IETF Logo Mail Archive

Re: [jose] Deployed Code (was: Re: #23: Make crypto independent of binary encoding (base64))

Richard Barnes <rlb@ipv.sx> Thu, 13 June 2013 15:03 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D02A21F9989 for <jose@ietfa.amsl.com>; Thu, 13 Jun 2013 08:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9yZeyBjvfYMW for <jose@ietfa.amsl.com>; Thu, 13 Jun 2013 08:03:43 -0700 (PDT)
Received: from mail-oa0-x229.google.com (mail-oa0-x229.google.com [IPv6:2607:f8b0:4003:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id 78B5321F997F for <jose@ietf.org>; Thu, 13 Jun 2013 08:03:42 -0700 (PDT)
Received: by mail-oa0-f41.google.com with SMTP id n10so4574787oag.28 for <jose@ietf.org>; Thu, 13 Jun 2013 08:03:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=O3a128esH+6g5DEvO8HuQun2DuJqeqDdGIjuaI3Pdxk=; b=APaJnuWntB1hA0gKtlcSyLWMTGAE1/fXRw9rV+wytyz6wXVrB5mXI7rtpYHWbLPzOC vdCLNLA7AxAw7njdD+AUzUIjopqgXyhyMCwlCMSeb6o0Ri52Fr6tVi0HQQuDOroJME9A Q6nCjscOJcfuB3QqDZHTy79iOwJH1MSyUM9rn7R8aGrpsFG4U996KsmAklqk3stQxJQe NdbfWLj/PWil/qodp0R99Ed1QEpbwflPuV+54dhFMeVnP6dil+q+FpXYVVmR1LgNzHVi yNkvLy4WrLArKJ8ehIzaga0kDvFnD0MWdrjwYip1X0ED95IB//yKJj9B2g6nVIqstceq alBA==
MIME-Version: 1.0
X-Received: by 10.182.60.2 with SMTP id d2mr972577obr.75.1371135821914; Thu, 13 Jun 2013 08:03:41 -0700 (PDT)
Received: by 10.60.84.8 with HTTP; Thu, 13 Jun 2013 08:03:41 -0700 (PDT)
X-Originating-IP: [192.1.51.101]
In-Reply-To: <51B9DD51.5040000@mitre.org>
References: <CAL02cgRLGaSGFqg6PUoz1KX+7jEjU7rwt-t7B=U0FvEqYZrU-w@mail.gmail.com> <51B9DA50.1080807@aol.com> <51B9DD51.5040000@mitre.org>
Date: Thu, 13 Jun 2013 11:03:41 -0400
Message-ID: <CAL02cgT=m=wvqADRmSku+UphFJayNawWWcYYXZRPisA+YL8iUg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Justin Richer <jricher@mitre.org>
Content-Type: multipart/related; boundary="089e015387dc9ab4dc04df0a6f13"
X-Gm-Message-State: ALoCoQlIIeo+RSfWF2O5WHqsq9VjzkNaE4TpevDfshqQKKG/I5dVmlcV3PcYRFP6TE+ErhlMu4Ia
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "<jose@ietf.org>" <jose@ietf.org>, George Fletcher <gffletch@aol.com>
Subject: Re: [jose] Deployed Code (was: Re: #23: Make crypto independent of binary encoding (base64))
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 15:03:44 -0000

I have no problem with the authors developing the -00 versions of JW* as
Informational.  But then the Standards Track documents that this group is
developing would be free to break with legacy (cleanly).

This group should have done what OAuth did.  Publish "v1.1" as an
Informational, AD-sponsored draft, then work on a Standards Track "v2".
 Instead, it seems that some of us have been under the impression we were
working on "v2" while others thought "v1.1".  Which, in retrospect, seems
to have been the origin of a lot of the angst here.

If we go back and publish a cleaned up version of -00 as "v1.1", would
anyone here stick around to work on "v2.0"?  I would.



