IETF Logo Mail Archive

Re: [Secdispatch] [dispatch] [art] Plain text JSON digital signatures

Samuel Erdtman <samuel@erdtman.se> Sat, 01 May 2021 21:24 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE6A83A10DB for <secdispatch@ietfa.amsl.com>; Sat, 1 May 2021 14:24:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2dgOdGYuAKG for <secdispatch@ietfa.amsl.com>; Sat, 1 May 2021 14:24:36 -0700 (PDT)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BAA83A10E2 for <Secdispatch@ietf.org>; Sat, 1 May 2021 14:24:36 -0700 (PDT)
Received: by mail-ot1-x334.google.com with SMTP id n32-20020a9d1ea30000b02902a53d6ad4bdso1729675otn.3 for <Secdispatch@ietf.org>; Sat, 01 May 2021 14:24:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/A8fC/y06IUQCpxXUtnwqNKNMEXAPLVQIgkwFkVzgKc=; b=11G7EeuMT2OVhfIffPfFwkJzJlhvMGddlmi9rM9TWu2Qn+YgfmJp/Se8B8lqGuRVcK 5tdrmKGsHUBfJIYzPQnbntfIdvbdSXDDyPHB0OoQpGgKLt2KcOmfOC9c7QxZhMT9PH8Y F6fqkrk5FL5/ipF9nM0HEUJM/D7kzn/9OPKJcBoAuyrzjdszVaMD5DlCX1QaCxx319dI rFUzwgCKENwNUGxtTVjCVGSDwFt7UWqXr8IkqCmZehME6ni2YtLQ/Or29IbcbSlGhepO pHPjRcX2BvHg2yDnrZhx8pmL7kXqkGPWoDrwV0JztgcXbu4U8+X8GmEU9K/uSe6y0HQV hWjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/A8fC/y06IUQCpxXUtnwqNKNMEXAPLVQIgkwFkVzgKc=; b=jcccjuZAyRhT2FV163Rc8+dParS4uNHzg82QumvWKsb4CeKKkwOgTp1DF4/035XF01 u2NG1vV8GpWu6n7O/nBsgtvMYklJAIGQoftjPyIpM7SX3TXd7Ae449QJdjs7QL+Snq7d QyxVxSdw50kiRLKwJYzFCBX2g5rPmDfe4P+J+zmKGts4voFupk0pjzNZ3qgkY3PgMU3t 2rDFwJK+IooIBsTfaU4HQMx+k3zml0lJMV0RoW+3SQ4lsw58/sfSr1UmacXeXT2a8q6K 7cjC3Xoobxj2s2e53y5Jf5/hKvJ6Y7EMp/difPGJa5m730tLAcaKyCg7/AxtDFL73dHb lWcA==
X-Gm-Message-State: AOAM530wKj+lispPPdpzikMurTTSct6PKpxBabhzsElU5Un7n6LlJsNc QkrYgWp1uLrtJ3t0Ks8IziHAc0YVGK+Jd0TPVRXL4g==
X-Google-Smtp-Source: ABdhPJw/XGFSI7GGw9rZNxUUOAdVfwa8GivwmhyCLXi8eL6riv//NGsByNKYt9FhJPHTLuajOltpyTYum73w1Z3OuOc=
X-Received: by 2002:a05:6830:4ca:: with SMTP id s10mr9304681otd.79.1619904273973; Sat, 01 May 2021 14:24:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-v7uJOpjj+nbZCfQe+4JEQt-6=b6cm57iFPAn_enGeRCQ@mail.gmail.com> <3B394519-4061-43A8-8963-55A6ADEDF269@gmail.com> <19a99964-8495-2de9-b49a-52aa8321c12e@aaa-sec.com> <220475a6-1e04-107e-6327-366d48d8b420@gmail.com> <27833d9d-53c3-d01c-b01c-e7d53424b5ab@aaa-sec.com> <A88D122C-C1EB-477B-A83C-A22F1BB3CC47@gmail.com> <B8E5AF13-7B59-4329-890F-2B14766032A5@tzi.org> <CAF2hCbahPMAwe_63dT+pcz2BZSy0XOPstXqpxsCq1Vj0UmSDPg@mail.gmail.com> <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org>
In-Reply-To: <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Sat, 01 May 2021 23:24:23 +0200
Message-ID: <CAF2hCbaAx00dxxb2jRmQzVBaW7yyhefQ33+yt0uHwvwt+W_hfw@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: art@ietf.org, IETF SecDispatch <Secdispatch@ietf.org>, DISPATCH <dispatch@ietf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
Content-Type: multipart/alternative; boundary="000000000000d212eb05c14b5aeb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/1c_cp2XVAf2luwBlIYbqcDtCzro>
Subject: Re: [Secdispatch] [dispatch] [art] Plain text JSON digital signatures
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2021 21:24:42 -0000

Thanks Carsten,

Your clarifications were great!

