IETF Logo Mail Archive

[Secdispatch] Plain text JSON digital signatures

Bret Jordan <jordan.ietf@gmail.com> Tue, 27 April 2021 15:27 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 639AE3A10C7; Tue, 27 Apr 2021 08:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5ebtYXOGOPk; Tue, 27 Apr 2021 08:27:35 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3FB23A10C5; Tue, 27 Apr 2021 08:27:31 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id n21so13883423eji.1; Tue, 27 Apr 2021 08:27:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Su1b6AwVPUEry3M5HdAShW9WgyxwpjHbHuDsX3YB7cQ=; b=PBQ2CvrhAgd00SDMM4iHGX8qGmkPPvZyX0vpr27/4RXmywQjVFmzWG/zZsBLJ5C/N5 92P2rEmX5KG4hs8bxzzm9cKgac0cHQgst3WPI5Jt2RGs9GsUtW2c3dPp3UOKgEkEy50f IH2x6GsPsH1cqufXlHD24FfnGiYXVsEK8wLt+e417ShtFgDDKy0Z+H3OVi3UxTwt5l5t yJG2stdJqUvry3CJH94LjN8m0/BK4y6vKD8o6X0Ilqwo59/SuZNP70ARoULpzOkcMkHF t/j8KId0Ee1nKq1PhHlOXFLRwni+gKWFEb42xjAIhJufNGqZFRG5KkdtVCDoL0kbu4AR B6Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Su1b6AwVPUEry3M5HdAShW9WgyxwpjHbHuDsX3YB7cQ=; b=f/5cp22hEtibt2nt8RvZuaDaY/NmhmSXQrNLL1FW9GkNBjCA8N+0CHy8IcK6c9Me+a kFrekVzEtYAMTp5Swr7IADgkGbz5OiU66lZKKJiN7Nn9d9M3CywuFkEoZqmCMiV3aiq3 plWXYoU26K8NmoSwZRbXm4r64Ew8ENjUZzQns9M/yzsyz9wnb82A1BBn3rG5NiWlLjYt TULuiOKGWBoVKNL/pO/7zKipxtaN5t4oANMwO4ufmuCsIZGaML1rtAP9gdzI+5PygoCw kg5dS1MAPNNydK2GuE8ghPlSF7Dy1jzSj8HjD6cLsZhlFSfXx2BV1l4gPwSXcNi6SAfU GO9Q==
X-Gm-Message-State: AOAM533H8pr5oj7NqXwcm8vetuIpvZaa/tQvuMEXYCmoY/XkwbYmir2a byx8mTuUCgEzgxsT4P4c+Ys6dvx4m01MvUCtdhthehniD/I=
X-Google-Smtp-Source: ABdhPJwSomPkLTIMvp4E5sxZtS7tV4/7MLzSfCOlP+u/GZIcDkxk92mqCa8CuF966qIk1IUNEV8O57O2BrMy16N5w7A=
X-Received: by 2002:a17:906:c290:: with SMTP id r16mr23952010ejz.241.1619537248667; Tue, 27 Apr 2021 08:27:28 -0700 (PDT)
MIME-Version: 1.0
From: Bret Jordan <jordan.ietf@gmail.com>
Date: Tue, 27 Apr 2021 09:27:17 -0600
Message-ID: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com>
To: DISPATCH <dispatch@ietf.org>, IETF SecDispatch <Secdispatch@ietf.org>, art@ietf.org, rfc-ise@rfc-editor.org
Content-Type: multipart/alternative; boundary="000000000000684d2105c0f5e645"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/0kxStuDPR_SW8f1K1OJpsQCioMY>
Subject: [Secdispatch] Plain text JSON digital signatures
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 15:27:39 -0000

Dear Dispatch,

Anders Rundgren, Samuel, Erdtman, and I have been working on an ID for your
consideration. This document describes how to use JWS and JCS to create
plain-text JSON signatures. The abstract reads as follows:

This document describes a method for extending the scope of the JSON Web
Signature (JWS) standard, called JWS/CT.  By combining the detached mode of
JWS with the JSON Canonicalization Scheme (JCS), JWS/CT enables JSON
objects to remain in the JSON format after being signed (aka "Clear Text"
signing).  In addition to supporting a consistent data format, this
arrangement also simplifies documentation, debugging, and logging.  The
ability to embed signed JSON objects in other JSON objects, makes the use
of counter-signatures straightforward.

The data tracker page for this:
https://datatracker.ietf.org/doc/draft-jordan-jws-ct/

As you know there are large ecosystems that needs digital signatures for
plain text JSON data, meaning where the JSON data is not base64 encoded.
This ID provides a solution using existing IETF RFCs to make this work.
Further, this work looks to be adopted by many groups and organizations
from financial services, threat intelligence, and incident response.

We are not sure what direction would be best for this work in the IETF,
should we send to the ISE for publication or do you want to create a
working group. Ultimately there is a lot of work that could be done in this
space to meet the needs of the market. We would be happy with releasing
these IDs for ISE publication, or for creating a working group to move them
forward. It is just important to note that the market is in desperate need
of these solutions. If you want to take it for a spin, there is a JWS/CT
playground at: https://mobilepki.org/jws-ct

Thanks
Bret

-- 

Sent from my TI-99/4A

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

v2.29.0 | Report a Bug | By Email | System Status