:11 -0700 (PDT)
Received: from p3plsmtpa09-06.prod.phx3.secureserver.net (p3plsmtpa09-06.prod.phx3.secureserver.net [173.201.193.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5892E12785F for <jose@ietf.org>; Mon, 3 Jul 2017 06:21:11 -0700 (PDT)
Received: from [10.67.123.188] ([212.5.158.166]) by :SMTPAUTH: with SMTP id S1HGdHyl3SRqVS1HIdtZSH; Mon, 03 Jul 2017 06:20:40 -0700
Date: Mon, 03 Jul 2017 15:20:02 +0200
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Nathaniel McCallum <npmccallum@redhat.com>, Simo Sorce <simo@redhat.com>, Daiki Ueno <dueno@redhat.com>, jose@ietf.org, Nikos Mavrogiannopoulos <nmav@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
X-CMAE-Envelope: MS4wfKFbPMkJkPsXh5QwunmMP7Z9jvHYJJpwXFQis1/N2XNN/3naQIY/aaQOG4BGt8m89DeKg8q7uIwXijXogLw0dpZN3sl988k39pO8b8R408gRycxEPsi9 QSqwCpx6oA6OHU8NicVKsZRuxThq3Y8E0MZjDZGJyM7Y2qP/276sa0KJ5z63813Bvg6/A5yL1mhY11Fu5OB5pVuPE6Z+4PwW9H1viBgYVibgMRnfeWoQUL4E KwDlHaQCPOw6HKFr87rNzIfmdatc0o3vmBOIorcbFZahBDhipEXOtW24uDRNmEHQ+F4FKbcjZPvvaZWAnAd1fw==
Message-Id: <20170703132111.5892E12785F@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/rXneidOe6UxB4R7ykuQMwjpJ6LA>
Subject: Re: [jose] PKCS #11 for JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 13:21:13 -0000

On 2 Jul 2017 15:49, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
>
> On Sat, Jul 01, 2017 at 08:42:22AM -0400, Nathaniel McCallum wrote: 
> > On Sat, Jul 1, 2017 at 4:00 AM, Simo Sorce <simo@redhat.com> wrote: 
> > > On Fri, 2017-06-30 at 17:33 -0400, Nathaniel McCallum wrote: 
> > >> I have prepared an initial stab at a draft for offloading JWK private 
> > >> key data to PKCS #11. 
> > >> 
> > >> You can find the document here: 
> > >>    https://www.ietf.org/id/draft-mccallum-jose-pkcs11-jwk-00.txt 
> > > 
> > > Later on you talk about performance penalty and say: 
> > > 
> > >    Implementations SHOULD perform public 
> > >    key operations, such as asymmetric signature verification or 
> > >    asymmetric encryption, without using PKCS #11 
> > > 
> > > I think this should be at most a MAY. If I wanted to be more pedantic I 
> > > would say you should take in consideration there may be PKCS#11 modules 
> > > that are already smart enough to implement such functions in software 
> > > so that they do not incur in performance penalties, so the whole this 
> > > would have to be wrapped in something like: 
> > >  "If the PKCS#11 implementation perform public key operation in hardare 
> > > that may result in poor performance then implementations MAY perfrom 
> > > public ..." 
> > 
> > If we downgrade this recommendation, then we probably need to discuss 
> > how implementations would correlate public key and private key object 
> > URIs. That is, "p11" refers only to the private key. For public key 
> > crypto operations, we need a URI that refers to the public key. Thus, 
> > we would need a way to either: 
>
> One another thing to note is that some pieces of codebases can easily 
> work with external private keys but not external public keys. 
>
> That is, those pieces of code expect to work with private keys using 
> signer interface (which can easily encapsulate PKCS#11 operation), but 
> deal with public keys directly (so PKCS#11 there would be a major 
> change). Some codebases even expect to be able to directly load the 
> public key parts.

I see most value in using the p11 parameter for the private key only. This is after all the main reason for people to consider a PKCS#11 store.

The existing JWK parameters for the public bits is the most portable approach. It is simple and should always work.

If there is value in using a PKCS#11 URI for the public key, or even as a certificate reference, why not define separate p11 params for that? With separate, dedicated parameters we'll also do away with the need to perform correlation behind the scenes.

Vladimir

v2.23.0 | Report a Bug | By Email