IETF Logo Mail Archive

Re: [jose] Distinguishing signed, encrypted, and unprotected tokens

Mike Jones <Michael.Jones@microsoft.com> Sun, 20 May 2012 22:44 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFA9D21F853D for <jose@ietfa.amsl.com>; Sun, 20 May 2012 15:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bZNv-8igbh-P for <jose@ietfa.amsl.com>; Sun, 20 May 2012 15:44:02 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe006.messaging.microsoft.com [213.199.154.144]) by ietfa.amsl.com (Postfix) with ESMTP id 3C47721F853C for <jose@ietf.org>; Sun, 20 May 2012 15:44:01 -0700 (PDT)
Received: from mail113-db3-R.bigfish.com (10.3.81.247) by DB3EHSOBE003.bigfish.com (10.3.84.23) with Microsoft SMTP Server id 14.1.225.23; Sun, 20 May 2012 22:43:49 +0000
Received: from mail113-db3 (localhost [127.0.0.1]) by mail113-db3-R.bigfish.com (Postfix) with ESMTP id 4CDCA600E7; Sun, 20 May 2012 22:43:49 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VS-38(zz9371I936eK542M1432N98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944hd25hf0ah)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail113-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail113-db3 (localhost.localdomain [127.0.0.1]) by mail113-db3 (MessageSwitch) id 1337553827370952_14905; Sun, 20 May 2012 22:43:47 +0000 (UTC)
Received: from DB3EHSMHS018.bigfish.com (unknown [10.3.81.234]) by mail113-db3.bigfish.com (Postfix) with ESMTP id 5596F180045; Sun, 20 May 2012 22:43:47 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS018.bigfish.com (10.3.87.118) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 20 May 2012 22:43:46 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.189]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.02.0298.005; Sun, 20 May 2012 22:43:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>, Jim Schaad <ietf@augustcellars.com>
Thread-Topic: [jose] Distinguishing signed, encrypted, and unprotected tokens
Thread-Index: Ac0z6YIAkxSNdpPpSJGGHmreRKfuNABAjGsAAFxLuoAAF+hbAAAAY/yAAAbafnA=
Date: Sun, 20 May 2012 22:43:56 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366510478@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <255B9BB34FB7D647A506DC292726F6E114F2E1C05D@WSMSG3153V.srv.dir.telstra.com> <44153647-17FA-4B02-B528-60456E1E4751@ve7jtb.com> <255B9BB34FB7D647A506DC292726F6E114F2F2E7DF@WSMSG3153V.srv.dir.telstra.com> <021601cd36bc$86606bf0$932143d0$@augustcellars.com> <AB155C9C-0848-4434-A780-1BB0BC8B12A2@bbn.com>
In-Reply-To: <AB155C9C-0848-4434-A780-1BB0BC8B12A2@bbn.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: 'John Bradley' <ve7jtb@ve7jtb.com>, "'Manger, James H'" <James.H.Manger@team.telstra.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Distinguishing signed, encrypted, and unprotected tokens
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 May 2012 22:44:03 -0000

Indeed, we already have a JSON format proposed in response working group input with no dots.  See these specs:
	http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01
	http://tools.ietf.org/html/draft-jones-json-web-encryption-json-serialization-01

				-- Mike

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard L. Barnes
Sent: Sunday, May 20, 2012 12:24 PM
To: Jim Schaad
Cc: 'John Bradley'; 'Manger, James H'; jose@ietf.org
Subject: Re: [jose] Distinguishing signed, encrypted, and unprotected tokens

+1

Distinguishing based on number of dots seems really fragile.  




On May 20, 2012, at 3:12 PM, Jim Schaad wrote:

