Re: [secdir] secdir review of draft-ietf-jose-jws-signing-input-options-06
Benjamin Kaduk <kaduk@MIT.EDU> Mon, 14 December 2015 03:06 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D7D1A9140; Sun, 13 Dec 2015 19:06:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQEp85_qnQdu; Sun, 13 Dec 2015 19:06:02 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B144E1A9125; Sun, 13 Dec 2015 19:06:00 -0800 (PST)
X-AuditID: 1209190f-f79d06d000004b20-60-566e3217a810
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 90.A2.19232.7123E665; Sun, 13 Dec 2015 22:05:59 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id tBE35wmj026344; Sun, 13 Dec 2015 22:05:59 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tBE35tfG010115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 13 Dec 2015 22:05:57 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id tBE35sbw010160; Sun, 13 Dec 2015 22:05:54 -0500 (EST)
Date: Sun, 13 Dec 2015 22:05:54 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Mike Jones <Michael.Jones@microsoft.com>
In-Reply-To: <BY2PR03MB442A7FF30189B4A39215B74F5EC0@BY2PR03MB442.namprd03.prod.outlook.com>
Message-ID: <alpine.GSO.1.10.1512132205240.26829@multics.mit.edu>
References: <alpine.GSO.1.10.1512111248420.26829@multics.mit.edu> <BY2PR03MB442A7FF30189B4A39215B74F5EC0@BY2PR03MB442.namprd03.prod.outlook.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixG6noitulBdmcPO7isX01tssFjP+TGS2 2DvtE4vFh4UPWRxYPJYs+cnk0brjL3sAUxSXTUpqTmZZapG+XQJXxp05P1kK9qtWzJn2maWB 8YtsFyMnh4SAicTjfy+YIWwxiQv31rOB2EICi5kkHt6y7mLkArI3Mkq87tjODOEcYpK4emg5 K4TTwChxdtJOdpAWFgFtiS+Pf4G1swmoSMx8sxHMFhHQkXh88RuYzSxwhFHi4GddEFtYwEvi 6pz/jCA2p0C0xP2JD8BsXgFHiQlH17FALJjAKLH4zA0WkIQo0KDV+6ewQBQJSpyc+YQFYqiW xPLp21gmMArOQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6JXm5miV5qSukmRlAA c0ry72D8dlDpEKMAB6MSD2/GstwwIdbEsuLK3EOMkhxMSqK8y7uzw4T4kvJTKjMSizPii0pz UosPMUpwMCuJ8Har54UJ8aYkVlalFuXDpKQ5WJTEeed+8Q0TEkhPLEnNTk0tSC2CycpwcChJ 8P41AGoULEpNT61Iy8wpQUgzcXCCDOcBGv4epIa3uCAxtzgzHSJ/ilFRSpy3DyQhAJLIKM2D 6wUnmN1Mqq8YxYFeEeZ9AVLFA0xOcN2vgAYzAQ0+ejIbZHBJIkJKqoFRz3rBfEf/5LxwRd4V 26RTdnSp6YsKpabuWvTj3MyotwfOmz9aGz/JeoaRePYu26MdfUx+Rl+/7z331Wmv+Le7b6fe Dbz4YKZo/c1D/3xfN5Q++yGkelrRV+381cf58p7V3ubXYm4k7zBdx6iz1OrAuwDLouvHF6ts n65/v9CruJuxS+FS/SZ3JZbijERDLeai4kQA7QV9dAsDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/tw96nRfQ8E-JQGKhTDKHQR2Fsio>
Cc: "draft-ietf-jose-jws-signing-input-options.all@ietf.org" <draft-ietf-jose-jws-signing-input-options.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-jose-jws-signing-input-options-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 03:06:04 -0000
Hi Mike, Thanks for the explanations -- your proposed changes sound good to me. -Ben On Sat, 12 Dec 2015, Mike Jones wrote: > Hi Ben, > > Thanks for the useful review. Replies are inline below... > > > -----Original Message----- > > From: Benjamin Kaduk [mailto:kaduk@MIT.EDU] > > Sent: Friday, December 11, 2015 10:05 AM > > To: iesg@ietf.org; secdir@ietf.org; draft-ietf-jose-jws-signing-input- > > options.all@ietf.org > > Subject: secdir review of draft-ietf-jose-jws-signing-input-options-06 > > > > Hi all, > > > > I have reviewed this document as part of the security directorate's ongoing > > effort to review all IETF documents being processed by the IESG. These > > comments were written primarily for the benefit of the security area > > directors. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > This document is Ready. > > > > The main JWS spec (RFC 7515) required that the signed payload was > > base64url-encoded prior to signing. This results in a noticeable size > > expansion; in some circumstances it is desirable to avoid this expansion and > > reencoding. I did not follow the JWS document closely at the time, but I > > believe this issue was raised at the time and consensus reached on the > > published version because it is always safe for applications to use. > > This document provides an opt-in mechanism for application (protocol)s to > > avoid the extra encoding and expansion, leaving the