Re: [OAUTH-WG] Signed JWK Sets
Richard Barnes <rlb@ipv.sx> Mon, 18 March 2024 00:32 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B725C14F616 for <oauth@ietfa.amsl.com>; Sun, 17 Mar 2024 17:32:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1TMEXzpFk4z for <oauth@ietfa.amsl.com>; Sun, 17 Mar 2024 17:32:36 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F5DC14F5F7 for <oauth@ietf.org>; Sun, 17 Mar 2024 17:32:36 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id ca18e2360f4ac-7cbf85249a7so59769639f.1 for <oauth@ietf.org>; Sun, 17 Mar 2024 17:32:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20230601.gappssmtp.com; s=20230601; t=1710721956; x=1711326756; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QZtnixCnETweFU60cFmULfkRHCMx2xA71OMRnbRJSIM=; b=z0Teqkqy8zatCbttgX0YdvFmfHCQUP6QRlluncEu8/Xp/VAwIHQhAZ4xtgAyhuhQu+ XjIDiAh78zXusVWAUPXX9wKSl+iHv0pHtxs3cfsCCtDW4wNoitbvzoKClBB/GQKqbhj2 UHDl1TAq4s+9CcTr9XdTti4pCx/6nXAVdXdaWc8sTlI97zypHcxynm1K9u6XTrpIkK95 vv2pk48lHmKEZOrNYIWls05hJzdZD5zi6IPSULDKOClHY581J2MH2SQgFY3ibJxsA9YX pyjMjZXpPVF2uFxtezaschadYvMgVwCOJso6ztZ/MOy7GiTSEruS/60vKynbyZlLovbK 5KQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710721956; x=1711326756; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QZtnixCnETweFU60cFmULfkRHCMx2xA71OMRnbRJSIM=; b=Bq/OmI9ertZIY9gHBBf/O5kpcwbqRCXB5TZyc9KneFNTdU4TSCY+MfAhlSnl9lapbb mP8t6NzUWU+qboINvjm2DznQOHCUWnfuH2N1KarlRg3Wd6j8XfLquEP/qmRJhY0RIWBI tK5IzX6sv053OoSOTker0j19eXWPDmzvkZCLncySGam6a5fPRTi4DtSVG0KPqkX3NpWo 2ZQLyolry/MTONlOrRclWi7FnkH6woKiD0O+JtKzMhey5BeP2JlXM04Mma8x3nrvQoV4 XKuKzb/zUEoN6Gs1Vx5em+sGQiGR21xGomNHdfuvTpZkTCUJN3sl3NSMnfnR1dVMY0BB TDQA==
X-Gm-Message-State: AOJu0YyWuTRhCGvf0qUyzKsDRivr8rIzM1Mka42/EKR33HvzDBC7T7TE 0PwNc10vRTlc+MBLhNhO3CAFU3oC+Zua6Kaj5P6w3totx4JnLa7kPtizIhJ+MFk4Zn8FnguDzXf 43olNvxCZpE0HVvUGSUsEW1WkXrZuAEymbOM+cw==
X-Google-Smtp-Source: AGHT+IFqHLd5h/7UX8C6NK79m2H8nhp6S6xL5dEK8SF5OHFfI/SiHVjja/aN9cFPcJNes2wj8+W2g0db/wk/RcqihBk=
X-Received: by 2002:a92:ce0b:0:b0:366:c054:7cb0 with SMTP id b11-20020a92ce0b000000b00366c0547cb0mr2151458ilo.30.1710721955707; Sun, 17 Mar 2024 17:32:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgSANrR=nys3RXDOYJPibLkv25X8Okq4dhL0Dpfi_ZSS_A@mail.gmail.com> <CACsn0cm0XdfFEjspPuBaHiv5AD0PNpCCRifo4OOC+F+XC3rAmg@mail.gmail.com>
In-Reply-To: <CACsn0cm0XdfFEjspPuBaHiv5AD0PNpCCRifo4OOC+F+XC3rAmg@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 18 Mar 2024 10:32:24 +1000
Message-ID: <CAL02cgQVWQfQ2wnpHZ2=OL5NMJTMf_Bxv+jifBFzu0WK+wYqrg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, Sharon Goldberg <goldbe@bastionzero.com>
Content-Type: multipart/alternative; boundary="0000000000007add9c0613e47e96"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/yQcBb8GMrJInD5tlwIIy1TaN7xo>
Subject: Re: [OAUTH-WG] Signed JWK Sets
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 00:32:40 -0000
Hi Watson, I appreciate the concerns with regard to re-using Web PKI certs for cases such as these. Care is required, but I think there is a path here. 1. Clearly there are cross-protocol concerns. I expect that most usage here in reality would be based on ECDSA / EdDSA, not RSA, which helps. I would be comfortable with security considerations recommending that a key pair / certificate used for signing these things be used for no other purpose. 2. Validity times are definitely a challenge for the container signing use case, but from the conversations I've had with that community, they are taking an orthogonal approach. As I tried to sketch in the document, they are establishing authorities that will vouch that a signed thing existed at a given time, so that a relying party can safely rewind their clock and validate as if it were that time. See, e.g., SigStore < https://www.sigstore.dev/>, which has roughly this shape if you squint right. 