Re: [jose] issues with x5c in JWE

Mike Jones <Michael.Jones@microsoft.com> Thu, 31 January 2013 16:52 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08D6221F8534 for <jose@ietfa.amsl.com>; Thu, 31 Jan 2013 08:52:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlCRZT9LTa4M for <jose@ietfa.amsl.com>; Thu, 31 Jan 2013 08:52:04 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.26]) by ietfa.amsl.com (Postfix) with ESMTP id AA4A921F8528 for <jose@ietf.org>; Thu, 31 Jan 2013 08:52:03 -0800 (PST)
Received: from BY2FFO11FD006.protection.gbl (10.1.15.202) by BY2FFO11HUB025.protection.gbl (10.1.14.111) with Microsoft SMTP Server (TLS) id 15.0.596.13; Thu, 31 Jan 2013 16:52:01 +0000
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD006.mail.protection.outlook.com (10.1.14.127) with Microsoft SMTP Server (TLS) id 15.0.596.13 via Frontend Transport; Thu, 31 Jan 2013 16:52:01 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.132]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0318.003; Thu, 31 Jan 2013 16:51:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Matt Miller (mamille2)" <mamille2@cisco.com>, Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [jose] issues with x5c in JWE
Thread-Index: AQHN/o7QxVbsXGsak0uQdBgHTW9FdZhhL9SAgAJw0ICAAAYdAIAAAhlA
Date: Thu, 31 Jan 2013 16:51:17 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943673F86C4@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CA+k3eCRbkefo3M+7QK_anM+H-VQLj2b+Jvw+8EXKPnSuc4Y_7Q@mail.gmail.com> <DAD9D0F9-1889-41B8-8F87-2FC689E9397B@ve7jtb.com> <CA+k3eCQqTpiTdDwdkqFNU9UApM8H4TjjkKq+XupSQuhLkbjRsg@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED94115109840@xmb-aln-x11.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(377424002)(199002)(189002)(24454001)(51704002)(13464002)(23726001)(44976002)(56776001)(49866001)(74662001)(4396001)(63696002)(54316002)(77982001)(5343655001)(47776003)(56816002)(55846006)(16406001)(79102001)(50986001)(33656001)(46406002)(74502001)(53806001)(46102001)(54356001)(15202345001)(47446002)(20776003)(51856001)(76482001)(47976001)(59766001)(50466001)(31966008)(5343635001)(47736001)(42413001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB025; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0743E8D0A6
Cc: John Bradley <ve7jtb@ve7jtb.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] issues with x5c in JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2013 16:52:07 -0000

I know that John had been thinking along the same lines...  It's not beautiful but it may be a practical solution.

				-- Mike

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Matt Miller (mamille2)
Sent: Thursday, January 31, 2013 8:42 AM
To: Brian Campbell
Cc: John Bradley; jose@ietf.org
Subject: Re: [jose] issues with x5c in JWE


On Jan 31, 2013, at 9:20 AM, Brian Campbell <bcampbell@pingidentity.com> wrote:

> Seems to me that something like x5c would be a lot more meaningful and 
> useful for a possible future ECDH-SS algorithm for JWE. But it would 
> be about the encrypting party or sender's certs in that case, right? 
> Which would be different than how it's currently being used. And that 
> might be another argument for not having it in JWE right now.
> 
> Of course that starts to beg the "must understand headers" question 
> but I digress...

I was starting to come to similar conclusions.

This probably sounds crazy, but maybe we can pretend x.509 certs can be wrapped into a JSON Web Key?

{
  "kty":"X509",
  "x5c": [....]
}


- m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

> On Tue, Jan 29, 2013 at 8:04 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
> 
>> Yes for encryption (Leaving ECDH-SS aside ) the recipoient decrypts 
>> with a secret.  I would expect a kid in the header.
>> 
>> I suppose they if the recipient published a x5c that the sender used 
>> to encrypt with then you could include the x5c as a reference though 
>> a thumbprint would be simpler as the recipient is probably keeping 
>> its private keys in a key-store of some sort.
>> 
>> In any event we would minimally want to change that to
>> 
>> "The certificate containing the public key of the entity that is to 
>> decrypt the JWE MUST be the first certificate."
>> 
>> 
>> Thanks Brian
>> 
>> John B.
>> 
>> 
>> On 2013-01-29, at 11:08 PM, Brian Campbell 
>> <bcampbell@pingidentity.com>
>> wrote:
>> 
>> I just noticed a couple of things in the JWE's x5c definition that 
>> struck me as maybe not right.
>> 
>> From
>> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#sec
>> tion-4.1.9
>> 
>> "The certificate containing the public key of the entity that 
>> encrypted the JWE MUST be the first certificate." - but it's not the 
>> public key of the entity that encrypted, is it? It's the public key 
>> of the entity that will decrypt. The other entity.
>> 
>> "The recipient MUST verify the certificate chain according to 
>> [RFC5280] and reject the JWE if any validation failure occurs." - 
>> maybe I'm missing something but why would the recipient verify it's own certificate chain?
>> 
>> And the first hyperlink in "See Appendix 
>> B<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#a
>> ppendix-B>of [ 
>> JWS<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08
>> #ref-JWS>] for an example "x5c" value" takes you to Appendix B of 
>> JWE, which is Acknowledgements, rather than JWS as the text would 
>> suggest.
>> 
>> So all those little nits could be fixed. But maybe it'd be better to 
>> just remove x5c from JWE all together? As Richard pointed out 
>> previously, 
>> http://www.ietf.org/mail-archive/web/jose/current/msg01434.html, 
>> there's really no point in sending a whole chain to help the recipient identify its own key.
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>> 
>> 
>> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose