Re: [xmpp] [POSH] What's the point of using JWKs in POSH?
Thijs Alkemade <me@thijsalkema.de> Mon, 09 June 2014 17:33 UTC
Return-Path: <me@thijsalkema.de>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85D261A01AC for <xmpp@ietfa.amsl.com>; Mon, 9 Jun 2014 10:33:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.095
X-Spam-Level:
X-Spam-Status: No, score=0.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yL_3TxWdlTgo for <xmpp@ietfa.amsl.com>; Mon, 9 Jun 2014 10:33:14 -0700 (PDT)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id EBC961A00BD for <xmpp@ietf.org>; Mon, 9 Jun 2014 10:33:13 -0700 (PDT)
Received: from [192.168.1.11] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 445F42042A; Mon, 9 Jun 2014 19:33:08 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thijsalkema.de; s=mail; t=1402335188; bh=wc3mwXHtjREq4t5hPZaobV+DoKJItvsc7B1f19Z6OQk=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=l3r6587VnXU+ngvtlD7AfeQzB/bPsoi5WONXCnLdGWtAxQDbOOuRLGdFXyxmgamzu GFq8GG4gPjpyvEeVfZLgpUHZuX1op9YcMJGyRPSWc6hvNgtoIPFzcnEVFHwIBp9C0r QVES+aaM8kHIuROFNWMTbT0Ln1QhLMrO2UroeJR4=
Content-Type: multipart/signed; boundary="Apple-Mail=_BE5F04E7-BFD2-46BF-959D-CFBFE42F0A30"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Thijs Alkemade <me@thijsalkema.de>
In-Reply-To: <538FA1BD.1070508@cisco.com>
Date: Mon, 09 Jun 2014 19:31:33 +0200
Message-Id: <5A8EFA13-AB45-4D9C-BE9F-8A4C16BD1B3D@thijsalkema.de>
References: <B840DF08-6478-41AC-8894-51B0524ED622@thijsalkema.de> <538F9B0D.1030504@cisco.com> <538FA1BD.1070508@cisco.com>
To: Matt Miller <mamille2@cisco.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/Ll2A_8mP_tJI7sw-losk7vZM3qg
X-Mailman-Approved-At: Mon, 09 Jun 2014 11:20:39 -0700
Cc: XMPP Group <xmpp@ietf.org>
Subject: Re: [xmpp] [POSH] What's the point of using JWKs in POSH?
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jun 2014 17:33:16 -0000
On 5 jun. 2014, at 00:46, Matt Miller <mamille2@cisco.com> wrote: > Signed PGP part > On 6/4/14, 4:17 PM, Matt Miller wrote: > > [ Forwarding to the xmpp@ietf.org mailing list on behalf of Thjis > > Alkemade ] > > > > Hello, > > > > Today, I've spent some time on trying to implement POSH-checking > > for xmpp.net. My implementation aimed to do two things: doing the > > validation as described and showing someone how they could set up > > their .well-known file by converting their X509 certificates to > > JSON Web Keys. > > > > The latter part was a lot more work than the former and made me > > wonder why it is defined the way it is. > > > > From draft-ietf-xmpp-posh: > > > > Each included JWK object MUST possess the following information: > > > > o The "kty" field set to the appropriate key type used for TLS > > connections (e.g., "RSA" for a certificate using an RSA key). > > > > o The required public parameters for the key type (e.g., "n" and > > "e" for a certificate using an RSA key). > > > > o The "x5t" field set to the certificate thumbprint, as described > > in section 3.6 of [JOSE-JWK]. > > > > Yet the data that is required in the first and second bullet is > > never used. It doesn't specify if and how clients should verify > > it. Verification only uses the x5t field and optionally x5c. > > > > There are good arguments for "pinning" just the public key. > > draft-ietf-websec-key-pinning only uses the SPKI field, DANE can > > use either the full cert or its SPKI field (and optionally hashed). > > But the way it is specified here won't allow that: the x5t field > > always needs to be present and clients should verify it. > > > > So the public parameters of the key are useless here, but they make > > a key >10x as large is they have to be. Generating them is also not > > as easy: most certificate viewers show a SHA1 fingerprint and it's > > really easy to do with the openssl cli tool, but extracting n and e > > and base64-encoding them is a lot more work. I wouldn't even know > > what to do for ECDSA keys. > > > > Are there any interoperability reasons for using JWKs that I'm not > > aware of? Couldn't it just use a list of SHA1 hashes? > > > > Best regards, Thijs > > As I stated in the previous venue (posh@ietf.org), us authors were > originally working to support various other use-cases, such as > browserid. However, no one is arguing to actually support those other > use-cases, so the desire to use JWKs is much less. > > My co-author and I discussed this today, and think what would be best > is to switch from using a JWK-set to (roughly) your suggestion of a > list of hashes. It would allow us to stay with a single syntax for > both the "by-reference" and "by-value" documents, as well as provide a > simple point of extension (if that is ever necessary). > > An example: > > { > "fingerprints": [ > { > "sha-1": "ij39Ctarv+LwSw45qoqaZl7venM=", > "sha-256": "WhEr4Lpv2L5pv769aRj9rrm4G6MNNCfQlre23Gol/eA=" > }, > { > "sha-1": "JWow1EHNSbNyRfhQchi22bjurr0=", > "sha-256": "K52a2gXfrjchMLYwv16QyOtv5bkKRE6rnR30hY3JM8k=" > } > ], > "expires": 604800 > } > > Each "fingerprint" is a JSON object, where the key is the hash > algorithm and the value is the base64 encoding of hashing the > DER-encoded certificate with the given algorithm. I do think that > algorithm agility is necessary, which means something more than a > simple array in my opinion. Generating this should be very simple; I > could kludge this together on the command-line pretty quickly > > If the WG is ok with this, we can get a new revision of > draft-ietf-xmpp-posh out relatively soon (by next week). > This looks good to me! Thijs
- [xmpp] Fwd: [POSH] What's the point of using JWKs… Matt Miller
- Re: [xmpp] Fwd: [POSH] What's the point of using … Matt Miller
- Re: [xmpp] Fwd: [POSH] What's the point of using … Kim Alvefur
- Re: [xmpp] [POSH] What's the point of using JWKs … Thijs Alkemade
- Re: [xmpp] [POSH] What's the point of using JWKs … Thijs Alkemade
- Re: [xmpp] [POSH] What's the point of using JWKs … Matt Miller