IETF Logo Mail Archive

Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields

Naveen Agarwal <naa@google.com> Fri, 30 August 2013 23:01 UTC

Return-Path: <naa@google.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5A6311E80D1 for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 16:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.144
X-Spam-Level:
X-Spam-Status: No, score=-1.144 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xx2VowPeLTnT for <jose@ietfa.amsl.com>; Fri, 30 Aug 2013 16:01:43 -0700 (PDT)
Received: from mail-qa0-x230.google.com (mail-qa0-x230.google.com [IPv6:2607:f8b0:400d:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3B221F9EB6 for <jose@ietf.org>; Fri, 30 Aug 2013 16:01:36 -0700 (PDT)
Received: by mail-qa0-f48.google.com with SMTP id hu16so21667qab.0 for <jose@ietf.org>; Fri, 30 Aug 2013 16:01:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=96JuFMl1aSMTNilotgT8ZpDnZmLQIu2iqWke9hTMd5o=; b=Jup3gyW9viOhcq2t/pT+aCG0d3OabxnBySdsaconI23/N1afGAG/EynNuBJeRi/j8S fMyKRQ5K+SRae3wEED2Ds+zPCHBlA1KFCymPuZrZ/A7QwmL+k+KiJpXQi4FgyvTHxSyg 5UIAnqsKcbqb0fkRLDwWsz1mDtwmwVTUs3umfZlpsK1GII/lMONpZsQ4rJoY2lOP85P9 MmS4T/YN741P7nhe+nRtLJccP5iyX+akkHIymXASU+n5fxUwbCmxypxTqTbOnzZt1lCp ICN2twCW/Ke0uOycCgm74l5Ci1y9vkbkbNEl5JTlPzSD9r5q+byiP4ZJlNXBO2F5Lc/W FMJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=96JuFMl1aSMTNilotgT8ZpDnZmLQIu2iqWke9hTMd5o=; b=D7yK9GYSP9a4zCfG9D9xZucI/JtH6ROU3A0VKW9SBFpMt5HqYVesOYAcp5HjuPa7yK aBLQCJsJFPP1m2RS0++8GqwEqdUh4y4PGRoiCyqCnKF7fFo9Bp+xNu2FvVo2vXDyazl9 nuVz1DaCTmlUR5WP+EtVCd7xiQCAF625N1e/gfAXzv6Gdi7Gf/xaxDoSca7/cgUEGLxc XZ1k4Awl993nUFj5rZ5kln1sBiHMOraVGr4fgjd359gTSy4EvrmzOrAuuFR4lXmIRFax hqknOEHrarZLvGaDb75DKbZ+5qAneo+iTtZ53j4/6e7xqJ5//JuP6bPzQkgHesRrhVh3 jd7Q==
X-Gm-Message-State: ALoCoQmuSYHaFFBDtD7bjWFWo0TOjWJHkcBVXaCap6HTcFQzWk50uygQz53JDHD9rxTyURdDtuf3DqVAfMJgsudJog/GtZIuiQU/lGDfalTQKcBvt7TRspeDaMxak3ukKbdTn4xLktaI+JUpJ/ay6uOvcve1PSDgy2jCiRpFa6GJTBGQxAXNxtgsVOWU3c8pAobn9tAG8SVK
X-Received: by 10.224.35.196 with SMTP id q4mr5304128qad.106.1377903693990; Fri, 30 Aug 2013 16:01:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.215.129 with HTTP; Fri, 30 Aug 2013 16:01:13 -0700 (PDT)
In-Reply-To: <521E552B.6060100@mitre.org>
References: <4E1F6AAD24975D4BA5B16804296739436B7FBEA6@TK5EX14MBXC283.redmond.corp.microsoft.com> <521E552B.6060100@mitre.org>
From: Naveen Agarwal <naa@google.com>
Date: Fri, 30 Aug 2013 16:01:13 -0700
Message-ID: <CAOKiTbvnNka5jkY97ezyieGKhi_7WvnL6oEXTZNeWYzGWdEP+A@mail.gmail.com>
To: Justin Richer <jricher@mitre.org>
Content-Type: multipart/alternative; boundary="089e0149c73a3720aa04e532340c"
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] FOR WG DISCUSSION: #82 part A - Possibly changing representation of private JWK fields
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 23:01:44 -0000

+1 Agree with Mike and Justin's comments.


On Wed, Aug 28, 2013 at 12:53 PM, Justin Richer <jricher@mitre.org> wrote:

> If the leak is going to happen, it's not going to be on part of the JWK
> object or JWK set, it's going to be on the whole thing. Stuffing it into a
> sub-object isn't going to make it any safer in practice. If you want to
> generate a public key from a public/private pair, you could argue that it'd
> be simpler to have an outbound thing filter out just the ".private"
> sub-object as opposed to having something key-specific, but I think the
> latter is actually more robust against different key types since it
> enforces a per-type evaluation of what's "public" and what's "private".
>
> I agree with Mike's contention regarding symmetric keys, below -- it's
> tricky though. In the Nimbus-JOSE-JWT implementation of JWK we've taken the
> approach of saying that the "public" version of an OctetSequenceKey is null.
>
> Parallelism on the keying material overall is a good thing though, so I'd
> prefer to leave it how it is.
>
>  -- Justin
>
>
> On 08/28/2013 03:40 PM, Mike Jones wrote:
>
>> This is a second issue in the issue tracker that I wanted to bring to the
>> working group’s attention for discussion.  My personal view is stated in
>> the issue tracker comment below.
>>
>>                                 -- Mike
>>
>> -----Original Message-----
>> From: jose issue tracker [mailto:trac+jose@trac.tools.**ietf.org<trac%2Bjose@trac.tools.ietf.org>
>> ]
>> Sent: Wednesday, August 28, 2013 12:36 PM
>> To: draft-ietf-jose-json-web-key@**tools.ietf.org<draft-ietf-jose-json-web-key@tools.ietf.org>;
>> Mike Jones
>> Cc: jose@ietf.org
>> Subject: Re: [jose] #82: Section 6. Encrypted JWK and Encrypted JWK Set
>> Format
>>
>> #82: Section 6. Encrypted JWK and Encrypted JWK Set Format
>>
>> Comment (by michael.jones@microsoft.com):
>>
>> This comment is about part A of this issue - the suggestion that private
>> key material within a JWK be moved into a "private" element.  While I
>>  understand the motivation for the suggestion, this doesn't seem like a
>>  necessary or particularly useful change.  If an implementation leaks its
>> private or shared key information by disclosing a JWK containing it to a
>> party not entitled to have it, there's no security difference in whether
>> that information is in a top-level member or a member of a "private" field.
>>  The information will have still been inappropriately disclosed.
>>
>> This suggestion is also ambiguously specified.  While yes, the "d"
>> elements of elliptic curve and RSA keys could be moved to be within a
>> "private" structure, what would be done for the "k" element of a symmetric
>> key?  Would that also be moved into a "private" element?  (At that point,
>>  there would be no symmetric key information at the top level of the JWK,
>>  which seems more than a little odd.)
>>
>> Finally, I'll note that the specs already clearly delineate public from
>> private fields, through use of the Parameter Information Class value in the
>> JSON Web Key Parameters registry (with values "Public" and "Private").  So
>> there should be no confusion which is which.
>>
>> I therefore recommend that this suggestion be resolved as "wontfix".
>>
>>
> ______________________________**_________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/**listinfo/jose<https://www.ietf.org/mailman/listinfo/jose>
>

v2.23.0 | Report a Bug | By Email