Re: [secdir] Secdir review of draft-ietf-jose-json-web-signature-31

Richard Barnes <rlb@ipv.sx> Wed, 17 September 2014 13:24 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7CE51A0111 for <secdir@ietfa.amsl.com>; Wed, 17 Sep 2014 06:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DywX2ZZEq-_d for <secdir@ietfa.amsl.com>; Wed, 17 Sep 2014 06:24:28 -0700 (PDT)
Received: from mail-la0-f42.google.com (mail-la0-f42.google.com [209.85.215.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 621A11A02F2 for <secdir@ietf.org>; Wed, 17 Sep 2014 06:24:27 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id hz20so1866692lab.29 for <secdir@ietf.org>; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UNOoP9qWfXZWudfKHxTuIUtG/4zKsGMH8/reH/ZnWTo=; b=Iy40DpiDwcMR2bJdCAUu9v1zUglX57l9J45XBhdkK9OcRPrlWJCJmaHEwUtSQPnCAc nDnvnSwNALdM7lIJzcrKSzNodBeFR3Vx0IFLZf303WlAzQ/uOFEZnEHOPT/L33t772P3 hiS7QIxnDAEhwAmxLaocw5pdh5Sat+WE+wPHioNchRMsWkeEQNPnw/EdRhGoe+YG2dND /cb0O7aW7dvfd4jEr+tHNNPoOMHAQeAupNse3y9VmRg47fIQ3941h3fq4RAGaKS4ri73 sqvOXv37a/rHnAL/VqvI1+7Rhl5EUCGla4BSNFcPrC76+wsCAI0wxIyhvaeni8bYm/rr dxcA==
X-Gm-Message-State: ALoCoQkUbgMGe9z7J4UOgFr4uM1kUTFyANJMkd6HklhaCf8OeZrLKIIynpVlpSiT2G46xWz6sCnl
MIME-Version: 1.0
X-Received: by 10.152.116.7 with SMTP id js7mr45545522lab.12.1410960265676; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
Received: by 10.25.159.84 with HTTP; Wed, 17 Sep 2014 06:24:25 -0700 (PDT)
In-Reply-To: <21529.16232.880915.215045@fireball.kivinen.iki.fi>
References: <21512.21725.209461.976375@fireball.kivinen.iki.fi> <4E1F6AAD24975D4BA5B16804296739439AE9DD47@TK5EX14MBXC292.redmond.corp.microsoft.com> <CAL02cgSsi603XL2o4S89pAw64yLv0JRZaDg823uiyuTkm02AHA@mail.gmail.com> <21527.63989.999440.801542@fireball.kivinen.iki.fi> <CAL02cgQKfQr_dQ=0-oY19G4rmYL3928UWFLBfhDAyspwMU7W9g@mail.gmail.com> <21529.16232.880915.215045@fireball.kivinen.iki.fi>
Date: Wed, 17 Sep 2014 09:24:25 -0400
Message-ID: <CAL02cgSRmP+iRYqTPUdcgTipeDw1H8TdF3AMP-ORSqOwiWJEcQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary=001a11c2672a6d927d050342c988
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/V5NQaIkoXA27ciquGKb_mzlkTLA
Cc: "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, Mike Jones <Michael.Jones@microsoft.com>, "iesg@ietf.org" <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>, "draft-ietf-jose-json-web-signature.all@tools.ietf.org" <draft-ietf-jose-json-web-signature.all@tools.ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-jose-json-web-signature-31
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2014 13:24:29 -0000

On Wednesday, September 17, 2014, Tero Kivinen <kivinen@iki.fi> wrote:

> Richard Barnes writes:
> >     Perhaps, but is there benefits for leaving the alg without
> protection?
> >
> > Simplicity (if you omit protected headers altogether), and
> > compatibility with other signed things.  In the sense that you could
> > transform one of them into a JWS without re-signing.  This would
> > apply, for example, to an X.509 certificate -- just parse the outer
> > SEQUENCE, and re-assemble into a JWS with the tbsCertificate as
> > payload.  Same security properties that X.509 already has.
>
> Ok, having this kind of information somewhere in the draft would help
> to understand the reason. Also having text explaining that is
> possible, and that the security properties of this option (i.e. no
> problem with PKCS#1, etc... the text you had in the other email).
>
> > It's also completely unnecessary for PKCS#1 signatures, which are
> > the dominant use case today.
>
> I agree.
>
> > In general, I'm opposed to protocols baking in more
> > application-specific logic than they need to.  The point of JOSE is
> > to describe the cryptographic operation that was performed, and
> > carry the relevant bits around.  Its job is not to fix all the
> > weaknesses that every algorithm has.
>
> Yes, but this property might have security issues, so they should be
> covered by the security considerations section.


I'm perfectly happy to have it documented in the Security Considerations.

Mike: Should I generate some text, or do you want to take a stab?


> --
> kivinen@iki.fi <javascript:;>
>