Re: [jose] Proposal about the SPI proposal
Richard Barnes <rlb@ipv.sx> Fri, 08 March 2013 19:27 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A66E21F888E for <jose@ietfa.amsl.com>; Fri, 8 Mar 2013 11:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.538
X-Spam-Level:
X-Spam-Status: No, score=-1.538 tagged_above=-999 required=5 tests=[AWL=-1.113, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnOELEkTnsmI for <jose@ietfa.amsl.com>; Fri, 8 Mar 2013 11:27:18 -0800 (PST)
Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id C3E1021F886D for <jose@ietf.org>; Fri, 8 Mar 2013 11:27:17 -0800 (PST)
Received: by mail-ob0-f171.google.com with SMTP id x4so1596049obh.16 for <jose@ietf.org>; Fri, 08 Mar 2013 11:27:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=XDa8k9QmppSXzSAeFIgEyJfpuZDA2JA3Zyu24VQblpI=; b=nC8+zKMaaUK2hMSgbESxmm6CmU7u0pzoZ/HJjLMBpRZb6AL2NKqqzgS/H7kiIRIxVB 7eHtTPaz4jmd1VB+j5OCwDbPX9hiR8d+8SOl3uLvsQ31DUIl3VCOSgTl47+DDSuo9tZN MJqHXghwucxzVn1WBzFHQ0izd8mRZM65zTTY4rTeHgZYjNfkOflFUP5/b14uZcArljpU YJUKtqplzddlybySCXdfX7A8yDK4bkDEH9FIudaoqKNjsJKaW27Q06b/x5oEzog8fb3z A3uPt5mw1K2XWLJHjUM2K1w0ptPbtCC08Dbvk9zDO4oiooRfdddz/Lv4S+nEUJJyjZYX d+gQ==
MIME-Version: 1.0
X-Received: by 10.182.118.105 with SMTP id kl9mr2840762obb.52.1362770837312; Fri, 08 Mar 2013 11:27:17 -0800 (PST)
Received: by 10.60.150.131 with HTTP; Fri, 8 Mar 2013 11:27:17 -0800 (PST)
X-Originating-IP: [192.1.51.63]
In-Reply-To: <CAL02cgTT2OM8FJOt7MTM2bLhrjhcB3DPcZdmqUXAvF=5evS+OA@mail.gmail.com>
References: <CA+k3eCTo_=P_SQCG_ypiksVb-bfjuJ4Q9vt4r10wpuKPbFUWBg@mail.gmail.com> <1360628984.83146.YahooMailRC@web184403.mail.bf1.yahoo.com> <CABzCy2D9MVw2WTZCFn9PaQ8Mw1e2=Abguf2Q2QzuFshqJqUtZQ@mail.gmail.com> <CAL02cgRQ9nWwpUgLbx1yE_dj=kg9-L-+cJS6std53-W9Ac_CaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436747B244@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgS63UrQVvKXi46Xk3yuba84izZA=TY6OWjEdqtfaqb06A@mail.gmail.com> <CAL02cgTT2OM8FJOt7MTM2bLhrjhcB3DPcZdmqUXAvF=5evS+OA@mail.gmail.com>
Date: Fri, 08 Mar 2013 14:27:17 -0500
Message-ID: <CAL02cgSVfo_SMuvAg880q3boAO1uR7hD4ZjZTObQUGB3KqOisQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="f46d0447a29fab2e7e04d76ecfb8"
X-Gm-Message-State: ALoCoQkm1v+r3FZkzps1g5aMcDicjUB9TUH2OdadQy1jCUdVBDWPvlbiwYzl7PiZaxBGLFOq9TyF
Cc: Brian Campbell <bcampbell@pingidentity.com>, Nat Sakimura <sakimura@gmail.com>, "jose@ietf.org" <jose@ietf.org>, Edmund Jay <ejay@mgi1.com>
Subject: Re: [jose] Proposal about the SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2013 19:27:19 -0000
Sorry, meant to start with: Revised text for the SPI proposal follows. On Fri, Mar 8, 2013 at 2:26 PM, Richard Barnes <rlb@ipv.sx> wrote: > -----BEGIN----- > Section 4.1.X. "spi" (Security Parameters Index) Header Parameter > > The "spi" (Security Parameters Index) header parameter contains a > base64url-encoded opaque byte string that labels a set of security > parameters. This index is designed to enable the use of smaller headers in > cases where entities use an out-of-band mechanism to negotiate > cryptographic parameters. > > Entities using an out-of-band negotiation mechanism maintain a table of > cached security parameters. The maintenance of this table, e.g., how > entries are added or removed, is done by the out-of-band key management > protocol. Each entry in the table is indexed by an SPI value, and > contains pre-negotiated parameters for the JWE, such as values for the > "alg" or "zip" parameters, or a value for the Encrypted Key component. > > A JWE whose header contains an SPI value MAY omit the Encrypted Key > component, by making this field zero-length in the compact serialization. > An entity receiving such a JWE reconstructs the full JWE by adding the > cached header fields to the header, and adding the Encrypted Key components > to the JWE. The reconstructed JWE is then processed as normal. If a JWE > object contains an unrecognized SPI value, then the recipient MUST > consider it invalid. > > The out-of-band management protocol MUST ensure that the SPI value is > unique within the sender's context. To prevent the SPI value from being > used to interfere with JOSE processing, the management protocol SHOULD also > ensure that it is difficult for a third party (who has not participated in > the management protocol) to guess an SPI value. As a simple way to meet > both of these requirements, it is RECOMMENDED that the SPI value be a > 128-bit random value. > -----END----- > > > > On Wed, Feb 27, 2013 at 1:50 PM, Richard Barnes <rlb@ipv.sx> wrote: > >> Ah, sorry I never got around to those. Responses inline. >> >> - What are the security implications of repeatedly reusing the same >>> CMK and IV and how can/should they be mitigated? >>> >> >> Good point. Re-using IVs is a terrible idea. SPI should represent some >> set of pre-negotiated parameters, where the set of