IETF Logo Mail Archive

Re: [Secdispatch] [dispatch] [art] Plain text JSON digital signatures

Samuel Erdtman <samuel@erdtman.se> Sat, 01 May 2021 21:28 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D20933A1118 for <secdispatch@ietfa.amsl.com>; Sat, 1 May 2021 14:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVktjQbC9LI9 for <secdispatch@ietfa.amsl.com>; Sat, 1 May 2021 14:28:44 -0700 (PDT)
Received: from mail-oo1-xc35.google.com (mail-oo1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA823A1110 for <Secdispatch@ietf.org>; Sat, 1 May 2021 14:28:44 -0700 (PDT)
Received: by mail-oo1-xc35.google.com with SMTP id c12-20020a4ae24c0000b02901bad05f40e4so419122oot.4 for <Secdispatch@ietf.org>; Sat, 01 May 2021 14:28:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y4K4ms5W8oP/nQiUlcLgssDNUjb+LAcb6PIJKQKny+k=; b=Eb32Jz6yq6vjlMaTlINLMTCO6FugVBqu5wlm6mrd75++tPyl+vNaCtU+30QGBJPnYZ fauGDJfqRgM6VInysuRcHf/3NlvycRggApYeUf3bbdImKMsQ441k81UGpdAM+T8wvEz2 TFREOGi19qSDUR7FaWECTWA8ieZ111NBemIXMddAJkI80CKxHHZwasugIyKpwIik7k0M nFwrRr+pbzF4VR1fP1yWVBfrQ+idShzPB3ycbYGCnExx0e9iwD0TC+/RbpKxcguw8lfc ohUvfK589ZmZ4m10koO7tDveVGGkYa3IeQ0HVxZueFJX5gO9M4DjeQD7Y0SmtfygInnr d+9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y4K4ms5W8oP/nQiUlcLgssDNUjb+LAcb6PIJKQKny+k=; b=ZHIky3WfwVaNnhDeLAR0o6Osae+eBZX3dlHZxof8xOAKhjNcXigRGXvMy5sfBqKf6I 98EkZKnTm60CXdGwHHrCTvlE0OBYikC5ASTCC/o3Jb/V3LvxAQ4WKSeZs2EFmlQ/6096 CmNMrVR4YhNHrnCif880YGZCK0wzS3Al7BNJQ0uDTzMBL8LAwXqLHb7zJ0kB8nCTealR qcpB9LwlB5SrhIvuBbdDrz+JQdLbrqh83PpFKb2tu3CG9nxNvzHGAXRUvtalNswhBpwF r17RyD4Hcwhr4/yNweLKBzpdogKgr4Nc+QBFey+7ogIE9vq/QIe3ynqluqc1lBlRh2Sn tNXQ==
X-Gm-Message-State: AOAM530ywUaatOxESoFzAa/uQXd/gkCzm3tnAfWHEFfIvPLMKxMXeadB ZFo81iExqDNMUni0uCnuHqT4DyNK1ThQds6aLR0ybQ==
X-Google-Smtp-Source: ABdhPJxmJocMe3Ac8LH7n3q9RzZpe1UNPN64HisJO5XfBtgT9anrX8GTpZ4ePTU8l7a4TFeqZ4aYxAeopZv4Q74MT08=
X-Received: by 2002:a4a:b4cb:: with SMTP id g11mr9851682ooo.41.1619904518286; Sat, 01 May 2021 14:28:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-v7uJOpjj+nbZCfQe+4JEQt-6=b6cm57iFPAn_enGeRCQ@mail.gmail.com> <3B394519-4061-43A8-8963-55A6ADEDF269@gmail.com> <19a99964-8495-2de9-b49a-52aa8321c12e@aaa-sec.com> <220475a6-1e04-107e-6327-366d48d8b420@gmail.com> <27833d9d-53c3-d01c-b01c-e7d53424b5ab@aaa-sec.com> <A88D122C-C1EB-477B-A83C-A22F1BB3CC47@gmail.com> <B8E5AF13-7B59-4329-890F-2B14766032A5@tzi.org> <CAF2hCbahPMAwe_63dT+pcz2BZSy0XOPstXqpxsCq1Vj0UmSDPg@mail.gmail.com> <1B4304D2-E82E-4255-B10C-F29ABCABE15E@tzi.org> <CAF2hCbaAx00dxxb2jRmQzVBaW7yyhefQ33+yt0uHwvwt+W_hfw@mail.gmail.com>
In-Reply-To: <CAF2hCbaAx00dxxb2jRmQzVBaW7yyhefQ33+yt0uHwvwt+W_hfw@mail.gmail.com>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Sat, 01 May 2021 23:28:27 +0200
Message-ID: <CAF2hCbaMz26X4m2vshVzJXkeDWia-53oTocHvxJ4a+1M_=-zAg@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: art@ietf.org, IETF SecDispatch <Secdispatch@ietf.org>, DISPATCH <dispatch@ietf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>
Content-Type: multipart/alternative; boundary="00000000000062079105c14b6910"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/oKsLezQcgGwqdIq1AWxWCT4w7V8>
Subject: Re: [Secdispatch] [dispatch] [art] Plain text JSON digital signatures
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2021 21:28:55 -0000

Hi Carsten,

One more thing, you wrote "Signing data at rest certainly is a use case
that is worth addressing.". With my new fond insights (thanks) does this
mean that you are in favor of specifying how to do enveloped signatures for
JSON (or at least not against it)?

Cheers
//Samuel


On Sat, May 1, 2021 at 11:24 PM Samuel Erdtman <samuel@erdtman.se> wrote:

> Thanks Carsten,
>
> Your clarifications were great!
>
> See some comments inline.
>
> On Sat, May 1, 2021 at 1:04 AM Carsten Bormann <cabo@tzi.org> wrote:
>
>> Hi Samuel,
>>
>> > 1. What do you mean with data at rest, data store in database or file?
>>
>> The point is that you are not signing the data being transferred, but a
>> local copy of some (e.g., freshly decoded) data (i.e., at the data model
>> level) which is then processed a little (potentially taking out all
>> signatures) and then is run through a rather complicated engine to produce
>> a signing input that is a deterministic function of the decoded and
>> processed data.
>>
>> There are easier ways to get a signing input from JSON-like data at rest.
>> For a (quite workable) strawman: How about doing a CBOR encoding using
>> deterministic encoding rules?
>>
>
> This is a good point. Still not convinced other solutions would be orders
> of magnitude better and the proposed one is easy to implement and easy to
> understand (maybe too easy since I had not thought about your alternative
> solution).
>
>
>>
>> > Or is it data that does not change? Sorry I do not get it.
>> >
>> > 2. What is weird with saying "Represented in JSON”?
>>
>> Your scheme does NOT require (or benefit in any way from) representing
>> the data in JSON.
>> The data could be transferred in YAML (or CBOR for that matter): as long
>> as your local copy of the decoded data (after the little processing) sticks
>> inside the confines of the I-JSON data model, you can use your scheme for
>> signing.
>>
>
> But since JSON according to https://tools.ietf.org/html/rfc7159 is fairly
> flexible, would not fitting it into CBOR require similar limitations as
> RFC8785 puts on what you can do with the JSON? (i.e. the I-JSON limitations)
>
>
>>
>> > is it that the RFC7493 I-JSON subset is not all that JSON could be? (to
>> me this is a reasonable limitation that I in practice never have had to go
>> outside)
>>
>> Well, that has been debated to death, and it is clear that nobody likes
>> I-JSON (*), but it is the de-facto boundary within which the actually more
>> capable JSON format needs to be used these days.
>> (If you need more flexibility, you know where to find CBOR.)
>>
>
> So are you saying that CBOR would not impose the same limitations on the
> original JSON as RFC8785?
>
>
>>
>> > 3. So I totally get that one does not like XMLDigSig, in my opinion not
>> because of the signing procedures but because of the canonicalization
>> process. When I looked at it I gave up and created a hardcoded template.
>> The difference in canonicalization of JSON (RFC7493 I-JSON subset)
>> according to RFC8785 is like night and day compared to XML
>> canonicalization. In your comment it seems like you are of the opinion that
>> this effort will be as tricky as XMLDigSig. do you think so?
>>
>> Indeed, the RFC 8785 encoding is (ignoring potential problems on the
>> numeric side) simpler than canonicalized XML, even with its weird
>> regression to UTF16-land.
>>
>> Much of the actual problems of XMLDSig weren’t in the canonicalization,
>> but in the confusion of how the data at rest was to be processed for
>> signing, e.g., what part of the data at rest was contributing to the
>> signing input and what the signature on that part then actually meant.  JWS
>> is probably flexible enough that a carefully constructed application can
>> get all this right, but we are talking about non-trivial specifications
>> needed beyond the boring part of generating the byte-string signing input.
>>
>> > 4. Not sure I agree with “clear text” or “plain text" being bad
>> descriptions. Yes what is signed is the RFC8785 transformation of the input
>> data, but the signature are then put into your data keeping the data in its
>> original “clear text” or “plain text" as opposed to base64-url encoded. I
>> guess enveloped JWS is a more accurate name but “clear text” or “plain
>> text" is easy to understand.
>>
>> Well, I understand that the naming you chose is a good strategy for
>> selling the scheme.
>> It is, however, not describing what is actually going on, and I try to
>> minimize the use of misleading terminology.
>>
>
> Fair point
>
>
>>
>> Grüße, Carsten
>>
>> (*) Over at the JSON mailing list, there has been some fresh discussion
>> just this week about how to get around some of the implementation
>> limitations, or JSON’s (deliberate!) lack of extensibility, or both.
>> Archived-At: <
>> https://mailarchive.ietf.org/arch/msg/json/BWkSc8JYybzmgLT0Bsmfhiwf7cY>
>> and the thread behind that.
>>
>>

v2.23.0 | Report a Bug | By Email