Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
Naveen Agarwal <naa@google.com> Fri, 30 August 2013 23:01 UTC
Return-Path: <naa@google.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5A6311E80D1 for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 16:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.144
X-Spam-Level:
X-Spam-Status: No, score=-1.144 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xx2VowPeLTnT for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 16:01:43 -0700 (PDT)
Received: from mail-qa0-x230.google.com (mail-qa0-x230.google.com [IPv6:2607:f8b0:400d:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3B221F9EB6 for <jose@ietf.org>; Fri, 30 Aug 2013 16:01:36 -0700 (PDT)
Received: by mail-qa0-f48.google.com with SMTP id hu16so21667qab.0 for <jose@ietf.org>; Fri, 30 Aug 2013 16:01:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=96JuFMl1aSMTNilotgT8ZpDnZmLQIu2iqWke9hTMd5o=; b=Jup3gyW9viOhcq2t/pT+aCG0d3OabxnBySdsaconI23/N1afGAG/EynNuBJeRi/j8S fMyKRQ5K+SRae3wEED2Ds+zPCHBlA1KFCymPuZrZ/A7QwmL+k+KiJpXQi4FgyvTHxSyg 5UIAnqsKcbqb0fkRLDwWsz1mDtwmwVTUs3umfZlpsK1GII/lMONpZsQ4rJoY2lOP85P9 MmS4T/YN741P7nhe+nRtLJccP5iyX+akkHIymXASU+n5fxUwbCmxypxTqTbOnzZt1lCp ICN2twCW/Ke0uOycCgm74l5Ci1y9vkbkbNEl5JTlPzSD9r5q+byiP4ZJlNXBO2F5Lc/W FMJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=96JuFMl1aSMTNilotgT8ZpDnZmLQIu2iqWke9hTMd5o=; b=D7yK9GYSP9a4zCfG9D9xZucI/JtH6ROU3A0VKW9SBFpMt5HqYVesOYAcp5HjuPa7yK aBLQCJsJFPP1m2RS0++8GqwEqdUh4y4PGRoiCyqCnKF7fFo9Bp+xNu2FvVo2vXDyazl9 nuVz1DaCTmlUR5WP+EtVCd7xiQCAF625N1e/gfAXzv6Gdi7Gf/xaxDoSca7/cgUEGLxc XZ1k4Awl993nUFj5rZ5kln1sBiHMOraVGr4fgjd359gTSy4EvrmzOrAuuFR4lXmIRFax hqknOEHrarZLvGaDb75DKbZ+5qAneo+iTtZ53j4/6e7xqJ5//JuP6bPzQkgHesRrhVh3 jd7Q==
X-Gm-Message-State: ALoCoQmuSYHaFFBDtD7bjWFWo0TOjWJHkcBVXaCap6HTcFQzWk50uygQz53JDHD9rxTyURdDtuf3DqVAfMJgsudJog/GtZIuiQU/lGDfalTQKcBvt7TRspeDaMxak3ukKbdTn4xLktaI+JUpJ/ay6uOvcve1PSDgy2jCiRpFa6GJTBGQxAXNxtgsVOWU3c8pAobn9tAG8SVK
X-Received: by 10.224.35.196 with SMTP id q4mr5304128qad.106.1377903693990; Fri, 30 Aug 2013 16:01:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.215.129 with HTTP; Fri, 30 Aug 2013 16:01:13 -0700 (PDT)
In-Reply-To: <521E552B.6060100@mitre.org>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org>
From: Naveen Agarwal <naa@google.com>
Date: Fri, 30 Aug 2013 16:01:13 -0700
Message-ID: <CAOKiTbvnNka5jkY97ezyieGKhi_7WvnL6oEXTZNeWYzGWdEP+A@mail.gmail.com>
To: Justin Richer <jricher@mitre.org>
Content-Type: multipart/alternative; boundary="089e0149c73a3720aa04e532340c"
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 23:01:44 -0000
+1 Agree with Mike and Justin's comments. On Wed, Aug 28, 2013 at 12:53 PM, Justin Richer <jricher@mitre.org> wrote: > If the leak is going to happen, it's not going to be on part of the JWK > object or JWK set, it's going to be on the whole thing. Stuffing it into a > sub-object isn't going to make it any safer in practice. If you want to > generate a public key from a public/private pair, you could argue that it'd > be simpler to have an outbound thing filter out just the ".private" > sub-object as opposed to having something key-specific, but I think the > latter is actually more robust against different key types since it > enforces a per-type evaluation of what's "public" and what's "private". > > I agree with Mike's contention regarding symmetric keys, below -- it's > tricky though. In the Nimbus-JOSE-JWT implementation of JWK we've taken the > approach of saying that the "public" version of an OctetSequenceKey is null. > > Parallelism on the keying material overall is a good thing though, so I'd > prefer to leave it how it is. > > -- Justin > > > On 08/28/2013 03:40 PM, Mike Jones wrote: > >> This is a second issue in the issue tracker that I wanted to bring to the >> working group’s attention for discussion. My personal view is stated in >> the issue tracker comment below. >> >> -- Mike >> >> -----Original Message----- >> From: jose issue tracker [mailto:trac+jose@trac.tools.**ietf.org<trac%2Bjose@trac.tools.ietf.org> >> ] >> Sent: Wednesday, August 28, 2013 12:36 PM >> To: draft-ietf-jose-json-web-key@**tools.ietf.org<draft-ietf-jose-json-web-key@tools.ietf.org>; >> Mike Jones >> Cc: jose@ietf.org >> Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set >> Format >> >> #82: Section 6. Encrypted JWK and Encrypted JWK Set Format >> >> Comment (by michael.jones@microsoft.com): >> >> This comment is about part A of this issue - the suggestion that private >> key material within a JWK be moved into a "private" element. While I >> understand the motivation for the suggestion, this doesn't seem like a >> necessary or particularly useful change. If an implementation leaks its >> private or shared key information by disclosing a JWK containing it to a >> party not entitled to have it, there's no security difference in whether >> that information is in a top-level member or a member of a "private" field. >> The information will have still been inappropriately disclosed. >> >> This suggestion is also ambiguously specified. While yes, the "d" >> elements of elliptic curve and RSA keys could be moved to be within a >> "private" structure, what would be done for the "k" element of a symmetric >> key? Would that also be moved into a "private" element? (At that point, >> there would be no symmetric key information at the top level of the JWK, >> which seems more than a little odd.) >> >> Finally, I'll note that the specs already clearly delineate public from >> private fields, through use of the Parameter Information Class value in the >> JSON Web Key Parameters registry (with values "Public" and "Private"). So >> there should be no confusion which is which. >> >> I therefore recommend that this suggestion be resolved as "wontfix". >> >> > ______________________________**_________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/**listinfo/jose<https://www.ietf.org/mailman/listinfo/jose> >
- [jose] FOR WG DISCUSSION: #82 part A - Possibly c… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Edmund Jay
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Brian Campbell
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Tim Bray
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Matias Woloski
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Naveen Agarwal
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… n-sakimura
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Jim Schaad
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Justin Richer
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Manger, James H
- Re: [jose] FOR WG DISCUSSION: #82 part A - Possib… Mike Jones