[jose] Review of JWS/CT

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 12 December 2020 05:59 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA31E3A0ED2 for <jose@ietfa.amsl.com>; Fri, 11 Dec 2020 21:59:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id igruQV_rcvGj for <jose@ietfa.amsl.com>; Fri, 11 Dec 2020 21:59:11 -0800 (PST)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1F9A3A0ECB for <jose@ietf.org>; Fri, 11 Dec 2020 21:59:10 -0800 (PST)
Received: by mail-wm1-x335.google.com with SMTP id c198so9204934wmd.0 for <jose@ietf.org>; Fri, 11 Dec 2020 21:59:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=yAIFfcdp6R670AXxjuWAEh+obHQsJhfD3QyXrwybZho=; b=FXKhHiXQz+R/zcGt60NevYvgiJ0QnFmMGzLJsNoxk8YZuvAEKctUpcpelHFBXacuUh dd4iDZNJyQ9InbFGL+bqCtAu0NpgHgYHPxi0SAQxIHn3/8bWKUe3uHJueCUBwDOkYtQx bGCuZjZzhDLM6JM0S9qNVzwDrqvSU5r+A18+MdPzdlUHSMgnBZAKtWCuXKj8Km+zYTRc P7DejfA3zozl8E3J3BqHcQo42eeGZhOSynZSC1toJFzs4DNMrv2vqeSIUf3PKYotlZkp y3tW0hga6/OljcE6g3KJJvQPtlOPU5gKC400HzG5+WK8WmraR9iSQnSe/JV1WMFBYGXS VD0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=yAIFfcdp6R670AXxjuWAEh+obHQsJhfD3QyXrwybZho=; b=PQijlwrnz/4c/81HfBSMz87GEbUTKUr3/4njwugG//TDL2U3YUwUuKg3JesiFyFibz YM9AXfXG9Obo3X1bMJArcaSnebRQxmP6H3QOIGTdUtRaLLEE8rlo0N/RpW8qcVuctH2g 2Xt85PwoUc+IKqhAU8jBuO+Tjt6jGjAPUs/zqEa/6953wnvKlE9rsltQ+gJq1hb2OXel oVCRq9/bhLWBNCaUDrrbU5SycwkkIGQcCbwbN6n5Tr0iMZxh3kBCV4DOMz0EFmz7iJCe 7P9cmDxBiMEgm1jWH7+AYCW/eCz8QLZO8m2oHieVU130fLxmgMTCGts5i/shlZp0W1w5 gi/g==
X-Gm-Message-State: AOAM530ZPJJO/cA4za5YxUuBfxb1AW6zIVmMlcmD7nbuIjmdrQ2c6T9u xFSm9V/Eqq8wpw9ltDLHX4c=
X-Google-Smtp-Source: ABdhPJxw16NDNC0MrRtrmL7wt74HakzrWplDCM97Fdk1UF2we3aNNa3TlztwLmI5n4bsdoMNOShQDA==
X-Received: by 2002:a1c:7318:: with SMTP id d24mr17206204wmb.39.1607752749139; Fri, 11 Dec 2020 21:59:09 -0800 (PST)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id d15sm18482754wrx.93.2020.12.11.21.59.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 11 Dec 2020 21:59:08 -0800 (PST)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Cc: Samuel Erdtman <samuel@erdtman.se>
References: <877F7D19-7170-4975-858C-34A35A0BB748@gmail.com>
Message-ID: <6fd307f9-57a4-552c-7573-22c1fb473fab@gmail.com>
Date: Sat, 12 Dec 2020 06:59:07 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <877F7D19-7170-4975-858C-34A35A0BB748@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/u0xkkxvf2QL_iP9taZV0GKvlx74>
Subject: [jose] Review of JWS/CT
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 05:59:13 -0000

Thanx Bret,

The following feedback has been received to date:

1. An option for supporting other JSON canonicalization methods than JCS (RFC 8785).
2. Creating something equivalent to the JWS header element "b64" that would specify "jcs".

I'm personally not overly thrilled by anything that would require updates of JWS.

The idea behind the "jcs" attribute was to simplify usage but based on my experiences there are no problems creating easy-to-use JWS/CT APIs on top of existing JWS APIs.

Regarding alternative JSON canonicalization methods, this seems unlikely to happen without a radical update of ECMAScript.

Any other feedback?

If you want to take the spec. for a spin you may do that at: https://mobilepki.org/jws-ct

Regards,
Anders

On 2020-11-20 17:05, Bret Jordan wrote:
> All,
> 
> We have released 00 of our draft for using JWS with JCS. You can find it here:
> 
> https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ <https://datatracker.ietf.org/doc/draft-jordan-jws-ct/>
> 
> Abstract
> 
>     This document describes a method for extending the scope of the JSON
>     Web Signature (JWS) standard, called JWS/CT.  By combining the
>     detached mode of JWS with the JSON Canonicalization Scheme (JCS),
>     JWS/CT enables JSON objects to remain in the JSON format after being
>     signed (aka "Clear Text" signing).
> 
> 
> 
> Thanks
> Bret
> 
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>