IETF Logo Mail Archive

Re: [jose] JWP

Neil Madden <neil.madden@forgerock.com> Thu, 28 July 2022 14:46 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECF31C13630A for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 07:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZO-ImbNbVQF for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 07:45:57 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0909EC14F737 for <jose@ietf.org>; Thu, 28 Jul 2022 07:45:56 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id h8so2487474wrw.1 for <jose@ietf.org>; Thu, 28 Jul 2022 07:45:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DV67LnvAtS7sZQZo/cf+yajixZdblMcLl9mxgsw2kLc=; b=O/LaiX4/QcG/zQxCWJzBAOLfQL1RiQVnIqtM1IA+K4BYVH39WSaFlccxrYuuRI3xBY Mi9bFP9yy725NTVWz5g91X53MPTMB4NOhwP5jodFIoT3RMKI9krH41UYOKjN9fBSWP1v GPqBe1Gs2IyyWKopowaZ8qZkQRoNWTA0dUqOI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DV67LnvAtS7sZQZo/cf+yajixZdblMcLl9mxgsw2kLc=; b=yXNwdkCLhdS/vVDrbfpAZEa2KDHS9rho1ar3+ruLDjazzJLnMWolVPdYWfYJlw2f2c eY9dFNN9n2FVKia51JgjH/bI7DRKRuJuTO8WuJP04JcJX/NPT/FHP67l1ZgHnwwapyFk QGcwwWeZtB4s/hZy+NuFU8N4MZ2e0/k/wfLRC5qJwzNqXZypaTbS/+OTZfw3tUNcHrwX UhPsYcyeY9Dpbgc6DvdX8JWzo7iKKkaN2/1OLhRITtVHvqVQ5hoRgjxTkh9DNDJSepGy 5Cqz+QmMjMpVAbjNOTv6+6VB36XqTVHU0fOD1GLNwNrOJb5XVl11oO1J2FrW0b8hdDw+ sjMw==
X-Gm-Message-State: AJIora9CCzbxwGA5gPO5RTKgGYqoV8QQClQldCHeff2gpOeYspB2yenO 9o1OhyoowHeoPuog8Kw7qaHMNA==
X-Google-Smtp-Source: AGRyM1v8dPP37MgoVuNobK3IuWbSkFRwDQRiGg662fBoyaK2n5duoGbNaUQz8KB5eVkYE95ZQqCn1g==
X-Received: by 2002:a5d:6d8a:0:b0:21d:a6f3:f458 with SMTP id l10-20020a5d6d8a000000b0021da6f3f458mr18153405wrs.574.1659019554705; Thu, 28 Jul 2022 07:45:54 -0700 (PDT)
Received: from smtpclient.apple (181.213.93.209.dyn.plus.net. [209.93.213.181]) by smtp.gmail.com with ESMTPSA id m14-20020a05600c4f4e00b003a2d47d3051sm1821628wmq.41.2022.07.28.07.45.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Jul 2022 07:45:54 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Neil Madden <neil.madden@forgerock.com>
In-Reply-To: <CAGum7cGdj6nz4Q6Jm3-SWbmMMdGahKxzn-6Lr9La7Vv9mrJwCg@mail.gmail.com>
Date: Thu, 28 Jul 2022 15:45:53 +0100
Cc: Torsten Lodderstedt <torsten@lodderstedt.net>, jose@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <1D5B4736-C6A0-4661-891B-C1CCE31F5F6C@forgerock.com>
References: <124E4FB5-F8E2-4C3B-8413-12CDE31D5621@lodderstedt.net> <C5E63713-6E81-4EE5-8A68-E2AB1A2D2C1D@forgerock.com> <CAGum7cGdj6nz4Q6Jm3-SWbmMMdGahKxzn-6Lr9La7Vv9mrJwCg@mail.gmail.com>
To: Tobias Looker <tplooker@gmail.com>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/zQ_1h0m5XHYOurxcSv3g6Rtlb8U>
Subject: Re: [jose] JWP
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2022 14:46:01 -0000

> On 28 Jul 2022, at 13:13, Tobias Looker <tplooker@gmail.com> wrote:
> 
> > (Can the holder choose to selectively not disclose that “cnf” claim? If so, yikes). 
> 
> No, to prevent this the issuer simply puts these sorts of claims in the header, which is not subject to selective disclosure, e.g the prover cannot create a valid proof/presentation without disclosing the original un-modified header.

That is a very non-standard use of the header. AFAICT such usage is not compatible with RFC 7800, and I would guess that it may well lead to security issues as implementations won’t be looking for these claims in the header but rather in the claims set. (You can duplicate JWT claims into headers, but making the header itself the source of truth is a big change to how things are today).

> 
> > In current usage, PoP is usually applied and linked to clients (apps) not individual users, so one simple approach would be to take the FIDO/WebAuthn approach and require the client to reuse the same key for at least 10,000 users to prevent linkability. That’s obviously not a universally applicable approach, and I would be in favour of new privacy-preserving PoP schemes. 
> 
> Yes and to be clear cryptographic schemes like BBS are IMO an example of what you describe as a privacy-preserving PoP scheme, they just also support selective disclosure.

I would be quite happy to see a proposal for an RFC 7800 confirmation method based on BBS signatures. (Assuming BBS signatures get through CFRG).

— Neil

v2.23.0 | Report a Bug | By Email