> <no hat>
> 
> What happens if you are distinguishing based on the number of dots and 
> then you move to a new encoding format that is not dot separated?
> 
> Jim
> 
> 
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf 
>> Of Manger, James H
>> Sent: Sunday, May 20, 2012 12:48 AM
>> To: John Bradley
>> Cc: jose@ietf.org
>> Subject: Re: [jose] Distinguishing signed, encrypted, and unprotected
> tokens
>> 
>> First, for unprotected plaintext we still need the header to hold 
>> metadata about the payload, like its type ("typ" header field). So I now suggest:
>> * 3 dots (4 segments) => JWE
>> * 2 dots (3 segments) => JWS
>> * 1 dot  (2 segments) => unprotected payload (<header>.<payload>)
>> 
>> If you don't like using the dot-count to distinguish these cases, how
> about
>> adding an explicit indication? For instance, a JWE is 
>> "E".<header>.<wrappedkey>.<ciphertext>.<MAC>; a JWS is 
>> "S".<header>.<payload>.<signature>, and an unprotected payload is 
>> "P".<header>.<payload>.
>> 
>> Distinguishing using "alg" value is a poor choice. Consider receiving 
>> a
> JWT in 2
>> year. After splitting on dots, base64 decoding, interpreting as 
>> UTF-8,
> JSON
>> parsing, and extracting "alg", you get the value "XY512". Uhmmm..
> obviously
>> a new algorithm has been defined since the initial publication of 
>> "JWA" -- which is not too surprising, eg SHA-3 is expected soon. So 
>> you look at the IANA web page for registered "alg" values. "XY512" is 
>> in the list. Its
> usage is
>> "alg" (not "enc" or "int"). That still means it could be a 
>> key-wrapping
> alg or an
>> asymmetric signature alg so you still cannot distinguish what you have.
> You
>> follow the IANA reference to a spec for "XY512" and, at last, you 
>> know if
> you
>> have a JWE or JWS.
>> 
>> For many apps if you don't know the "alg" it doesn't really matter if 
>> it
> is a JWE
>> or JWS since you cannot decrypt or verify it so the app will just 
>> reject
> it. But
>> for other apps (or other layers of an app or other steps in a 
>> processing
> chain)
>> it would be nice to distinguish signed/encrypted/plain at bit more simply.
>> 
>> --
>> James Manger
>> 
>> -----Original Message-----
>> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
>> Sent: Friday, 18 May 2012 9:45 PM
>> To: Manger, James H
>> Cc: jose@ietf.org
>> Subject: Re: [jose] Distinguishing signed, encrypted, and unprotected
> tokens
>> 
>> I would be against using the number of segments to determine the type.
>> That has changes over time as we added integrity to encryption.
>> 
>> I would not want to assume that some new algorithm might not need 
>> another segment.
>> 
>> Their might also be attacks that we haven't considerd that might be
> possible
>> by altering the number of segments.
>> 
>> I understand that it is an attractive shortcut, but I think the 
>> downside
> is risky.
>> 
>> John B.
>> 
>> On 2012-05-17, at 12:57 AM, Manger, James H wrote:
>> 
>>> draft-jones-json-web-token-10#section-5 suggests looking at the "alg"
>> value in the header to distinguish whether you have a JWE, JWS, or 
>> plain JWT.
>>> 
>>> Wouldn't it be better to distinguish these cases by the number of dots:
>>> * 3 dots (4 segments) => JWE
>>> * 2 dots (3 segments) => JWS
>>> Then we could use 1 segment for a plaintext JWT
>>> * 0 dots (1 segment) => Plaintext JWT (base64url-encoded JWT Claim 
>>> Set)
>>> 
>>> Benefits:
>>> 
>>> 1. JWT spec doesn't need to confusingly specify the "JWT header" as
>> though it is a separate thing from a JWS or JWE header. Rules are
> specified
>> for the JWT header (unique names, no duplicates, all understood or 
>> reject, JWT-specific "typ" definition) but surely these should just 
>> be the JWS or
> JWE
>> header rules as appropriate.
>>> 
>>> 2. No need for the rather pointless "eyJhbGciOiJub25lIn0." prefix 
>>> (for
>> {"alg":"none"}) on plaintext JWTs
>>> 
>>> 3. Top-level code doesn't need to know all sig & enc algs; can leave
> that to
>> signing & encryption libraries
>>> 
>>> 4. Don't need to split, decode, parse header before passing JWT onto 
>>> JWS
>> or JWE processing (which may well split, decode, and parse the same 
>> stuff
> all
>> over again) [eg https://github.com/NimbusDS/Nimbus-
>> JWT/blob/master/src/com/nimbusds/jwt/JWT.java#LC137]
>>> 
>>> 5. Less risk that "none" is implemented as a proper JWS signature
>> verification algorithm and accidentally allows unsigned code to pass
> security
>> gates.
>>> 
>>> 
>>> --
>>> James Manger
>>> 
>>> _______________________________________________
>>> jose mailing list
>>> jose@ietf.org
>>> https://www.ietf.org/mailman/listinfo/jose
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email