[OAUTH-WG] deterministic ECDSA (was Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt)

Brian Campbell <bcampbell@pingidentity.com> Fri, 04 May 2018 21:56 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0A4D612DA15 for <oauth@ietfa.amsl.com>; Fri, 4 May 2018 14:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 1nLyabazM8V6 for <oauth@ietfa.amsl.com>; Fri, 4 May 2018 14:56:52 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24EEA12DA12 for <oauth@ietf.org>; Fri, 4 May 2018 14:56:52 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id g14-v6so23623492ioc.7 for <oauth@ietf.org>; Fri, 04 May 2018 14:56:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:from:date:message-id:subject:to:cc; bh=Ygj7usMAj6NjkFMmUjksNrowXkzM0j0i5goUCGNYu6M=; b=pjby4W7rMRlXnjv6bnKiUn/WgmbRkkWIEYigwBMEGjnzDD09EqZoWmQUtxA5+OaBxC u7TOF7JRZKp4jEldBKmovyNyXhNVp2p45CFzn2AkGoAzxe5/BS41PQkhFzUDEAAZuyvH J+B7hSyzetga/x5G2qqbbhwTTobyVOqyKOkpk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Ygj7usMAj6NjkFMmUjksNrowXkzM0j0i5goUCGNYu6M=; b=D6sTgY3iXDP9C6+UOvmtOzo6uvWRc2agSgMKWXDXirioVtWA3LEQ+aLkHtEi/1/s5Q /AYx0EAZ+1ZAWMbNpPmCb+dQmfV71OeaPODbgm4HgijHXfJ7wGDFUsAX4BFzZ0/MULD8 z/O+nXrN0ZNsbWtHvcBD1dh9AfRjbzDj01HkP65QPEQ0RyHdTlqNUo+z4G7xCMuSTvSJ xJtZ2IOLAzNCD0ydlaVsUsQgZtdfa1s/cGsDCAhm0BmwYkN+5TIlEkl70Z+ZhxJEo09X P6LVAEZszptBO8pU8Rh6G3ZVWqaRSXciW8eEk+VTULK1ntuMYm1T5C5KeP1Gaawow2qW vDbg==
X-Gm-Message-State: ALQs6tCFWKbjBrbue0wjAOgSBy6/8M4Ljgmn2YurjyKTFHgNU9oIe8VJ lunKtCY1hq/4ESOr1WoT1vvTmYMICbAtGtFcdyJQqZ+slgjGI9WQWNcEPIYKjfLII9Clx5dJbSD xU7QEx+G3NYCDSg==
X-Google-Smtp-Source: AB8JxZobITQT0HI/XhV+EjH5tlppQt83bzmdhZuH9RRVplnQCWrSEZ4DYMOo5p0PmdqxD/oUNzv77vUJHEk7QIaLOhY=
X-Received: by 2002:a6b:591:: with SMTP id 139-v6mr28345511iof.282.1525471011313; Fri, 04 May 2018 14:56:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:144a:0:0:0:0:0 with HTTP; Fri, 4 May 2018 14:56:20 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 04 May 2018 15:56:20 -0600
Message-ID: <CA+k3eCRXtbSMMVEq3Fic6qF40+SCSrvPKxYyWJ7x4+GE7Ya-rA@mail.gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000beb2c4056b686555"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lnLKKz6Qj8lKI8Ll3Pylt6QB9EM>
Subject: [OAUTH-WG] deterministic ECDSA (was Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 21:56:55 -0000

New in this version of draft-ietf-oauth-jwt-bcp is a rather strong
recommendation to use deterministic ECDSA from RFC 6979 (the new text with
a SHOULD is copy/pasted below for the lazy among us that might be reading

Is this consistent with the general thinking or advice out of the IETF or
CFRG these days? RFC6979 talks a lot about it's usefulness in environments
without a source of high-quality randomness. Should this here JWT BCP
qualify its 'SHOULD' with something about that? Or is deterministic the
gold standard recommendation now regardless? I get that it can be used in
environments even that have good randomness but I'm wondering if that's
truly the expert recommendation? Are there any reasons not to use it or
situations where it wouldn't be appropriate?

I don't ask to try and be critical but to try and better understand. As a
WG participant, is this the right recommendation? As a maintainer of a
JWT/JOSE library that doesn't do deterministic ECDSA (and I suspect isn't
particularly unique in that respect), is it something I SHOULD be

https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-02#section-3.2 :

   -  ECDSA signatures require a unique random value for every message
      that is signed.  If even just a few bits of the random value are
      predictable across multiple messages then the security of the
      signature scheme may be compromised.  In the worst case, the
      private key may be recoverable by an attacker.  To counter these
      attacks, JWT libraries SHOULD implement ECDSA using the
      deterministic approach defined in [RFC6979
<https://tools.ietf.org/html/rfc6979>].  This approach is
      completely compatible with existing ECDSA verifiers and so can be
      implemented without new algorithm identifiers being required.

On Wed, May 2, 2018 at 2:36 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:

> This new version should address all WGLC comments. Please let us know if
> there's anything missing.
> Thanks,
>         Yaron
> -------- Forwarded Message --------
> Subject: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt
> Date: Wed, 02 May 2018 01:26:17 -0700
> From: internet-drafts@ietf.org
> To: Michael B. Jones <mbj@microsoft.com>, Yaron Sheffer <
> yaronf.ietf@gmail.com>, Dick Hardt <dick@amazon.com>, Michael Jones <
> mbj@microsoft.com>
> A new version of I-D, draft-ietf-oauth-jwt-bcp-02.txt
> has been successfully submitted by Yaron Sheffer and posted to the
> IETF repository.
> Name:           draft-ietf-oauth-jwt-bcp
> Revision:       02
> Title:          JSON Web Token Best Current Practices
> Document date:  2018-05-02
> Group:          oauth
> Pages:          13
> URL: https://www.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bcp-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/
> Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-02
> Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bcp
> Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-jwt-bcp-02
> Abstract:
>    JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security
>    tokens that contain a set of claims that can be signed and/or
>    encrypted.  JWTs are being widely used and deployed as a simple
>    security token format in numerous protocols and applications, both in
>    the area of digital identity, and in other application areas.  The
>    goal of this Best Current Practices document is to provide actionable
>    guidance leading to secure implementation and deployment of JWTs.
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._