On Thu, Jun 13, 2013 at 10:55 AM, Justin Richer <jricher@mitre.org> wrote:

>  +1 to George's suggestion. We know that what we have today will function,
> and if this WG doesn't finish its job then the reality is that everyone
> doing "legacy" JWS isn't much going to care what the JOSE WG says anymore.
> In other words, there's enough momentum behind the current state of JOSE
> that it would cause a serious fork if we were to change things now.
>
> So let's be smart about the fork. Let's push what we have as "JOSE", then
> "JOSE2" can turn it into the multi-encoded-binary-framework that fits other
> use cases. And it'll be JOSE2's job to come up with reasonable backwards
> compatibility or incompatibility rules and functions. If we do this, which
> is what George is saying, then we can actually have some control over both
> compliance to the "current" specs and compliance to the "new"
> as-of-yet-undefined specs, and we stand a chance of people outside of this
> working group actually paying attention to what the working group is
> saying, both with the current and with the new.
>
> And finally, as the proverb says, "don't let the perfect stand in the way
> of the good."
>
>  -- Justin
>
>
> On 06/13/2013 10:42 AM, George Fletcher wrote:
>
> I think that in the current situation the issue isn't just breaking
> deployed code but also the timeliness of completing the spec. If the desire
> is to change the processing at some point in the future, why not complete
> this set of specs and then look to add the backward compatibility/migration
> strategy to an updated/future version of the specification? That's
> effectively what this would be anyway, and allowing other specifications
> and working code to be compliant with the current specification is very
> valuable and doesn't preclude revising the mechanism in the future.
>
> Thanks,
> George
>
> On 6/13/13 10:35 AM, Richard Barnes wrote:
>
> This would have been a nice discussion to have had 18 months ago, when we
> were getting started.
>
>  I don't think it's compatible with the IETF ethos to say "Changes to
> this document MUST NOT break existing code."  Otherwise, we're not doing
> engineering here, we're cleaning up documentation and rubber-stamping.
>
>  What would be acceptable is to say "Changes must break cleanly with
> existing code".  That is, it should be possible for a JWT implementation
> to, say, process both "legacy" JWS syntax and whatever comes out of this
> group.  That way, we could come to consensus on the best solution,
> incorporating lessons learned from earlier work without being hindered by
> them.
>
>  Would participants here consider it a acceptable for the output of this
> working group to be incompatible with existing JWT implementations, as long
> as it had the property that JW* objects in the new format could be clearly
> distinguished from "legacy" JW* objects, so that implementations could
> adapt their processing?
>
>  --Richard
>
>
>
>
> On Thu, Jun 13, 2013 at 10:24 AM, George Fletcher <gffletch@aol.com>wrote:
>
>>  +1
>>
>> Breaking deployed code as raised by Brian, Naveen and others is a
>> critical consideration.
>>
>> Thanks,
>> George
>>
>>   On 6/13/13 10:19 AM, Mike Jones wrote:
>>
>>  Jim and Karen, could you please do as Richard suggests and close this
>> issue as “won’t fix”.
>>
>>
>>
>>                                                             Thank you,
>>
>>                                                             -- Mike
>>
>>
>>
>> *From:* Richard Barnes [mailto:rlb@ipv.sx <rlb@ipv.sx>]
>> *Sent:* Wednesday, June 12, 2013 1:57 PM
>> *To:* jose-chairs@tools.ietf.org; Mike Jones
>> *Subject:* Fwd: [jose] #23: Make crypto independent of binary encoding
>> (base64)
>>
>>
>>
>> In other words: Chairs, feel free to close/wontfix :)
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: *Richard Barnes* <rlb@ipv.sx>
>> Date: Wed, Jun 12, 2013 at 4:55 PM
>> Subject: Re: [jose] #23: Make crypto independent of binary encoding
>> (base64)
>> To: "Matt Miller (mamille2)" <mamille2@cisco.com>
>> Cc: jose issue tracker <trac+jose@trac.tools.ietf.org>, "<
>> draft-ietf-jose-json-web-encryption@tools.ietf.org>" <
>> draft-ietf-jose-json-web-encryption@tools.ietf.org>, "<
>> michael.jones@microsoft.com>" <michael.jones@microsoft.com>, "<
>> jose@ietf.org>" <jose@ietf.org>
>>
>>  To be clear, I structured my message in two parts for a reason, to
>> separate the analysis from the opinion.  I acknowledge that I am but one
>> voice here, and I'm increasingly hearing how alone I am :)
>>
>>
>>
>> On Wed, Jun 12, 2013 at 4:23 PM, Richard Barnes <rlb@ipv.sx> wrote:
>>
>>  <impartial-analysis>
>>
>> So just to be clear on the trade-off the WG has to make:
>>
>>
>>
>> On the one hand: Breaking every existing JWT implementation in the world
>>