3. I don't think there's actually any disconnect between HTTPS authentication and proof of authority. The Web PKI is about authenticating domain names, which is what both use cases require. Best, --Richard On Mon, Mar 18, 2024 at 10:23 AM Watson Ladd <watsonbladd@gmail.com> wrote: > On Sat, Mar 16, 2024 at 10:56 PM Richard Barnes <rlb@ipv.sx> wrote: > > > > Hi all, > > > > A few of us have been considering use cases for JWTs related to > Verifiable Credentials and container signing, which require better "proof > of authority" for JWT signing keys. Sharon Goldberg and I wrote up a quick > specification for how to sign a JWK set, and how you might extend discovery > mechanisms to present such a signed JWK set: > > > > > https://github.com/bifurcation/redistributable-jwks/blob/main/draft-barnes-oauth-redistributable-jwks.md > > > > (Just in GitHub for now; will publish as an I-D when the window reopens > tomorrow.) > > > > If we could get this functionality added to OAuth / OIDC, it would make > these use cases work a lot better. As a prelude toward proposing working > group adoption, it would be great to know if this design seems helpful to > other folks as well. Obviously, happy to answer any questions / comments. > > I have concerns about this proposal. First we need to ban any use of > RSA-1.5 encryption (aka TLS 1.2) with the certificates used here. This > is not really possible in TLS as commonly implemented for reasons, and > can't be determined from the certificate alone (unless it's RSA-PSS > certificate with special stuff that hopefully is honored or ECDSA). > Then there's a philosphical issue to reusing keys for different > purposes that requires domain separation ala TLS 1.3, and likely some > X509 extensions as well to really nail it. > > Secondly there are a bunch of layer 8 question with the Web PKI this > raises. The web PKI is moving to short term issuance and possibly > removal of revocation entirely if certificates can be sufficiently > short term. For signatures on containers this is inappropriate: a > verification that a container is the correct container needs to be > possible long after 90 days or a week, and this means the keying > material that was used to make that signature must be held secure > afterwards. This runs straight up into what we're trying to do to > improve the Web PKI, and using the Web PKI for other things often > leads to pain. > > Thirdly the web PKI issuance methods make sense from a web > perspective, but not necessarily from a codesigning perspective. What > we want to validate is different. Organizationally websites and > codesigning often belong in different places. At the same time there's > a barrier to alternatives, especially the ones that don't exist (see > also Roughtime for my personal experience with this). These issues get > real thorny real fast. > > Sincerely, > Watson Ladd > > > -- > Astra mortemque praestare gradatim >
- Re: [OAUTH-WG] Signed JWK Sets John Zila
- [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Michael Jones
- Re: [OAUTH-WG] Signed JWK Sets Michael Jones
- Re: [OAUTH-WG] Signed JWK Sets Watson Ladd
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Watson Ladd
- Re: [OAUTH-WG] Signed JWK Sets Joseph Salowey
- Re: [OAUTH-WG] Signed JWK Sets Orie Steele
- Re: [OAUTH-WG] Signed JWK Sets Richard Barnes
- Re: [OAUTH-WG] Signed JWK Sets Ethan Heilman
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Ethan Heilman
- Re: [OAUTH-WG] Signed JWK Sets Joseph Salowey
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Neil Madden
- Re: [OAUTH-WG] Signed JWK Sets Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Signed JWK Sets James Carnegie