Re: [secdir] secdir review of draft-ietf-jose-jws-signing-input-options-06

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 14 December 2015 05:15 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947CE1AC422; Sun, 13 Dec 2015 21:15:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AlBxpPsp3gUX; Sun, 13 Dec 2015 21:15:55 -0800 (PST)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3681AC41C; Sun, 13 Dec 2015 21:15:55 -0800 (PST)
Received: by qget30 with SMTP id t30so3784472qge.3; Sun, 13 Dec 2015 21:15:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Rmq5CUnjNvrO5H39nlG7yqdxq65x4ifhdVGOCK1mcfs=; b=mmrcaBc4VK/HHVDYLTMRHSZYhfoKSCmp0yjnTl+yDN1B/q8mBSm5jCOgBBVPcL7IHQ +9bNe/7H+mm+9cEMsPyniiUYp20xQvoQZ6oE5Wm1gP+dTUVBPNILBwKktUqA3xPOYbfz F69lRpxxdmAFxvwHlVRpaYmltdMkldh8Kqzbul8RbY4RAW+Yq2KV5dTG8eDwZX+dVLX7 fS6ZcfFuoP/stGxSSQYUip26uPGrIC6x67kYpPJ2w/aqf6Jibtc8CP1gtL/0LBlKWawG npvt97xWlGAr84oWIAlebTfwGNsoC5MILYXWj0pLMWPdZDpIvtXp70eidUTDxbkfMx3p HJYA==
X-Received: by 10.140.177.15 with SMTP id x15mr21387564qhx.91.1450070154489; Sun, 13 Dec 2015 21:15:54 -0800 (PST)
Received: from [172.20.1.204] ([65.200.157.66]) by smtp.gmail.com with ESMTPSA id b107sm13210719qga.10.2015.12.13.21.15.52 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Dec 2015 21:15:53 -0800 (PST)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <BY2PR03MB442CCF362A8C9E9A1069A92F5ED0@BY2PR03MB442.namprd03.prod.outlook.com>
Date: Mon, 14 Dec 2015 00:15:52 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <995E3BF8-EDE9-45C7-AB40-83C167FE8BBA@gmail.com>
References: <alpine.GSO.1.10.1512111248420.26829@multics.mit.edu> <BY2PR03MB442A7FF30189B4A39215B74F5EC0@BY2PR03MB442.namprd03.prod.outlook.com> <8C206A9F-8629-4D6C-9EEA-25B71BF586D9@gmail.com> <BY2PR03MB442EC5B63F046735CF13227F5EC0@BY2PR03MB442.namprd03.prod.outlook.com> <CAHbuEH6ONNAjmjZ+KvkEnCf28=sqveFc3Rkg4DEVmXqasnmneA@mail.gmail.com> <CAHbuEH4KTL7EKAsPt7fmmD7D0cRdBT_0Pg3t+uVXgGdzm_tGKg@mail.gmail.com> <BY2PR03MB442869845352C5E62CD33F4F5ED0@BY2PR03MB442.namprd03.prod.outlook.com> <CAHbuEH5rXhaRP1iZM25E5T+iYCpPtRzjyPPsntW4FYDgfY4isA@mail.gmail.com> <062f01d13625$f3cfb260$db6f1720$@augustcellars.com> <BY2PR03MB442CCF362A8C9E9A1069A92F5ED0@BY2PR03MB442.namprd03.prod.outlook.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/dxiNvdkHhjiqaxowoCga23Gn8-M>
Cc: "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, Jim Schaad <ietf@augustcellars.com>, "draft-ietf-jose-jws-signing-input-options.all@ietf.org" <draft-ietf-jose-jws-signing-input-options.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-jose-jws-signing-input-options-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 05:15:57 -0000


Sent from my iPhone

> On Dec 13, 2015, at 11:34 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> 
> Kathleen - do you now concur with Jim that we should leave the Updates clause for 7519 in?  Let me know and then I'll post the resolutions to the Gen-Art and Sec-Dir comments.

Yes, that's fine.  Thanks, Jim.