burden on the > > application to determine whether it is safe to do so and perform the relevant > > input checking/sanitization. The security considerations correctly describe > > the implications of the loss of encoding and the restrictions on the signed > > content when detached payloads are not used, interoperability concerns for > > applications not supporting the b64 header parameter, and proposes > > appropriate countermeasures. > > Thanks for letting us know that the security considerations were clear. > > > Interestingly, this document does not need to update the JWS spec, since it is > > just adding to an IANA registry and not modifying the core spec, but it does > > update the JWT spec (RFC 7519) to prohibit the use of b64=false in JWTs. No > > justification is made for this restriction in the text of the document, but it > > seems reasonable to "play it safe" in this sense, to me. > > The restriction is there for interoperability reasons. I added the phrase "For interoperability reasons" to my working copy of the document so this reason is stated. > > > I do have a few nits unrelated to the security review: > > > > The abstract mentions the "Updates: 7519", but the introduction does not; I > > am sometimes told that both locations should mention the update, but I > > assume that the RFC Editor will notice if anything needs to change. > > The restriction is listed (and now motivated!) in the "Intended Use by Applications" section. That being said, if the RFC editor wants it repeated elsewhere, that would be fine. > > > It is a bit amusing that the example with payload "$.02" is actually longer > > with the unencoded payload, due to the overhead of the header field, but I > > do not suggest modifying the example at this time. > > Yep - that is amusing. I hadn't realized that, but it makes sense. > > > Section 5.3 makes reference to Section 8.3 of RFC 7159 for JSON string-escape > > processing, but I think perhaps section 7 of that RFC would be a better > > reference. > > The language you're referring to is actually directly copied from Section 5.3 of JWS [RFC 7519] because it's intended to have exactly the same meaning. For consistency reasons between this spec and JWS, I'm reluctant to change the reference, even though I understand your point. > > > Relatedly, I needed to reread the text in Section 5.3 a few times in order to > > convince myself that I correctly understood the procedure for generating the > > payload to be signed, but I believe that all the steps given are necessary and > > correct, and do not have proposed text that would be better. String-escape > > processing is just inherently fiddly. > > Again, because this language is from an already approved RFC and since you believe it is correct, I'm reluctant to fiddle with it. > > > I did not attempt to verify the examples' encoding and consistency. > > Others have done so (and are thanked in the Acknowledgements). > > > Thanks for this well-written document. > > Thanks for the useful review! Unless I hear objections to these resolutions and those to Robert's Gen-ART review, I'll plan to publish the updated document shortly. > > > -Ben > > Best wishes, > -- Mike > >
- [secdir] secdir review of draft-ietf-jose-jws-sig… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-jose-jws… Mike Jones
- Re: [secdir] secdir review of draft-ietf-jose-jws… Kathleen Moriarty
- Re: [secdir] secdir review of draft-ietf-jose-jws… Mike Jones
- Re: [secdir] secdir review of draft-ietf-jose-jws… Kathleen Moriarty
- Re: [secdir] secdir review of draft-ietf-jose-jws… Benjamin Kaduk
- Re: [secdir] secdir review of draft-ietf-jose-jws… Kathleen Moriarty
- Re: [secdir] secdir review of draft-ietf-jose-jws… Mike Jones
- Re: [secdir] secdir review of draft-ietf-jose-jws… Kathleen Moriarty
- Re: [secdir] secdir review of draft-ietf-jose-jws… Jim Schaad
- Re: [secdir] secdir review of draft-ietf-jose-jws… Mike Jones
- Re: [secdir] secdir review of draft-ietf-jose-jws… Kathleen Moriarty
- Re: [secdir] secdir review of draft-ietf-jose-jws… Mike Jones