[POSH] What's the point of using JWKs in POSH?
Thijs Alkemade <me@thijsalkema.de> Tue, 20 May 2014 18:43 UTC
Return-Path: <me@thijsalkema.de>
X-Original-To: posh@ietfa.amsl.com
Delivered-To: posh@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F5D1A038E for <posh@ietfa.amsl.com>; Tue, 20 May 2014 11:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.495
X-Spam-Level: *
X-Spam-Status: No, score=1.495 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_WZ77CzXdb1 for <posh@ietfa.amsl.com>; Tue, 20 May 2014 11:43:12 -0700 (PDT)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id 150131A038C for <posh@ietf.org>; Tue, 20 May 2014 11:43:11 -0700 (PDT)
Received: from [192.168.1.2] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 044871FE44 for <posh@ietf.org>; Tue, 20 May 2014 20:43:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thijsalkema.de; s=mail; t=1400611387; bh=XFd5WWy3eColMlOpwQkeSgubQoqdjBTweNWA+DQ3564=; h=From:Subject:Date:To; b=MzIjC7bLokSJpDzyWKWH8XGrzh78cmIeKaKFuQjBV3e+lWKgRIuZPptUfbYh7LxyL feEoDZ+I4Emyh+t76fd482JB3qCb2Hp+o+WVEP3IyRqzVtNQS898YrTLxUUW2rdlj/ fG0IXS+Nizlklq3KRQLmzkkuxAmz8gfO41fZKFr0=
From: Thijs Alkemade <me@thijsalkema.de>
Content-Type: multipart/signed; boundary="Apple-Mail=_6F3B8F50-1EB1-4E84-A384-9FE37E0C0926"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Message-Id: <B840DF08-6478-41AC-8894-51B0524ED622@thijsalkema.de>
Date: Tue, 20 May 2014 20:42:58 +0200
To: posh@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/posh/s99T6-XyHgmuY4TUXFYScALorjw
Subject: [POSH] What's the point of using JWKs in POSH?
X-BeenThere: posh@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion about PKIX Over Secure HTTP <posh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/posh>, <mailto:posh-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/posh/>
List-Post: <mailto:posh@ietf.org>
List-Help: <mailto:posh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/posh>, <mailto:posh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 18:43:14 -0000
Hello, Today, I've spent some time on trying to implement POSH-checking for xmpp.net. My implementation aimed to do two things: doing the validation as described and showing someone how they could set up their .well-known file by converting their X509 certificates to JSON Web Keys. The latter part was a lot more work than the former and made me wonder why it is defined the way it is. From draft-ietf-xmpp-posh: Each included JWK object MUST possess the following information: o The "kty" field set to the appropriate key type used for TLS connections (e.g., "RSA" for a certificate using an RSA key). o The required public parameters for the key type (e.g., "n" and "e" for a certificate using an RSA key). o The "x5t" field set to the certificate thumbprint, as described in section 3.6 of [JOSE-JWK]. Yet the data that is required in the first and second bullet is never used. It doesn't specify if and how clients should verify it. Verification only uses the x5t field and optionally x5c. There are good arguments for "pinning" just the public key. draft-ietf-websec- key-pinning only uses the SPKI field, DANE can use either the full cert or its SPKI field (and optionally hashed). But the way it is specified here won't allow that: the x5t field always needs to be present and clients should verify it. So the public parameters of the key are useless here, but they make a key >10x as large is they have to be. Generating them is also not as easy: most certificate viewers show a SHA1 fingerprint and it's really easy to do with the openssl cli tool, but extracting n and e and base64-encoding them is a lot more work. I wouldn't even know what to do for ECDSA keys. Are there any interoperability reasons for using JWKs that I'm not aware of? Couldn't it just use a list of SHA1 hashes? Best regards, Thijs
- [POSH] What's the point of using JWKs in POSH? Thijs Alkemade
- Re: [POSH] What's the point of using JWKs in POSH? Matt Miller
- Re: [POSH] What's the point of using JWKs in POSH? Matt Miller