IETF Logo Mail Archive

Re: [Secdispatch] [dispatch] Plain text JSON digital signatures

Brian Rosen <br@brianrosen.net> Tue, 27 April 2021 15:47 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C46C3A11E5 for <secdispatch@ietfa.amsl.com>; Tue, 27 Apr 2021 08:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hP7JfV54d_mc for <secdispatch@ietfa.amsl.com>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FDD43A11E2 for <Secdispatch@ietf.org>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id o1so2826726qta.1 for <Secdispatch@ietf.org>; Tue, 27 Apr 2021 08:47:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=52erJvHyH211Q+bUlVrzfZOPr8C/5MWHC+YGVbtO83o=; b=1q9NPBKHdjC12o5GTxJOs75Q202SY+VF8VG5aPFA2zlGuCF+C8iRwoq791cwlx/Cau fDDZ7zrImFABE5jyJC3fhGXLm3Oexi14gTqiZkTbju4i/IWH0axNDel0Qna1W3TGzC2R Dzi+4OuAn+DO84LnxoyzEab6jCGzP/ziDn2aEmYDp2vp7TW37vJC9owAm/gLiJb34cAm A7O3a0FAU+pQnabtdhSSa80bsDQ9F6sFx4Y/hq+Hbwxm2mPXuhn5V0dV4V+TRygti4GG /A4PQvXaeHph+9ULR2mrWRpoD612qFrd3y29OFR81b7AGrojZVBqQ1iCzD1zlsE+8sQd tdvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=52erJvHyH211Q+bUlVrzfZOPr8C/5MWHC+YGVbtO83o=; b=gcdGBpNyXF5OjHAt1nk9jTvS6MY60gUO5BkD8VwCMxpFICZxKp8TMheqHqXnnPV5Ub kMvBbK10muBIQ+CBodCQUvYypQdjC3dtW/q0KjA5Vc/Lu1DU0ppXK0Vdt6bO9Sn7czIq nu5PLoRdO6fUzhYhgpZWh4zr5QyfCW3lhpMVKxPkbzG8AHjAph1zvzp32+Og3xI13Nzu Iw/98V9O+C/KoKSbEWKomsV/2yC9XPGcABU6KHpgaAODHgUATNYJcDW3OsVFreVXorZq 6oQciIFNDwygjwDhRIRWpody0w+MPJ4Jp06rCnYtb/a1FAegi3hxd+kgRQe7hzhvqrHF eiZA==
X-Gm-Message-State: AOAM532Qd/v+et06/biY5hNa/T6t5JL2coAeLuXw8oP1Udz1BSZ/Ipvc bJfBdFGNDzqt99duoUEBoYsQhw==
X-Google-Smtp-Source: ABdhPJyvwSd59fOf4gmHHNFK3B7uifstEscZKI3Wgj8BZMUSVE8mbPNnw0jNtdQtZjlHMgBGnNPgSw==
X-Received: by 2002:ac8:4658:: with SMTP id f24mr22451505qto.375.1619538429846; Tue, 27 Apr 2021 08:47:09 -0700 (PDT)
Received: from brians-mbp.lan (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id p186sm2846105qka.66.2021.04.27.08.47.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Apr 2021 08:47:09 -0700 (PDT)
From: Brian Rosen <br@brianrosen.net>
Message-Id: <19176491-A66F-41E9-9670-C842F82FCE68@brianrosen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0A9A5627-118A-43D8-8B5C-CB5BFC966A29"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Tue, 27 Apr 2021 11:47:03 -0400
In-Reply-To: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com>
Cc: DISPATCH <dispatch@ietf.org>, IETF SecDispatch <Secdispatch@ietf.org>, art@ietf.org, rfc-ise@rfc-editor.org
To: Bret Jordan <jordan.ietf@gmail.com>
References: <CAPCpN4v_KaTWQAjqCUScV067MdKqjZ1N9s7yEeugAiJ8kZJEYA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/hHbW91FGxz2a1rr3vlEmcoik1Do>
Subject: Re: [Secdispatch] [dispatch] Plain text JSON digital signatures
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 15:47:17 -0000

I am very much interested in this work.  My preference would be for a Proposed Standard.  There was a lot of opposition to the idea previously, so it may be that ISE is all we can get, but I would be willing to work towards PS, either in a new, short lived work group or as part of another work group.  

Brian

> On Apr 27, 2021, at 11:27 AM, Bret Jordan <jordan.ietf@gmail.com> wrote:
> 
> Dear Dispatch,
> 
> Anders Rundgren, Samuel, Erdtman, and I have been working on an ID for your consideration. This document describes how to use JWS and JCS to create plain-text JSON signatures. The abstract reads as follows:
> 
> This document describes a method for extending the scope of the JSON Web Signature (JWS) standard, called JWS/CT.  By combining the detached mode of JWS with the JSON Canonicalization Scheme (JCS), JWS/CT enables JSON objects to remain in the JSON format after being signed (aka "Clear Text" signing).  In addition to supporting a consistent data format, this arrangement also simplifies documentation, debugging, and logging.  The ability to embed signed JSON objects in other JSON objects, makes the use of counter-signatures straightforward.
> 
> The data tracker page for this: https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ <https://datatracker.ietf.org/doc/draft-jordan-jws-ct/>
> 
> As you know there are large ecosystems that needs digital signatures for plain text JSON data, meaning where the JSON data is not base64 encoded. This ID provides a solution using existing IETF RFCs to make this work. Further, this work looks to be adopted by many groups and organizations from financial services, threat intelligence, and incident response. 
> 
> We are not sure what direction would be best for this work in the IETF, should we send to the ISE for publication or do you want to create a working group. Ultimately there is a lot of work that could be done in this space to meet the needs of the market. We would be happy with releasing these IDs for ISE publication, or for creating a working group to move them forward. It is just important to note that the market is in desperate need of these solutions. If you want to take it for a spin, there is a JWS/CT playground at: https://mobilepki.org/jws-ct <https://mobilepki.org/jws-ct>
> 
> Thanks
> Bret
> 
> -- 
> 
> Sent from my TI-99/4A
> 
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email