>> On the other hand: Eternally binding ourselves to base64 encoding, even
>> if binary-safe encodings become available (CBOR, MsgPack, etc.)
>>
>> </impartial-analysis >
>>
>>
>>
>> <personal-opinion>
>>
>> I have some sympathy with JWT implementors.  It sucks to have to refactor
>> code.  But I think we're literally talking about something like a 5-line
>> patch.  And early JWT implementors knew or should have known (to use a DC
>> phrase) that they were dealing with a draft spec.  As the W3C editor's
>> draft template says, in big bold red print, "Implementors who are not
>> taking part in the discussions are likely to find the specification
>> changing out from under them in incompatible ways."
>>
>>
>>
>> As PHB pointed out in the other thread, it would be nice to use JWS and
>> JWE in place of CMS one day, without the base64 hit.  We should incur the
>> implementation pain now, and get the design right for the long run.  Base64
>> is a hack around JSON; we should build the system so that when we no longer
>> need that hack, it can go away.
>>
>> </personal-opinion>
>>
>>
>>
>> --Richard
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Jun 12, 2013 at 10:27 AM, Matt Miller (mamille2) <
>> mamille2@cisco.com> wrote:
>>
>> I did at first find it curious why the cryptographic operations were over
>> the base64url-enccoded values, but I was also very focused on JWE, where I
>> think the field separation problem is less of an issue (at least now).  For
>> JWS, this would certainly cause problems without some manner of unambiguous
>> field parameterization.
>>
>> I will note that unescaped NULL is not valid in JSON, so it could be used
>> as a separator between the encoded header and the payload.  I do find it
>> interesting if JOSE could more easily and efficiently support other
>> encodings.  However, I think that while this is an interesting thought
>> experiment, it seems we're too far down the path to seriously consider it
>> unless the current state were shown to be horribly broken.
>>
>>
>> - m&m
>>
>> Matt Miller < mamille2@cisco.com >
>> Cisco Systems, Inc.
>>
>>
>> On Jun 11, 2013, at 6:01 PM, jose issue tracker <
>> trac+jose@trac.tools.ietf.org> wrote:
>>
>> > #23: Make crypto independent of binary encoding (base64)
>> >
>> >
>> > Comment (by michael.jones@microsoft.com):
>> >
>> > For both serializations, you already need the base64url encoded versions
>> > of the JWS Header and the JWS Payload to preserve them in transmission,
>> so
>> > computing them isn't an extra burden.  In the JWS Compact Serialization,
>> > you already need the concatenation of the Encoded JWS Header, a period
>> > character, and the Encoded JWS Payload, so computing that concatenation
>> > isn't an extra burden.  Given you already have that quantity, computing
>> > the signature over it is the easiest thing for developers to do, and
>> it's
>> > been shown to work well in practice.  There's no compelling reason to
>> make
>> > this change.
>> >
>> > Even for the JSON Serialization, the only "extra" step that's required
>> to
>> > compute the signature is the concatenation with the period character -
>> to
>> > prevent shifting of data from one field to the other, as described by
>> Jim
>> > Schaad in the e-mail thread.  So this step isn't actually "extra" at
>> all -
>> > it's necessary.  It's also highly advantageous to use exactly the same
>> > computation for both serializations, which is currently the case.
>> >
>> > Since there is no compelling reason to make this change, and since
>> making
>> > it could enable the "shifting" problem identified by Jim, it should not
>> be
>> > made.
>> >
>> > --
>> >
>> -------------------------+-------------------------------------------------
>> > Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
>> >     Type:  defect       |  encryption@tools.ietf.org
>> > Priority:  major        |      Status:  new
>> > Component:  json-web-    |   Milestone:
>> >  encryption             |     Version:
>> > Severity:  -            |  Resolution:
>> > Keywords:               |
>> >
>> -------------------------+-------------------------------------------------
>> >
>> > Ticket URL: <
>> http://trac.tools.ietf.org/wg/jose/trac/ticket/23#comment:2>
>> > jose <http://tools.ietf.org/jose/>
>> >
>>
>> > _______________________________________________
>> > jose mailing list
>> > jose@ietf.org
>> > https://www.ietf.org/mailman/listinfo/jose
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> jose mailing listjose@ietf.orghttps://www.ietf.org/mailman/listinfo/jose
>>
>>
>>   --
>> [image: George Fletcher] <http://connect.me/gffletch>
>>
>
>
> --
> [image: George Fletcher] <http://connect.me/gffletch>
>
>
> _______________________________________________
> jose mailing listjose@ietf.orghttps://www.ietf.org/mailman/listinfo/jose
>
>
>

v2.23.0 | Report a Bug | By Email