[OAUTH-WG] JWT BCP on Compression in JWE

Brian Campbell <bcampbell@pingidentity.com> Fri, 28 July 2017 20:00 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EAA181320EB for <oauth@ietfa.amsl.com>; Fri, 28 Jul 2017 13:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 46_dEHlq00GO for <oauth@ietfa.amsl.com>; Fri, 28 Jul 2017 13:00:08 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDE31131E30 for <oauth@ietf.org>; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id e75so21176073pfj.2 for <oauth@ietf.org>; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:from:date:message-id:subject:to; bh=pjO7hzbo6zNlaPUI7+nwEY7wkHZlb6ExrDTXlZ7WVUw=; b=ROtyYfacZ2MKvHMbuyxuDFIst1Q9qCuYopAaK1OIqH0WQ8V7ppNO7tzTm7xnyXJT1q y2Vtlp/HwskH91XF2w7A/lRBQ7dE4WRbQxpp72iVjcdKQ9bBCUQ87glnX37dKtoBK5kY 1lebDw9OVeGqb2q8uIfh0OJ+20WaAM1/8gJMM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pjO7hzbo6zNlaPUI7+nwEY7wkHZlb6ExrDTXlZ7WVUw=; b=qNS7T3lvNxjRYXpCaBbTd4SyQ676DcOvKdfwvXse3kl3fjN00Kp8MJjbPcAIPskyVX W8Y68vx3WDvsrp+IVG3pPVEfWpdD78yRHwoa7/SHBia67QODnQPaSjdNK4ncvPI+w8Ji 2EQ0st+BAC2nMvFVUmQ2VpkhYaBVoCgF4GO6UR1wwUUXbXlePBJFLrSXt2negYzDbpvq dKREBoNZJnuQ6DQXhwF0Uuoooktnq6w1/nvWVKkX0qMrVFEB5BVXn2rDLA4h2A6C8vLW xV5+54dJaL7m8RvNMU6vSN0q5Mg9y/ewj17YRbXscstibRidMiOYcyThtplldr2t6moM spmQ==
X-Gm-Message-State: AIVw113cKHz+4078wzH0CttaAhw9azAf2trG55tw4jLEN/uBeszyTUcm vTfmCJyHy1SFrS3k7M2IT9GzhXEHdVkp2Nwf31AVjyXfH14MixKF932gVhfjTwf09OqdWOxHhXx 5Yynn
X-Received: by with SMTP id j16mr8641324pfk.25.1501272005267; Fri, 28 Jul 2017 13:00:05 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 28 Jul 2017 12:59:34 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Jul 2017 13:59:34 -0600
Message-ID: <CA+k3eCTHfJRWSV1ZGD8-zxPir+-3wqNUtESznxXs5tzJoSU2Zw@mail.gmail.com>
To: oauth <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c11d6e295f60d0555662028"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BrQY2tonN_ttW0xnUbFyqe-xMc0>
Subject: [OAUTH-WG] JWT BCP on Compression in JWE
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 20:00:10 -0000

On critique of JWT I've seen a few times can be paraphrased as "JWT
supports compressed plaintext so, because of CRIME and BREACH, it is
dangerous and stupid."  It's very possible that I am stupid (many on this
list will likely attest to it) but I don't see the applicability of those
kinds of chosen plaintext attacks aimed at recovering sensitive data to how
JWT/JWE are typically used.

I think it would be useful, if during the development of the JWT BCP, the
authors or chairs or WG could somehow engage some experts (CFRG?) to
understand if there's any real practical advice that can be given about
using compression with JWE and the risks involved.

*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*