IETF Logo Mail Archive

Re: [Secdispatch] [dispatch] Plain text JSON digital signatures

Bret Jordan <jordan.ietf@gmail.com> Tue, 27 April 2021 17:42 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F8F33A1983; Tue, 27 Apr 2021 10:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHyB5JF1Y75b; Tue, 27 Apr 2021 10:42:31 -0700 (PDT)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB71B3A197C; Tue, 27 Apr 2021 10:42:30 -0700 (PDT)
Received: by mail-pg1-x536.google.com with SMTP id d10so4492468pgf.12; Tue, 27 Apr 2021 10:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=HQL5Wqf3iRLxMjvIGI4OPl0Sd4/TKZ/qOX9ujzTIWVU=; b=K9nHfXu0geV4cePric67yELZVZBVb5od4rVWHn89jcV7cVv1Pf/tlD5SFLhstWHHzX 2ARVi0ZX3gX3EETQha/R/iEepR+XU5iCDefkCgIxt7i06ezZLWdhdS9cFfQJ3y4l+f31 d/O6C78uVTUk5iJN3fgSfDFI2v2hJkRE6IA1lht+VrCoRXRkqssWidQ3DOkSC0jlMTus MpLDRXhTQa+kn6jk8QpOlJTMpSJ/dvpoABR6+zeg1dT9P9o9JyqhV04bPc314vLOM27x 8XoI5Gsu8lI6YhrWJB8dNANItCKF1vcyLW3K1D8rrpT3y3/f7G8JFhWNgSOtRGM1S4WX HQew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=HQL5Wqf3iRLxMjvIGI4OPl0Sd4/TKZ/qOX9ujzTIWVU=; b=O/3dNV0wG5wDuMxk5BSBkLilt3cj5y+6Jnl6ObjVNQiN700iM/mcGysxpshyvAonq+ t4f9xVxrA2uf7Pn6YIOMSZJ5yCxkRU2mFT6H1UUsxFFbgsa/m2LCJyYI7dHSLuoLZVwf jCjk23i7rtlBhGnYekSvg+RZ3GZUZwRSQmYDMk8KP0v6YunAVqA6weeIlOYi3YIdVkwk 8p1Mg+p5DreeSXXdJWdNRzxIoNzubiCYQHoFp7LtbPXj5nX2nfJp9erB6D1oHi8mHPcA Ifs/WXJuiCR7hCLbJESGWidp4/InXHABRC9MVoOM5qjY/EWfRIHair+/6bA99l/lUmzu wcPw==
X-Gm-Message-State: AOAM532/dU56NJZuQCj/4paG8ss7Cy/2DSnl40vKG6tNSoV8AjCSzX+m lWrrfUO9Y6af5vaSQOpxo9xCTlVlHBk=
X-Google-Smtp-Source: ABdhPJwNO+WwxktDW8hDxLzBvx4km7rafVhuv1yWs9XHML4s6w4e4PiGcAXMO2jLJouP/iJhxgdQ2g==
X-Received: by 2002:a62:4c3:0:b029:27c:892f:8e22 with SMTP id 186-20020a6204c30000b029027c892f8e22mr155737pfe.6.1619545349138; Tue, 27 Apr 2021 10:42:29 -0700 (PDT)
Received: from smtpclient.apple ([136.36.112.224]) by smtp.gmail.com with ESMTPSA id k17sm2876516pji.47.2021.04.27.10.42.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Apr 2021 10:42:28 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <C0152EF1-CFE8-43A5-ABB7-01E73018DCC7@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9EA67B10-5CE9-4BAB-B068-859BEB87D62A"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Date: Tue, 27 Apr 2021 11:42:26 -0600
In-Reply-To: <19176491-A66F-41E9-9670-C842F82FCE68@brianrosen.net>
Cc: DISPATCH <dispatch@ietf.org>, IETF SecDispatch <Secdispatch@ietf.org>, art@ietf.org, rfc-ise@rfc-editor.org
To: Brian Rosen <br@brianrosen.net>
References: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com> <19176491-A66F-41E9-9670-C842F82FCE68@brianrosen.net>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/g7XvThD00P8eFddwTlsakC5z-14>
Subject: Re: [Secdispatch] [dispatch] Plain text JSON digital signatures
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 17:42:36 -0000

Hi Brian,

Yes, there are are lot of people and organizations that are looking for a solution like this. There are several that I know of that are already looking to adopt this or something similar in production. I also know Anders has been doing a lot of work in the financial sector using this for payment processing. What people need to realize is that plain text signatures and plain text JSON is a fundamental requirement. The proof of concept code I have written so far shows that this works, and works really well. 

It is great to hear that you would support this work, either through a PS or via the ISE. Please let us know if you have any feedback on the ID. 

Thanks
Bret





> On Apr 27, 2021, at 9:47 AM, Brian Rosen <br@brianrosen.net> wrote:
> 
> I am very much interested in this work.  My preference would be for a Proposed Standard.  There was a lot of opposition to the idea previously, so it may be that ISE is all we can get, but I would be willing to work towards PS, either in a new, short lived work group or as part of another work group.  
> 
> Brian
> 
>> On Apr 27, 2021, at 11:27 AM, Bret Jordan <jordan.ietf@gmail.com <mailto:jordan.ietf@gmail.com>> wrote:
>> 
>> Dear Dispatch,
>> 
>> Anders Rundgren, Samuel, Erdtman, and I have been working on an ID for your consideration. This document describes how to use JWS and JCS to create plain-text JSON signatures. The abstract reads as follows:
>> 
>> This document describes a method for extending the scope of the JSON Web Signature (JWS) standard, called JWS/CT.  By combining the detached mode of JWS with the JSON Canonicalization Scheme (JCS), JWS/CT enables JSON objects to remain in the JSON format after being signed (aka "Clear Text" signing).  In addition to supporting a consistent data format, this arrangement also simplifies documentation, debugging, and logging.  The ability to embed signed JSON objects in other JSON objects, makes the use of counter-signatures straightforward.
>> 
>> The data tracker page for this: https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ <https://datatracker.ietf.org/doc/draft-jordan-jws-ct/>
>> 
>> As you know there are large ecosystems that needs digital signatures for plain text JSON data, meaning where the JSON data is not base64 encoded. This ID provides a solution using existing IETF RFCs to make this work. Further, this work looks to be adopted by many groups and organizations from financial services, threat intelligence, and incident response. 
>> 
>> We are not sure what direction would be best for this work in the IETF, should we send to the ISE for publication or do you want to create a working group. Ultimately there is a lot of work that could be done in this space to meet the needs of the market. We would be happy with releasing these IDs for ISE publication, or for creating a working group to move them forward. It is just important to note that the market is in desperate need of these solutions. If you want to take it for a spin, there is a JWS/CT playground at: https://mobilepki.org/jws-ct <https://mobilepki.org/jws-ct>
>> 
>> Thanks
>> Bret
>> 
>> -- 
>> 
>> Sent from my TI-99/4A
>> 
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>> _______________________________________________
>> dispatch mailing list
>> dispatch@ietf.org <mailto:dispatch@ietf.org>
>> https://www.ietf.org/mailman/listinfo/dispatch
>

v2.23.0 | Report a Bug | By Email