Re: [KEYPROV] Giving up on XML DSig => JSON

Simon Josefsson <simon@josefsson.org> Thu, 29 August 2013 11:56 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: keyprov@ietfa.amsl.com
Delivered-To: keyprov@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4238921F850D for <keyprov@ietfa.amsl.com>; Thu, 29 Aug 2013 04:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyWJ+1au7W6k for <keyprov@ietfa.amsl.com>; Thu, 29 Aug 2013 04:56:18 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) by ietfa.amsl.com (Postfix) with ESMTP id 9E99C21F8EE6 for <keyprov@ietf.org>; Thu, 29 Aug 2013 04:55:44 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id r7TBtcgt005572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 29 Aug 2013 13:55:40 +0200
Date: Thu, 29 Aug 2013 13:55:37 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Anders Rundgren <anders.rundgren@telia.com>
Message-ID: <20130829135537.6599b273@latte.josefsson.org>
In-Reply-To: <521F32F3.9030107@telia.com>
References: <521EEFEE.9080302@telia.com> <20130829103542.7e22fea3@latte.josefsson.org> <521F32F3.9030107@telia.com>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Cc: keyprov@ietf.org
Subject: Re: [KEYPROV] Giving up on XML DSig => JSON
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2013 11:56:28 -0000

You wrote:

> > If the latter, why not JWS?
> 
> Because JWS is based on in-line signatures of base64-encoded payloads.
> This would ruin the readability of the already complex KeyGen2
> protocol and make the switch from XML look bad.

Why can't you hash the data you want to sign, and then use JWS to sign
the hash?  Then you get readability and don't have to invent something
new.  However, your example blob in the PDF is hardly readable, so I
don't fully follow the argument about readability to begin with.

/Simon