See some comments inline.

On Sat, May 1, 2021 at 1:04 AM Carsten Bormann <cabo@tzi.org> wrote:

> Hi Samuel,
>
> > 1. What do you mean with data at rest, data store in database or file?
>
> The point is that you are not signing the data being transferred, but a
> local copy of some (e.g., freshly decoded) data (i.e., at the data model
> level) which is then processed a little (potentially taking out all
> signatures) and then is run through a rather complicated engine to produce
> a signing input that is a deterministic function of the decoded and
> processed data.
>
> There are easier ways to get a signing input from JSON-like data at rest.
> For a (quite workable) strawman: How about doing a CBOR encoding using
> deterministic encoding rules?
>

This is a good point. Still not convinced other solutions would be orders
of magnitude better and the proposed one is easy to implement and easy to
understand (maybe too easy since I had not thought about your alternative
solution).


>
> > Or is it data that does not change? Sorry I do not get it.
> >
> > 2. What is weird with saying "Represented in JSON”?
>
> Your scheme does NOT require (or benefit in any way from) representing the
> data in JSON.
> The data could be transferred in YAML (or CBOR for that matter): as long
> as your local copy of the decoded data (after the little processing) sticks
> inside the confines of the I-JSON data model, you can use your scheme for
> signing.
>

But since JSON according to https://tools.ietf.org/html/rfc7159 is fairly
flexible, would not fitting it into CBOR require similar limitations as
RFC8785 puts on what you can do with the JSON? (i.e. the I-JSON limitations)


>
> > is it that the RFC7493 I-JSON subset is not all that JSON could be? (to
> me this is a reasonable limitation that I in practice never have had to go
> outside)
>
> Well, that has been debated to death, and it is clear that nobody likes
> I-JSON (*), but it is the de-facto boundary within which the actually more
> capable JSON format needs to be used these days.
> (If you need more flexibility, you know where to find CBOR.)
>

So are you saying that CBOR would not impose the same limitations on the
original JSON as RFC8785?


>
> > 3. So I totally get that one does not like XMLDigSig, in my opinion not
> because of the signing procedures but because of the canonicalization
> process. When I looked at it I gave up and created a hardcoded template.
> The difference in canonicalization of JSON (RFC7493 I-JSON subset)
> according to RFC8785 is like night and day compared to XML
> canonicalization. In your comment it seems like you are of the opinion that
> this effort will be as tricky as XMLDigSig. do you think so?
>
> Indeed, the RFC 8785 encoding is (ignoring potential problems on the
> numeric side) simpler than canonicalized XML, even with its weird
> regression to UTF16-land.
>
> Much of the actual problems of XMLDSig weren’t in the canonicalization,
> but in the confusion of how the data at rest was to be processed for
> signing, e.g., what part of the data at rest was contributing to the
> signing input and what the signature on that part then actually meant.  JWS
> is probably flexible enough that a carefully constructed application can
> get all this right, but we are talking about non-trivial specifications
> needed beyond the boring part of generating the byte-string signing input.
>
> > 4. Not sure I agree with “clear text” or “plain text" being bad
> descriptions. Yes what is signed is the RFC8785 transformation of the input
> data, but the signature are then put into your data keeping the data in its
> original “clear text” or “plain text" as opposed to base64-url encoded. I
> guess enveloped JWS is a more accurate name but “clear text” or “plain
> text" is easy to understand.
>
> Well, I understand that the naming you chose is a good strategy for
> selling the scheme.
> It is, however, not describing what is actually going on, and I try to
> minimize the use of misleading terminology.
>

Fair point


>
> Grüße, Carsten
>
> (*) Over at the JSON mailing list, there has been some fresh discussion
> just this week about how to get around some of the implementation
> limitations, or JSON’s (deliberate!) lack of extensibility, or both.
> Archived-At: <
> https://mailarchive.ietf.org/arch/msg/json/BWkSc8JYybzmgLT0Bsmfhiwf7cY>
> and the thread behind that.
>
>

v2.23.0 | Report a Bug | By Email