[OAUTH-WG] Updated version of draft-madden-jose-ecdh-1pu-02.txt

Neil Madden <neil.madden@forgerock.com> Tue, 13 August 2019 09:04 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ABA851200D6 for <oauth@ietfa.amsl.com>; Tue, 13 Aug 2019 02:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pWWUJMIT27kT for <oauth@ietfa.amsl.com>; Tue, 13 Aug 2019 02:04:37 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE78812008C for <oauth@ietf.org>; Tue, 13 Aug 2019 02:04:36 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id o4so633666wmh.2 for <oauth@ietf.org>; Tue, 13 Aug 2019 02:04:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id :references:to:date; bh=OBfm7taRBYTPH4CGNgRCvy/cu3Xg/Pr7mpyuwS7frYs=; b=Bz3MsYg7Ufx5oJQ2oVhmjvvcrLMUHKHpfyVL8sj4lr9Ld9pHDxj0LoNXPBjXJAFCJw p7t4UwoioDAVQYG0iX8DHnrk5wf+xzTIbtqWMBWRkKLUQo7/v+94CpRy8xaU4Dza5z21 9SWGD1uIDM/1MLjFzkfplTRB9cqlqZBcKs+Fk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:references:to:date; bh=OBfm7taRBYTPH4CGNgRCvy/cu3Xg/Pr7mpyuwS7frYs=; b=uEMOmTG88remqY6bqe3/tafI63no4rzmWwu4BjWutZ0J7Pdrf0yzrIxZ5w8/5Gdhvf g9kkcsdwgtMqXsXA6X2GvsoYuu/0d4M6cz8nKPYMD7Vd0C+O+k/QBlX6W9NwA8ECy10n Zc+3k6OqQw/di+3D/zqPK8sTHfa3M2NqZnpmc4vKUa9fv2QH7QXqnq1xTf5OeAxYFsUH TwzFRmkXI4f9CzwCdn7dxEBE4ZWitOpAduqqNBZ5KwGzVzyPloo50LSChesef159Iq5s pt1faaNJuw2vwjDBMFofsOUSY05jKlc5X7pJO74hn1BTVwXgEf/XGNyh7GRYs8PJt+V+ O/ww==
X-Gm-Message-State: APjAAAVT58irq7ZyAePOQ9ny9lrKHn00mTystk1HwxWRRY2TmM7a23Xu 5laJSpJRyp0peoPxsBRn9L4587gjYcN+C9/G51P7dukDxy/XfJtuPMZXRfbw6lEI/twXla8EbGi KNz3zTv3ziv4YlJtuKC00nwSNue3WZdEU58qoAROuNMRganojzyHLefq/IPWldA0=
X-Google-Smtp-Source: APXvYqyHMXn7WiaRI7XobesXbKQtWHkSXDYtaFkZx6pgBt9WjJjkOCy+5+qwY7SMPm3qMbeDAlxrLA==
X-Received: by 2002:a05:600c:d9:: with SMTP id u25mr1967967wmm.26.1565687075027; Tue, 13 Aug 2019 02:04:35 -0700 (PDT)
Received: from [] (77-44-110-214.xdsl.murphx.net. []) by smtp.gmail.com with ESMTPSA id z2sm680371wmi.2.2019. for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Aug 2019 02:04:34 -0700 (PDT)
From: Neil Madden <neil.madden@forgerock.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <CEBE2BDF-E101-4E85-8061-62D4CDB321ED@forgerock.com>
References: <156568660565.24107.1708228686719919450.idtracker@ietfa.amsl.com>
To: OAuth WG <oauth@ietf.org>
Date: Tue, 13 Aug 2019 10:04:31 +0100
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/f-ir3_HFjlow-0DFsEexTQlOnk4>
Subject: [OAUTH-WG] Updated version of draft-madden-jose-ecdh-1pu-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 09:04:40 -0000

Hi all,

I've created a new version of my I-D on adding public key authenticated encryption to JOSE to support JWT-based encrypted access tokens.


Version -02 removes the discussion of creating a two-way interactive handshake protocol after discussion with Hannes. That's out of scope for this WG and distracts from the main benefits of the draft, which are summed up in these bullet points from the introduction:

   o  The resulting message size is more compact as an additional layer
      of headers and base64url-encoding is avoided.  A 500-byte payload
      when encrypted and authenticated with ECDH-1PU (with P-256 keys
      and "A256GCM" Content Encryption Method) results in a 1087-byte
      JWE in Compact Encoding.  An equivalent nested signed-then-
      encrypted JOSE message using the same keys and encryption method
      is 1489 bytes (37% larger).

   o  The same primitives are used for both confidentiality and
      authenticity, providing savings in code size for constrained

   o  The generic composition of signatures and public key encryption
      involves a number of subtle details that are essential to security
      [PKAE].  Providing a dedicated algorithm for public key
      authenticated encryption reduces complexity for users of JOSE

   o  ECDH-1PU provides only authenticity and not the stronger security
      properties of non-repudiation or third-party verifiability.  This
      can be an advantage in applications where privacy, anonymity, or
      plausible deniability are goals.

I missed the IETF meeting unfortunately. I can put together a few slides if anybody wants me to run through it?

-- Neil

> Begin forwarded message:
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-madden-jose-ecdh-1pu-02.txt
> Date: 13 August 2019 at 09:56:45 BST
> To: "Neil Madden" <neil.madden@forgerock.com>
> A new version of I-D, draft-madden-jose-ecdh-1pu-02.txt
> has been successfully submitted by Neil Madden and posted to the
> IETF repository.
> Name:		draft-madden-jose-ecdh-1pu
> Revision:	02
> Title:		Public Key Authenticated Encryption for JOSE: ECDH-1PU
> Document date:	2019-08-13
> Group:		Individual Submission
> Pages:		12
> URL:            https://www.ietf.org/internet-drafts/draft-madden-jose-ecdh-1pu-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-madden-jose-ecdh-1pu/
> Htmlized:       https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-02
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-madden-jose-ecdh-1pu
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-madden-jose-ecdh-1pu-02
> Abstract:
>   This document describes the ECDH-1PU public key authenticated
>   encryption algorithm for JWE.  The algorithm is similar to the
>   existing ECDH-ES encryption algorithm, but adds an additional ECDH
>   key agreement between static keys of the sender and recipient.  This
>   additional step allows the recipient to be assured of sender
>   authenticity without requiring a nested signed-then-encrypted message
>   structure.
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat