IETF Logo Mail Archive

Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)

Dave Crocker <dhc@dcrocker.net> Mon, 22 August 2016 16:28 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2327012D731 for <stir@ietfa.amsl.com>; Mon, 22 Aug 2016 09:28:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.988
X-Spam-Level:
X-Spam-Status: No, score=-0.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L5=0.001, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0tV10F03U8g for <stir@ietfa.amsl.com>; Mon, 22 Aug 2016 09:28:24 -0700 (PDT)
Received: from simon.songbird.com (unknown [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1995B12D552 for <stir@ietf.org>; Mon, 22 Aug 2016 09:28:24 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u7MGSUxC028126 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Mon, 22 Aug 2016 09:28:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1471883311; bh=sQUmqQmi7p84g6ZyCKpXGnUMLsVb6bb2ril5Sk9VRfY=; h=Subject:To:References:Cc:From:Reply-To:Date:In-Reply-To:From; b=ogJb0IiLY/mTIWGqQN5uQiYR9dLuU4YWLVknSaot1fKO3YE7dQvddJ2iH6mQ18HwT I/6hWHWbgAvGbzJmjN8p2OpW9CkVis2FouIpFXGCAWXcUEjqlmeFmdOD51K0dyBSM2 sg2G6YbkNC/tZVcGFn/WjCWTGjJpC459a1dT1ank=
To: Christer Holmberg <christer.holmberg@ericsson.com>, Eric Rescorla <ekr@rtfm.com>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <D3C152B2.1A69BA%jon.peterson@neustar.biz> <b096b541-c8af-9617-c9d7-5a1beb5230e8@dcrocker.net> <D3C16040.1A6A09%jon.peterson@neustar.biz> <d66d91f0-9ea2-6295-e749-e48ea37b4892@dcrocker.net> <cfd714ce-6145-1b60-aca2-ae702a8c133d@dcrocker.net> <CABcZeBNQgsjDOrW2k4WOucTVXSMHjEUjKgGkhYT119Z3yoUv1g@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4BC29AD9@ESESSMB209.ericsson.se>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <72ca2036-610e-2226-ed4f-34efbf0e9552@dcrocker.net>
Date: Mon, 22 Aug 2016 09:28:03 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B4BC29AD9@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/ZRz88vt33XX3EhKB_k-gerX3u18>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] JWT/JSON (was - Re: Review of: draft-ietf-stir-passport-05)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2016 16:28:25 -0000

On 8/21/2016 9:03 AM, Christer Holmberg wrote:
> I agree with Ekr, and being able to use something pre-existing is the
> reason I asked the passport authors to consider JWT. If you think there
> is something better pre-existing, please say so, but if you want to do
> something from scratch I think we’d need some really good justification
> for that. I don’t agree with your earlier statements that JWT is
> complex, and there are tons of tools to test and verify JWTs.


Christer,

Just to be thorough, I'll repeat that I agree with the goal of using 
existing solutions, where they represent a high-enough point of 
departure (if they aren't a perfect match), preferably with enough track 
record to establish efficacy.

And I'll repeat that my view of the passport draft did not criticize the 
use of JWT.  (By the way, is it only JWT or is it actually JOSE, and if 
it isn't why not?)

It's not that I didn't question the use, it's that I didn't indulge in 
that questioning at that point.  This came later, as I watched the 
documentation efforts to integrate use of JWT.


 > In Berlin I did raise an issue on how STIR uses JWT in SIP (the encoded
 > object is “split up”, and different pieces are placed in different SIP
 > elements), but Jon promised to make sure it’s clarified and well
 > explained in the next version of the bis draft, so I think we should
 > give him a chance to do that.

There are at least two major problems here.

The technical one is that the current approach requires doing encoding 
and packaging twice, from what I can tell.  Once in a JSON context and 
the second in a SIP header context.  By itself, that should be worrying. 
That the latter hasn't been fully documented and agreed to, yet, raises 
a question about how anyone thought the documents were ready for last call.

The other major problem is that the introduction of JSON/JWT has 
produced levels of indirection in the documentation that made it 
essentially impossible for me to understand and analyze the 
specification details.  And I tried pretty hard.  So this does not bode 
well for other new readers of the specifications.  (More generally, the 
documents make cross-references and indulge in cross-dependencies that 
defeat the benefits of modularity and create really serious reading 
complexity.)


And now, yes, I'll indulge in the dreaded "DKIM" reference...

DKIM is another existing mechanism that provides exactly the needed 
functionality, with more than 10 years of field experience (counting the 
predecessor Yahoo's Domainkeys) and a relatively simple design.

As I've noted before, the list of 'topics' for the STIR work is not 
long.  I'll do an abbreviated listing here:

    1. Calling value acquisition -- getting the string to validate

    2. Key management --getting the key and validating that it is
       authorized for use with the calling value.

    3. A bunch of crypto-related computation -- including
       canonicalization of the data of course

    4. Packaging the result -- for use by the validation mechanism.

Step 1 is not part of the crypto work, but it is of course fundamental, 
as well as being specific to STIR.  The crypto subsystem just uses it as 
input. The choice of JSON/JWT, DKIM, or whatever is irrelevant to this step.

Step 2:

   a)  For non-telephone URIs, DKIM's DNS model can be used directly.

   b)  I'm unclear about the role of the domain name in the URIs that 
have a phone number in the left-hand side.  In any event, as I've noted 
repeatedly, number-based key management is an open issue, with 
demonstrated high risk, given that the previous effort failed.

Step 3 can use DKIM almost directly.

Step 4 can use DKIM almost directly.


So the DKIM approach is dramatically simpler and offers by far the 
highest point of departure for STIR.

In particular, the hard parts of doing STIR aren't solved by this choice 
-- JSON/JWT don't help either.

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email