parameters that are >> pre-set is part of the pre-negotiation. So one application might >> pre-negotiate algorithms, but pass keys in-band, but another might >> pre-negotiate algorithms and keys. (You could even envision agreeing on an >> IV generation procedure...) >> >> >>> **** >>> >>> - Is having the absence of an “alg” field, paired with the presence of >>> an “spi” field the best way to handle this? >>> >> >> "alg" is an indicator of key wrapping technique. So if this is one of >> the pre-negotiated parameters, then it should be absent. >> >> >>> **** >>> >>> - What are the complexity implications of having JWEs no longer >>> contain a fixed set of field? >>> >> >> Very little. SPI would add a little pre-processing to populate the >> missing fields in a JWE/JWS >> >> >>> **** >>> >>> - Would JWSs similarly have a different number of fields? >>> >> >> Yes. >> >> >>> **** >>> >>> - Indeed, is the proposal even applicable in the JWS case, or does it >>> only make sense for JWEs? >>> >> >> There's less of a need for JWS. You could say SPI "1234" indicates that >> I'm signing under a given 4096-bit RSA key, saving yourself hundreds of >> octets. So it would be like "jku", with fewer octets and without the >> implication that you could go fetch it over the Internet. >> >> >>> **** >>> >>> - What are the motivating use cases for this functionality? >>> >> >> As I said before, cases where there's some out-of-band mechanism to >> pre-negotiate certain parameters. For example, the OpenID Connect >> discovery process. >> < >> http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest >> > >> >> >> >>> **** >>> >>> - What syntax would be used for the “spi” parameter? Unrestricted >>> Unicode strings? Base64url-encoded byte strings? UUIDs? … >>> >> >> Doesn't really matter. Make it the same as "kid" (i.e., string); they're >> both opaque identifiers. >> >> >> >>> **** >>> >>> ** ** >>> >>> I don’t think a number of them have been answered.**** >>> >>> ** ** >>> >>> Thanks,**** >>> >>> -- Mike**** >>> >>> ** ** >>> >>> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf >>> Of *Richard Barnes >>> *Sent:* Wednesday, February 20, 2013 10:04 AM >>> *To:* Nat Sakimura >>> *Cc:* Brian Campbell; jose@ietf.org; Edmund Jay >>> *Subject:* Re: [jose] Proposal about the SPI proposal**** >>> >>> ** ** >>> >>> Obviously, this will not be in a -00 draft for Orlando. So discussion >>> should continue based on the text proposed to the list.**** >>> >>> ** ** >>> >>> Does anyone have further technical comments?**** >>> >>> ** ** >>> >>> --Richard**** >>> >>> ** ** >>> >>> On Wed, Feb 20, 2013 at 11:25 AM, Nat Sakimura <sakimura@gmail.com> >>> wrote:**** >>> >>> ditto. **** >>> >>> 2013/2/11 Edmund Jay <ejay@mgi1.com>**** >>> >>> +1 for new I-D. >>> >>> **** >>> >>> ** ** >>> ------------------------------ >>> >>> *From:* Brian Campbell <bcampbell@pingidentity.com> >>> *To:* "jose@ietf.org" <jose@ietf.org> >>> *Sent:* Fri, February 8, 2013 3:01:51 PM >>> *Subject:* [jose] Proposal about the SPI proposal**** >>> >>> ** ** >>> >>> Maybe this was apparent from my comments/questions on the SPI proposal >>> over the last couple days[1] but I have concerns that run the gamut from >>> operational complexity and fragility to security problems. I believe >>> strongly that, without considerably more analysis and specification detail, >>> the current SPI work is much too risky to consider go in the current base >>> JOSE WG drafts.**** >>> >>> As an alternative I'd like to request/propose that the SPI stuff be >>> submitted as new I-D to help facilitate that additional discussion and >>> analysis that I think it needs.**** >>> >>> ** ** >>> >>> Thanks, >>> Brian**** >>> >>> >>> [1] http://www.ietf.org/mail-archive/web/jose/current/msg01500.html**** >>> >>> ** ** >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose**** >>> >>> >>> >>> **** >>> >>> ** ** >>> >>> -- >>> Nat Sakimura (=nat)**** >>> >>> Chairman, OpenID Foundation >>> http://nat.sakimura.org/ >>> @_nat_en**** >>> >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose**** >>> >>> ** ** >>> >> >> >
- [jose] Proposal about the SPI proposal Brian Campbell
- Re: [jose] Proposal about the SPI proposal Richard Barnes
- Re: [jose] Proposal about the SPI proposal Anthony Nadalin
- Re: [jose] Proposal about the SPI proposal Hannes Tschofenig
- Re: [jose] Proposal about the SPI proposal John Bradley
- Re: [jose] Proposal about the SPI proposal Mike Jones
- Re: [jose] Proposal about the SPI proposal Edmund Jay
- Re: [jose] Proposal about the SPI proposal Nat Sakimura
- Re: [jose] Proposal about the SPI proposal Richard Barnes
- Re: [jose] Proposal about the SPI proposal Mike Jones
- Re: [jose] Proposal about the SPI proposal Richard Barnes
- Re: [jose] Proposal about the SPI proposal Richard Barnes
- Re: [jose] Proposal about the SPI proposal Richard Barnes