Re: [jose] issues with x5c in JWE

Brian Campbell <bcampbell@pingidentity.com> Thu, 31 January 2013 21:46 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BD6921F86AB for <jose@ietfa.amsl.com>; Thu, 31 Jan 2013 13:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.776
X-Spam-Level:
X-Spam-Status: No, score=-5.776 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyu-zGAo6mI9 for <jose@ietfa.amsl.com>; Thu, 31 Jan 2013 13:46:16 -0800 (PST)
Received: from na3sys009aog115.obsmtp.com (na3sys009aog115.obsmtp.com [74.125.149.238]) by ietfa.amsl.com (Postfix) with ESMTP id 2318B21F867A for <jose@ietf.org>; Thu, 31 Jan 2013 13:46:16 -0800 (PST)
Received: from mail-ob0-f200.google.com ([209.85.214.200]) (using TLSv1) by na3sys009aob115.postini.com ([74.125.148.12]) with SMTP ID DSNKUQrmJ6kaiGik9WUGmhhT1hyphJQjnwcH@postini.com; Thu, 31 Jan 2013 13:46:16 PST
Received: by mail-ob0-f200.google.com with SMTP id un3so18368380obb.11 for <jose@ietf.org>; Thu, 31 Jan 2013 13:46:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=VX4FkGqt5afien7BnHz0l5XDnC/hxBF7v2Vo+daNeFk=; b=arlXcyOkkeHFbMpwA1e3qzJomylnzkNR7odZuDn2oSGR3BBnf+Tq86moxvVVnstL6N p7o9r1Gx2CBn2ghn1NmOJHo3FHY79dQNiGZh2R/J6Ia3GU6q8Tzmjs1anreHCbBueTnY BShULKpcFsNAglgRkfa5CvU5T2FFyFFYX5BZ3bRLhBy8gUSZnEBlDED1T2dOG7X+FpQp tsEcZC9uHFty7R8Rco7yzjfHEdYwQ9eO/68pDAP/FMTxZm9vltDg4ceToU5uMwIIScey mIw9wcLihz0cb9nIFC03Qjtpto69dt9zINI6h2vY/jo7Oygfg0l2xed/c4IAFBAvfjXd W2pw==
X-Received: by 10.42.153.70 with SMTP id l6mr8165821icw.50.1359668774866; Thu, 31 Jan 2013 13:46:14 -0800 (PST)
X-Received: by 10.42.153.70 with SMTP id l6mr8165815icw.50.1359668774723; Thu, 31 Jan 2013 13:46:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.23.97 with HTTP; Thu, 31 Jan 2013 13:45:43 -0800 (PST)
In-Reply-To: <0BC322C1-A6C5-46B8-BC2A-3A7E000952EF@ve7jtb.com>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com> <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com> <CA+k3eCQqTpiTdDwdkqFNU9UApM8H4TjjkKq+XupSQuhLkbjRsg@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com> <0BC322C1-A6C5-46B8-BC2A-3A7E000952EF@ve7jtb.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 31 Jan 2013 14:45:43 -0700
Message-ID: <CA+k3eCTi1Ss2grSALqZngtnCfv8ks0xRm_uXaeA7cdngua4_VQ@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=90e6ba613aba54624c04d49c8ea4
X-Gm-Message-State: ALoCoQlcQ2dHc/leHAFufhWQWMY7NcCfEFoCvqn+v48roHLOEz5mlkHW004SvXwLaKguEyjUhiJtj6P/RnHNpZOyJSdljXdqvIVaIB3wlJ0SG3mHvCwmn/bkc0b9g4DnkQQuPiGaLOmY
Cc: "jose@ietf.org" <jose@ietf.org>, "Matt Miller \(mamille2\)" <mamille2@cisco.com>
Subject: Re: [jose] issues with x5c in JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 21:46:17 -0000

John and Mike beat me to it but yeah, the general idea of some kind of X509
support in JWK has now independently come up in my world twice in as many
days.

I must say that, from a general design of things perspective, it seems like
a total abomination. But maybe, just maybe, it'd be useful enough to
overcome such pity objections?

Though, to be fair, Matt's idea is pretty different than what John has in
mind. Getting to some level of agreement would likely be more than just a
formality.


