Re: [jose] Is this a legal JOSE message
Mike Jones <Michael.Jones@microsoft.com> Tue, 29 October 2019 23:25 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4A001200A3 for <jose@ietfa.amsl.com>; Tue, 29 Oct 2019 16:25:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rnsmj177r3v for <jose@ietfa.amsl.com>; Tue, 29 Oct 2019 16:25:22 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650138.outbound.protection.outlook.com [40.107.65.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611BA120128 for <jose@ietf.org>; Tue, 29 Oct 2019 16:25:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bfkCGyLaAkB8tho+57HIp6JUqMxjkY1PzqaDzQpmY9K+wsL2yheRm+CDfCEc5YOvtDbopSxpN6qfugw1g3sRpOiS+pslEobjBpcHpoG5fU4EN78wO8pJmcQR7ib4PjMEMDwX9g9aAcMJfZOuZVDl9n8//BPLTB+jT1X9B7u0qJJ376G8Cic+rl7NYgVgKpiT0t/G4rTo2OxEbAENheRros4MxEGIO354mukyDhh8vPKnihilnX7dqOhHnfqyD8GZrc0Q2is+IY7lbRWm+7sy4dwCVecL3umvYIO/Izfqe8rpgijbLBE5G6zYJWYOip17c1srQDakP4zaoVgl/lu82g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ocn1zj9R8bzeRc6ys4KpjhRamiWxmJE/RzruO2TCx4Y=; b=JenvtTUyaAZeqfXDzmtCXafh6XAPCmewlmDsnaOdyhoK2oTHWO1vK48izv/hWZoFF/n7YwksxqyYibrjSfpdbUYt4LraDCuC2V9Ts8JEm2FEJlnsZrs4wnSyH/NU3g5eLgVm0STjOIfVVBpRd9/S+0V01HNNax8Kc8E68eKcH/82vDDp1BXWUKZtwkVqA2MxWmkz9gv7RRY1yykYGpVg2XPpAz/AiQYgl+M9M4aysMgk8oFj5K74sojUfHHmr/opsQPL/LU3ubyM7MYqHOjUt2yduuHxOH9NZyeG1OJMVyOGFoEwjhpeT5Pq1yytmqkK8zW400EQGw943KMCowXERg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ocn1zj9R8bzeRc6ys4KpjhRamiWxmJE/RzruO2TCx4Y=; b=gEPD++LrNH0a0/n4mTMfgRYVorSv8pxvl01sSOSoPTNpPJwkoNItqqx59bNI9bwLixE7VZQX854C/bIHwjmS79NK4qvkEvp/YlpHb7kXmWuD1mK06xINcukbFd5uEDuAYsHk6v2Ff7FolZ99UossH8ruKfevC3SqPD8Et4hTpfM=
Received: from DM6PR00MB0572.namprd00.prod.outlook.com (20.179.51.15) by DM6PR00MB0666.namprd00.prod.outlook.com (10.141.8.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.0; Tue, 29 Oct 2019 23:25:19 +0000
Received: from DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::35ee:28c5:bc24:9995]) by DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::35ee:28c5:bc24:9995%8]) with mapi id 15.20.2446.000; Tue, 29 Oct 2019 23:25:19 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] Is this a legal JOSE message
Thread-Index: AdWOqnnmQQa1pxV6QKubkYwxSQ8FuwABXDYg
Date: Tue, 29 Oct 2019 23:25:18 +0000
Message-ID: <DM6PR00MB057269E7BC82E00E2EE2911CF5610@DM6PR00MB0572.namprd00.prod.outlook.com>
References: <043901d58eab$f58789b0$e0969d10$@augustcellars.com>
In-Reply-To: <043901d58eab$f58789b0$e0969d10$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=18f9d561-d88a-4531-84dc-0000815fdfe6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-29T23:23:48Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:7:ecc7:76f3:540c:f8e1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d00fe1b7-b8ad-44e3-2265-08d75cc7431c
x-ms-traffictypediagnostic: DM6PR00MB0666:
x-microsoft-antispam-prvs: <DM6PR00MB0666E0F56865662D6E6A1AAAF5610@DM6PR00MB0666.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0205EDCD76
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(396003)(136003)(346002)(376002)(13464003)(189003)(199004)(5024004)(11346002)(256004)(102836004)(305945005)(486006)(7736002)(14444005)(476003)(10090500001)(74316002)(186003)(46003)(99286004)(7696005)(76176011)(71200400001)(53546011)(71190400001)(110136005)(446003)(22452003)(76116006)(66476007)(66556008)(64756008)(66446008)(6506007)(316002)(66946007)(2501003)(6436002)(9686003)(55016002)(81156014)(15650500001)(81166006)(5660300002)(6116002)(25786009)(8936002)(2906002)(6246003)(52536014)(229853002)(14454004)(33656002)(8676002)(8990500004)(86362001)(10290500003)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0666; H:DM6PR00MB0572.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7F9MVcpOex+ENe72x5KyRC1Oovc6GYrifLyC+v9dtbGjFOmpzn/dY146nsjRjPyDqzDGKtfWdIsU7Hfr56rgX8/lHCI4dnEBht747HbFOUzSw6fUsUSlCFXzPDQGdBlIuuzMuf4s/0r3sQKUvaQEvKSdMUfxj+RXbX5WMl1vop/efGnMBCdDwnGJ1TYD8+kBHgGz+Jk3hDVZ5R8e/PiHdq1glQxHROKU3/Q1p2F2qdNsRblkVR65OXvP6/31K+APeoUAizyPBvtzdhXDVtmq38PAV4wqfylUt80ZgFIKfX9BvLMhqVHxKRBYrAvCvyahb9qV9G2+63eqSOjqnChsLGlrQxUPHlrZdVt4vneiQDx8GZjON1hRuiydbXYe0e2heq8MT5sGS63kmyZbBM9Wy+Jnhb9dDAepQrAcrNvLkMwz/0UAFbEpz9qMzTfL+0e9
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d00fe1b7-b8ad-44e3-2265-08d75cc7431c
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2019 23:25:18.9179 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DZ3ilc4j+416W18WherkypFjr2CSH0cRIBX4+ja90SgLpbkASm428ExBGtU5pGpnJxgtGtm5AIA3qf3PBwA7OA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0666
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/uIXQsCztfbbz8Xy-7DeYcQG3SnU>
Subject: Re: [jose] Is this a legal JOSE message
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2019 23:25:24 -0000
I believe that h'0101...' isn't legal JSON. The JWS "signature" value is a string representing the base64url encoding of the signature. -- Mike -----Original Message----- From: jose <jose-bounces@ietf.org> On Behalf Of Jim Schaad Sent: Tuesday, October 29, 2019 3:55 PM To: jose@ietf.org Subject: [jose] Is this a legal JOSE message I have been trying to get my JOSE implementation back up to snuff because it turns out that I need it for some of the ACE work. Part of that means that I am producing unit tests and making sure that each of the pieces works correctly. As part of that effort I ended up producing the attached file. As near as I can tell from diving through the JWE and JWS specifications, this is a legal JWE and JWS file. 1. Please point me to the text in the two documents which says that this is not a legal message. 2. If the text does not exist, was it meant to be a legal message? 3. If it was not meant to be a legal message, can we get some text to add to both of the documents so that this will be detected as an illegal message. For people wishing to validate the message(s), I used the keys from the cookbook. Jim
- [jose] Is this a legal JOSE message Jim Schaad
- Re: [jose] Is this a legal JOSE message Mike Jones
- Re: [jose] Is this a legal JOSE message Jim Schaad