Kathleen 
> 
>                -- Mike
> 
> -----Original Message-----
> From: Jim Schaad [mailto:ietf@augustcellars.com] 
> Sent: Sunday, December 13, 2015 8:15 PM
> To: 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>om>; Mike Jones <Michael.Jones@microsoft.com>om>; jose-chairs@tools.ietf.org
> Cc: 'Benjamin Kaduk' <kaduk@mit.edu>du>; iesg@ietf.org; secdir@ietf.org; draft-ietf-jose-jws-signing-input-options.all@ietf.org
> Subject: RE: secdir review of draft-ietf-jose-jws-signing-input-options-06
> 
> Please note that the write up addresses two different updates.
> 
> 7519  which was in the document and updates JWT with the statement that says - don't do this
> 7515  which would be an update of JWS - however it was determined that updating the registry is sufficient without updating the document itself.
> 
> While I don't know that there is a need to update 7519 - there is not really a strong statement to be made either way, so I did not ask for it to be removed.  I was more worried about the question of having an update to 7515 which was not present. Karen and I determined that we probably did not need to have this document updated so there were no changes to be made to the document.
> 
> I would keep the 7519 update since that was seen by the WG.  And not put in an update to 7515 since, again, that was what the WG saw.
> 
> Jim
> 
> 
>> -----Original Message-----
>> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
>> Sent: Sunday, December 13, 2015 7:59 PM
>> To: Mike Jones <Michael.Jones@microsoft.com>om>; 
>> jose-chairs@tools.ietf.org
>> Cc: Benjamin Kaduk <kaduk@mit.edu>du>; iesg@ietf.org; secdir@ietf.org; 
>> draft- ietf-jose-jws-signing-input-options.all@ietf.org
>> Subject: Re: secdir review of 
>> draft-ietf-jose-jws-signing-input-options-06
>> 
>> Jim & Karen,
>> 
>> I see the updates in the last 2 versions in both the header and 
>> abstract, prior to when the shepherd report was posted.  I see in the 
>> shepherd report that you do not agree that this draft updates RFC7519.
>> Is there a reason this change was not already made to the draft?
>> Please confirm that removing this is the right action, it seems to be 
>> from your shepherd report reasoning.
>> 
>> Best regards,
>> Kathleen
>> 
>> On Sun, Dec 13, 2015 at 10:50 PM, Mike Jones 
>> <Michael.Jones@microsoft.com>
>> wrote:
>>> To confirm, you want me to remove the Updates 7519 clause, and the 
>>> second
>> paragraph of the abstract, which says:
>>> 
>>>   This specification updates RFC 7519 by prohibiting the use of the
>>>   unencoded payload option in JSON Web Tokens (JWTs).
>>> 
>>> Correct?  I'll do that then shortly.
>>> 
>>>                                Thanks,
>>>                                -- Mike
>>> 
>>> -----Original Message-----
>>> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
>>> Sent: Sunday, December 13, 2015 7:37 PM
>>> To: Mike Jones <Michael.Jones@microsoft.com>
>>> Cc: Benjamin Kaduk <kaduk@mit.edu>du>; iesg@ietf.org; secdir@ietf.org; 
>>> draft-ietf-jose-jws-signing-input-options.all@ietf.org
>>> Subject: Re: secdir review of
>>> draft-ietf-jose-jws-signing-input-options-06
>>> 
>>> Mike,
>>> 
>>> Sorry, I take that back.  The chairs make a good point in the shepherd writeup.
>> This really doesn't update 7519, so it should not say that in the abstract.
>>> 
>>> Thanks.
>>> 
>>> On Sun, Dec 13, 2015 at 10:05 PM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>>> Mike,
>>>> 
>>>> Please do add that to the abstract and post as soon as you can with 
>>>> all updates from last call received so far and agreed upon.
>>>> 
>>>> Thanks,
>>>> Kathleen
>>>> 
>>>> On Sat, Dec 12, 2015 at 10:30 PM, Mike Jones 
>>>> <Michael.Jones@microsoft.com> wrote:
>>>>> Sounds good.  Thanks, Kathleen.
>>>>> 
>>>>>                                -- Mike
>>>>> 
>>>>> -----Original Message-----
>>>>> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
>>>>> Sent: Saturday, December 12, 2015 7:28 PM
>>>>> To: Mike Jones <Michael.Jones@microsoft.com>
>>>>> Cc: Benjamin Kaduk <kaduk@MIT.EDU>DU>; iesg@ietf.org; 
>>>>> secdir@ietf.org; 
>>>>> draft-ietf-jose-jws-signing-input-options.all@ietf.org
>>>>> Subject: Re: secdir review of
>>>>> draft-ietf-jose-jws-signing-input-options-06
>>>>> 
>>>>> 
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>>> On Dec 12, 2015, at 9:33 PM, Mike Jones 
>>>>>> <Michael.Jones@microsoft.com>
>> wrote:
>>>>>> 
>>>>>> Hi Ben,
>>>>>> 
>>>>>> Thanks for the useful review.  Replies are inline below...
>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From: Benjamin Kaduk [mailto:kaduk@MIT.EDU]
>>>>>>> Sent: Friday, December 11, 2015 10:05 AM
>>>>>>> To: iesg@ietf.org; secdir@ietf.org;
>>>>>>> draft-ietf-jose-jws-signing-input-
>>>>>>> options.all@ietf.org
>>>>>>> Subject: secdir review of
>>>>>>> draft-ietf-jose-jws-signing-input-options-06
>>>>>>> 
>>>>>>> Hi all,
>>>>>>> 
>>>>>>> I have reviewed this document as part of the security 
>>>>>>> directorate's ongoing effort to review all IETF documents being 
>>>>>>> processed by the IESG.  These comments were written primarily 
>>>>>>> for the benefit of the security area directors.  Document 
>>>>>>> editors and WG chairs should treat these comments just like any 
>>>>>>> other last call
>> comments.
>>>>>>> 
>>>>>>> This document is Ready.
>>>>>>> 
>>>>>>> The main JWS spec (RFC 7515) required that the signed payload 
>>>>>>> was base64url-encoded prior to signing.  This results in a 
>>>>>>> noticeable size expansion; in some circumstances it is desirable 
>>>>>>> to avoid this expansion and reencoding.  I did not follow the 
>>>>>>> JWS document closely at the time, but I believe this issue was 
>>>>>>> raised at the time and consensus reached on the published 
>>>>>>> version because it is always
>> safe for applications to use.
>>>>>>> This document provides an opt-in mechanism for application 
>>>>>>> (protocol)s to avoid the extra encoding and expansion, leaving 
>>>>>>> the burden on the application to determine whether it is safe to 
>>>>>>> do so and perform the relevant input checking/sanitization.  The 
>>>>>>> security considerations correctly describe the implications of 
>>>>>>> the loss of encoding and the restrictions on the signed content 
>>>>>>> when detached payloads are not used, interoperability concerns 
>>>>>>> for applications not supporting the b64 header parameter, and 
>>>>>>> proposes
>> appropriate countermeasures.
>>>>>> 
>>>>>> Thanks for letting us know that the security considerations were 
>>>>>> clear=
>