Re: [jose] JWS Counter Signatures

Bret Jordan <jordan.ietf@gmail.com> Fri, 23 November 2018 16:51 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4A18130DFD for <jose@ietfa.amsl.com>; Fri, 23 Nov 2018 08:51:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiNSjGfGRQ4h for <jose@ietfa.amsl.com>; Fri, 23 Nov 2018 08:51:46 -0800 (PST)
Received: from mail-yw1-xc2c.google.com (mail-yw1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59C0612F1A6 for <jose@ietf.org>; Fri, 23 Nov 2018 08:51:46 -0800 (PST)
Received: by mail-yw1-xc2c.google.com with SMTP id d190so5001546ywd.12 for <jose@ietf.org>; Fri, 23 Nov 2018 08:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=NGZ2LARnA8uoE4wkRvlRf2Uep4uGNDPseWB3C4VHaJ0=; b=XoclNFeuwGUfLv1VCqDAFiWlOLaGtYQspDVs+lUnYl9c+ot/rHxM3m6vDvOiXgUZil KR8hIlmKr4RS58dQyROYedWJaHOOUoYJhUkeN9+K5or0fupgY3xfHPEVH5XrOn92D04n 4A6Bb2eqnFqr/r0U+9xGPpufa9KrY6Z0N4W0lhH+dQMZ2tReGoZvBydD6gvwWfUvJ9L3 TzMNTZlp1IFwy46MttzJ+siQolFnahnd/CyM9LHKFdCWqe2mv8rE0KEGH3KdRFBmQsXp 4ZwmQPOE6cULXyYcaSQkpyVG6Y2ezC9pHmE/UPc2NT80VG5y+yznz2IEK6FLQSCh36+C ggHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=NGZ2LARnA8uoE4wkRvlRf2Uep4uGNDPseWB3C4VHaJ0=; b=HhcD7eFv3Bd9pMfvvM2npMeHgNkPEDiiJPZokZJg5fOJBbCbbcu2C7M3pQHDm3gOcL mVwUM1CwyAQHVra3xlH2jkY5mTmPn04kth0vlWD0PGmTDR24JnOv4+CQ5ZjEPXYyTwqZ wZ4fjWKE1e1cxs2av3NWKQuK6q/OusoW/vg8z2ElZsK9c/v0hCpTXxtg0+R0A9SrlvAQ n2IQMQ6ejs4htHJ3P7Zevx59Pto5Rx8OKo98AX6pRc09ThwWPcEYv/zBmTy+8JJFc950 UjiMDMJgVDrglh4nSdgutdfJM4m5HLpBEcldRTdCx55ACPUz1D9Fa/yEH5Y7SnEuL+IN Yziw==
X-Gm-Message-State: AGRZ1gK2DTl7YcS1H3xzwJUiJZsBKlnN42JeireHNcLyr3YtTsT0taM8 zJ4Dk7n2VRSucYy32pHvPwA=
X-Google-Smtp-Source: AJdET5cB8s3GaeTRN8igc3lh5a00CFns495IXWZG9p9LK18Hg3r1QK+sHNsG/p1ZjCKaqsYeb9kx2w==
X-Received: by 2002:a0d:c202:: with SMTP id e2-v6mr16679210ywd.433.1542991905616; Fri, 23 Nov 2018 08:51:45 -0800 (PST)
Received: from ?IPv6:2605:a601:3260:266:89ef:6bee:8279:6d45? ([2605:a601:3260:266:89ef:6bee:8279:6d45]) by smtp.gmail.com with ESMTPSA id v9sm3822233ywh.2.2018.11.23.08.51.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Nov 2018 08:51:44 -0800 (PST)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <029545F4-B739-4218-A947-2AB6F91AC582@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D58D0810-AC63-4B5B-AF13-A491521E9271"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 23 Nov 2018 09:51:35 -0700
In-Reply-To: <222a2534-07fc-a630-99f8-bbe6f6aea29c@gmail.com>
Cc: jose@ietf.org
To: Anders Rundgren <anders.rundgren.net@gmail.com>
References: <12DD2F97-80C3-4606-9C6B-03F7A4BF19DE@gmail.com> <CAOASepNX4aYVmPWXyODn0E2Om_rimACPECqJBvZSOXVVd_p8LA@mail.gmail.com> <D21F3A95-0085-4DB7-A882-3496CC091B34@gmail.com> <CAOASepM=hB_k7Syqw4+b7L2vd6E_J0DSAAW0mHYdLExBZ6VBuw@mail.gmail.com> <00ad01d460f4$69ae8a00$3d0b9e00$@augustcellars.com> <8436AEE7-B25A-4538-B8F6-16D558D9A504@gmail.com> <MEAPR01MB35428606C09BF315DE04CC79E5E10@MEAPR01MB3542.ausprd01.prod.outlook.com> <CAHbuEH6DCD7Zc+PK3TnCBkKv1esnROwyCcDb8ZR+TKwgQQ+yXQ@mail.gmail.com> <0E6BD488-74D5-4640-BC31-5E45B0531AFC@gmail.com> <CAHbuEH5oH-Km6uAjrSr0pEHswFBLuDpfVweQ+gpj472yk+8iTQ@mail.gmail.com> <073CB50F-8D91-4EF6-90BE-FC897D557AA6@oracle.com> <A37D69B1-6B77-4E11-8BB9-A0209C77752C@tzi.org> <434fbdb6-0202-5a02-4cec-9332fbbe548c@gmail.com> <FBBFA6FA-4B0C-4239-9145-0B713120EC98@tzi.org> <01fd01d47f5f$4c4889f0$e4d99dd0$@augustcellars.com> <7b1d293c-1d97-44e4-0cd8-55ec1db6c3b5@gmail.com> <AD2DB2EB-3F06-4C55-94E4-CED60F6FF4CF@alkaline-solutions.com> <222a2534-07fc-a630-99f8-bbe6f6aea29c@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/z2NeUvmKJTZE6rLWEGNvMHCel5U>
Subject: Re: [jose] JWS Counter Signatures
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2018 16:51:49 -0000

That is my understanding as well.   I really hope we can have a meeting / BOF / side meeting / other in Prague to talk about ways forward. 


Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

> On Nov 23, 2018, at 12:50 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> Counter signatures were actually the major "inspiration" for Canonical JSON since JWS based dittos are hard to debug and document due to the deep nesting of Base64Url encoded objects but it is still fully doable.
> 
> However, in a system which I will present at Trustech 2018, I came up with a counter signature scheme where JOSE simply put ran out of gas.
> 
> https://cyberphone.github.io/doc/payments/payment-decentralization-scheme-1a.pdf
> 
> In this system (very briefly):
> 1. a Merchant creates a Payment Request and sends it to the Payer for authorization
> 2. the Payer authorizes the Payment Request with his/her signature key.  The signed authorization data includes a hash of the Payment Request
> 3. the Payer (for privacy reasons) encrypts the authorization data and returns it to the Merchant together with an unencrypted URL pointing to the Payer's bank
> 4. the Merchant sends the original Payment Request + the encrypted Payer authorization data to the Payer's banks for fulfillment
> 5. the Payer's bank decrypts and validates the authorization data, including verifying that the hash of the Merchant-supplied Payment Request matches the hash in the authorization data
> 
> It seems to me that a JOSE based design would have to be architected in a fundamentally different way.
> 
> Anders
> 
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose