IETF Logo Mail Archive

Re: [SPICE] Call for consensus on SPICE charter

Orie Steele <orie@transmute.industries> Fri, 09 February 2024 23:03 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D85C15152B for <spice@ietfa.amsl.com>; Fri, 9 Feb 2024 15:03:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDF8KsGP3_Hc for <spice@ietfa.amsl.com>; Fri, 9 Feb 2024 15:02:56 -0800 (PST)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8AECC151084 for <spice@ietf.org>; Fri, 9 Feb 2024 15:02:56 -0800 (PST)
Received: by mail-pj1-x102f.google.com with SMTP id 98e67ed59e1d1-2906773c7e9so1053363a91.1 for <spice@ietf.org>; Fri, 09 Feb 2024 15:02:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1707519776; x=1708124576; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uijnpzL0E4941r8ra2DF4shRDg/rrk848uYztSlwxpg=; b=PYyPLI8X7AV+5HScRgAvTy0NbND100eDQB03R0s0wZOvC6p2Q44pl8hVXotW/WSF8u ioMGcjWTKm5HkwwvgsQnMSxk5VnP4n7M4VXIKiaaOu3oHxzk5F0K0WTLhXFx7Pt93oYH G5Hdz77RStts7My+tuRov90htsk1REa7nT+OEz+8C+tKUoTkgp0BihV5jyeWRyL01yfV YTNsPxHZNEE0wMwDoQfxAhG2E9fMKh26+cQf3itI8Q+8vDvrWKTcMu5CCDyCEKxPS6yN SDnlq7MNFlIAEaxVDIcugaGCyDIM9ktD5eLsYc+s50t8QPMVkH9gbbvrICl/LbUn5o/4 A2vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707519776; x=1708124576; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uijnpzL0E4941r8ra2DF4shRDg/rrk848uYztSlwxpg=; b=blWxTP6sQ0JMdDZ+SFku9r9p9bQISlAMAi67hYyCIU/gcis+tu0xDV1hkgoE//m/Xm 9pbk05uuQhWQ2/jWmbqKIFnSNSdop6wSZcUPiBPZQfuZA+1ceM4qEeQPEU9cST0BWvgR NOINXHrytkrE1uLBCYSOi30QtxAEtT50884FkPmsMruxBfXNWjApo9WIg4/hQrR/tNM6 aTr/8fH1yyc2jnPOcfIdL1uDNd5DLBUJj9Jly+s1CAe275qHj+oTo/n9hkYdQrjXSZOd c/n2d8QJ/D0QpvEqdbANpEQMOqDoCW3VRXEqyxDjFXBfiXxZNZh0yt0e0e6hHN1FPkWO /4Hw==
X-Gm-Message-State: AOJu0Yzd1jB9QD/Q6r39Qjr8RXwIYkTFCObfPEnk/WsaCoVhJE6fy00E vpG1OUgCjaEieYo20vYnG6akxey282M4VZOoaq+HIN0qKKPNW0th0LKzkjpY4VJlnCBZuVyJdqv HUtFd0c6dWl9cJVnMpfMjjZ8VYRrNrJtyjttfjopzaGBmxFD343c=
X-Google-Smtp-Source: AGHT+IGQktf0mZd/BOoZ5sksGa06m64Z+qz6gBzxHu9mYTXm7Oc/9MrjkSlANAdSt7kaI656jFp8HnDJ6zVQsDmgKVE=
X-Received: by 2002:a17:90b:3617:b0:296:58bd:1eea with SMTP id ml23-20020a17090b361700b0029658bd1eeamr429875pjb.15.1707519775866; Fri, 09 Feb 2024 15:02:55 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR00MB08634013D5E87AEEAB12A187E54B2@MN2PR00MB0863.namprd00.prod.outlook.com> <CAN8C-_JRJ4wcF+dzGCLHuc8p-wWauXxgpwVQV19ddgwG8_ZVAA@mail.gmail.com> <DM6PR00MB0859F486BEF195F04CDD4994E54B2@DM6PR00MB0859.namprd00.prod.outlook.com>
In-Reply-To: <DM6PR00MB0859F486BEF195F04CDD4994E54B2@DM6PR00MB0859.namprd00.prod.outlook.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 09 Feb 2024 17:02:44 -0600
Message-ID: <CAN8C-_KqA2sOKK3kTFr9MdjXTQqJrySROGXgJ1H32oXGRuoNCw@mail.gmail.com>
To: Kristina Yasuda <Kristina.Yasuda@microsoft.com>
Cc: "spice@ietf.org" <spice@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b013600610faed7e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/qFzHtxPRvdEifFv-xRwvesIT9tw>
Subject: Re: [SPICE] Call for consensus on SPICE charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 23:03:01 -0000

Inline:

On Fri, Feb 9, 2024 at 4:09 PM Kristina Yasuda <
Kristina.Yasuda@microsoft.com> wrote:

> Hi Orie,
> Thank you. Guess my question was why can’t mdocs be used for the use-cases
> that SD-CWT is being designed for? And the answer seems to be “because one
> needs to purchase an ISO standard where mdoc is being defined”?
>

That's my answer at this point in time, but that doesn't mean it needs to
be a working group's answer.


> mdocs are not exactly CWTs, rather CBOR structure signed using COSE, but
> they already have a salt-hash based selective disclosure mechanism.
>

COSE Sign1 as defined in 9052 can be verified with certificates or public
keys, and there are different protected header hints to make this easy.