On Thu, Jan 31, 2013 at 9:54 AM, John Bradley <ve7jtb@ve7jtb.com> wrote:

> Brian and I were discussing a couple of options off the list.
>
> One possible thing might be to add x5c and/or x5u elements to jwk.
>
> In Connect we are looking at how to deal with key rollover for signing.
>
> The problem with specifying a x5u is that while it is a vert chain it is a
> single cert chain, so you need to have multiple and there is no easy way to
> have the same keyid for a jwk key and a x5u key.
>
> My idea was to allow x5u elements in a jwk so that you can have a single
> keyid and key use that apples to both formats.
>
> I can see a use for x5c in jwk as well especially where it is being sent
> in band.
>
> So while it may sound crazy a number of us may be thinking the same thing.
>
> John B.
>
> On 2013-01-31, at 1:42 PM, "Matt Miller (mamille2)" <mamille2@cisco.com>
> wrote:
>
> >
> > On Jan 31, 2013, at 9:20 AM, Brian Campbell <bcampbell@pingidentity.com>
> wrote:
> >
> >> Seems to me that something like x5c would be a lot more meaningful and
> >> useful for a possible future ECDH-SS algorithm for JWE. But it would be
> >> about the encrypting party or sender's certs in that case, right? Which
> >> would be different than how it's currently being used. And that might be
> >> another argument for not having it in JWE right now.
> >>
> >> Of course that starts to beg the "must understand headers" question but
> I
> >> digress...
> >
> > I was starting to come to similar conclusions.
> >
> > This probably sounds crazy, but maybe we can pretend x.509 certs can be
> wrapped into a JSON Web Key?
> >
> > {
> >  "kty":"X509",
> >  "x5c": [....]
> > }
> >
> >
> > - m&m
> >
> > Matt Miller < mamille2@cisco.com >
> > Cisco Systems, Inc.
> >
> >> On Tue, Jan 29, 2013 at 8:04 PM, John Bradley <ve7jtb@ve7jtb.com>
> wrote:
> >>
> >>> Yes for encryption (Leaving ECDH-SS aside ) the recipoient decrypts
> with a
> >>> secret.  I would expect a kid in the header.
> >>>
> >>> I suppose they if the recipient published a x5c that the sender used to
> >>> encrypt with then you could include the x5c as a reference though a
> >>> thumbprint would be simpler as the recipient is probably keeping its
> >>> private keys in a key-store of some sort.
> >>>
> >>> In any event we would minimally want to change that to
> >>>
> >>> "The certificate containing the public key of the entity that is to
> >>> decrypt the JWE MUST be the first certificate."
> >>>
> >>>
> >>> Thanks Brian
> >>>
> >>> John B.
> >>>
> >>>
> >>> On 2013-01-29, at 11:08 PM, Brian Campbell <bcampbell@pingidentity.com
> >
> >>> wrote:
> >>>
> >>> I just noticed a couple of things in the JWE's x5c definition that
> struck
> >>> me as maybe not right.
> >>>
> >>> From
> >>>
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.9
> >>>
> >>> "The certificate containing the public key of the entity that encrypted
> >>> the JWE MUST be the first certificate." - but it's not the public key
> of
> >>> the entity that encrypted, is it? It's the public key of the entity
> that
> >>> will decrypt. The other entity.
> >>>
> >>> "The recipient MUST verify the certificate chain according to [RFC5280]
> >>> and reject the JWE if any validation failure occurs." - maybe I'm
> missing
> >>> something but why would the recipient verify it's own certificate
> chain?
> >>>
> >>> And the first hyperlink in "See Appendix B<
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#appendix-B>of
> [
> >>> JWS<
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#ref-JWS
> >]
> >>> for an example "x5c" value" takes you to Appendix B of JWE, which is
> >>> Acknowledgements, rather than JWS as the text would suggest.
> >>>
> >>> So all those little nits could be fixed. But maybe it'd be better to
> just
> >>> remove x5c from JWE all together? As Richard pointed out previously,
> >>> http://www.ietf.org/mail-archive/web/jose/current/msg01434.html,
> there's
> >>> really no point in sending a whole chain to help the recipient
> identify its
> >>> own key.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> jose mailing list
> >>> jose@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/jose
> >>>
> >>>
> >>>
> >> _______________________________________________
> >> jose mailing list
> >> jose@ietf.org
> >> https://www.ietf.org/mailman/listinfo/jose
> >
>
>