A CWT is a COSE Sign1 that has a payload that is a CBOR map, where the
labels in that map are defined in a registry.

My guess would be that ISO did not create such a requirement for mDoc, and
the payload is something other than a CBOR map, or, if it is a CBOR map,
that some of the cbor map keys might already have collisions with
https://www.iana.org/assignments/cwt/cwt.xhtml

The collisions would be a problem, however we have a possible escape hatch.

https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/

^ using this draft, you could have "SD-*" style disclosures to a protected
header (assuming mDoc allows you to set protected headers), and you could
leave the mDoc payload as is.

The current SD-CWT approach also uses the unprotected header of the
cose-sign1... not sure if ISO mDoc allows that.

This is just guessing about how we might attempt to address this challenge.

As an aside, it's very nice that an unprotected header exists in COSE since
we don't need to do the disclosure encodings with `~` like we do in SD-JWT.

As "SD-CWT" is a "CWT", whereas an SD-JWT, is a "JWT" with a "~".

If the WG formed and SD-CWT was adopted, ISO could be normatively
referenced, and although it would make implementing from the IETF document
alone impossible, we do occasionally see normative references to
specifications that are behind paywalls, not just from ISO, but from IEEE,
and ASTM, etc...

That said, I am generally not in favor of relying on paywalled
specifications for security, I agree with what John wrote here:

https://mailarchive.ietf.org/arch/msg/cfrg/aHDFKTVRAKYsjdkW7yK6fmSh_2U/


> mdocs also define issuer PKI to be x509 and holder key binding to be raw
> COSE key, which helps with interop but could be turned into an
> extensibility point.
>

Addressing details like these, is exactly why we feel the metadata document
is essential.

Another draft which might be helpful for doing key binding with cose key is
https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/

Thinking a bit more about your comment... a new COSE key claim could be
defined, and you could possibly use the cose-key format to pass along
additional data, but I would be cautious blending media types like
application/cose-key with custom extensions, that could lead to
unpredictable polyglot formats.

For those not familiar, W3C has struggled with a similar challenge in
Verifiable Credentials:
https://tess.oconnor.cx/2023/09/polyglots-and-interoperability

I would be concerned that blending SD-CWT and mDoc together could end up
destroying their unique value.

But it is an intriguing idea! I don't have enough visibility into mDoc to
see exactly how it could work.

At a minimum I think it would be excellent to clearly define the edge
between SD-CWT and mDoc, based on my limited understanding of mDoc, I think
that boils down to a paywalled algorithm for disclosing commitments that an
issuer has made to claims, in other words, the disclosure algorithm and its
verification process are the only parts of mDoc, that are security
oriented, that are not built on top of RFC9052... but again, I am guessing
about a document I have not read.


>
> Best,
> Kristina
>
>
> ------------------------------
> *From:* Orie Steele <orie@transmute.industries>
> *Sent:* Friday, February 9, 2024 12:31:38 PM
> *To:* Kristina Yasuda <Kristina.Yasuda@microsoft.com>
> *Cc:* spice@ietf.org <spice@ietf.org>
> *Subject:* Re: [SPICE] Call for consensus on SPICE charter
>
> Hey Kristina,
>
> I'm not an mDoc expert so I expect you will be able to answer that
> question better than I can.
>
> To save you the trouble of reading the "SD-CWT/SD-CWT-VC" draft (and there
> is an experimental implementation I developed based on OAuth's SD-JWT
> reference implementation".
>
> "SD-CWT/SD-CWT-VC" basically just takes the OAuth SD-JWT approach and
> makes it work with CWT claimsets instead of JWT claimsets.
>
> So where OAuth registers:
>
> -
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-07#name-json-web-token-claims-regis
>
> Spice would register similar properties in:
>
> - https://www.iana.org/assignments/cwt/cwt.xhtml
>
> You said: "Personally, I would like to see SD-CWT/SD-CWT-VC to be
> backwards compatible with mdocs, but that can be discussed once in the
> draft.
>
> I don't know the content type of the ISO mDoc cose-sign1 payload, is it a
> CBOR map? Could it be a CWT claimset? If the answer to both of those is
> yes, I see a possibility to align, but there could be lots of other
> challenges.
>
> Having not read the ISO spec in question, I can't answer more than that.
>
> Thanks for your comment about the W3C VC Data Model v2, I filed an issue
> to track it here:
>
> https://github.com/transmute-industries/ietf-spice-charter/issues/29
>
> Feel free to pile on any additional changes you would like to see there.
>
> OS
>
>
>
> On Fri, Feb 9, 2024 at 2:22 PM Kristina Yasuda <Kristina.Yasuda=
> 40microsoft.com@dmarc.ietf.org> wrote:
>
> Hi,
>
> What is the relationship between SD-CWT/SD-CWT-VC and mdocs defined in
> ISO/IEC 18013-5?
> At least, mdocs should be mentioned in the charter.
> Personally, I would like to see SD-CWT/SD-CWT-VC to be backwards
> compatible with mdocs, but that can be discussed once in the draft.
>
> small nits in the charter text:
> VCDM 2.0 has not yet been published, so the last paragraph in the
> Introduction should be rephrased.
> Best,
> Kristina
> --
> SPICE mailing list
> SPICE@ietf.org
> https://www.ietf.org/mailman/listinfo/spice
>
>
>
> --
>
>
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries
>
> <https://transmute.industries/>
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email