Re: [xmpp] Fwd: [POSH] What's the point of using JWKs in POSH?

Matt Miller <mamille2@cisco.com> Wed, 04 June 2014 22:46 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADDD71A037F for <xmpp@ietfa.amsl.com>; Wed, 4 Jun 2014 15:46:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hE4Qu0kI7Pw9 for <xmpp@ietfa.amsl.com>; Wed, 4 Jun 2014 15:46:30 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADA571A0348 for <xmpp@ietf.org>; Wed, 4 Jun 2014 15:46:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4326; q=dns/txt; s=iport; t=1401921985; x=1403131585; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=7aG7Ypuv8TMWDmH38TPupzC1JrQB0LVJ5eBzi4YxJX4=; b=G+1tnfNon1IthQqX3Q+fdWvnAXw0LImxcX0QWnKfmF/c7IL2pUtaFJsP jH+EjdEOKPORhRACn+X4NSCt5hOhN82gjZak/OSJyaGightKDcNfqMYxQ O9hbejDa7cgBlMqdqdc2JsHPHYHl6A4zai8TnF3DirtljO/11jjhYPz2z s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtELAAOhj1OtJA2N/2dsb2JhbABZgwdSWKo/DAEBAQEBBQGYJwGBCxZ0giUBAQEEbgoBEAsYCRYPCQMCAQIBRQYNAQUCAQGIPtJDF4VViEozB4RAAQOJcTqPaIE/kXqDV4FQJBw
X-IronPort-AV: E=Sophos;i="4.98,975,1392163200"; d="scan'208";a="327510205"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-9.cisco.com with ESMTP; 04 Jun 2014 22:46:24 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id s54MkOwW011543 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 4 Jun 2014 22:46:24 GMT
Received: from MAMILLE2-M-T03K.CISCO.COM (10.129.24.57) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 4 Jun 2014 17:46:23 -0500
Message-ID: <538FA1BD.1070508@cisco.com>
Date: Wed, 4 Jun 2014 16:46:21 -0600
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: XMPP Group <xmpp@ietf.org>
References: <B840DF08-6478-41AC-8894-51B0524ED622@thijsalkema.de> <538F9B0D.1030504@cisco.com>
In-Reply-To: <538F9B0D.1030504@cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.129.24.57]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/nD9pIuZ6E_LZChDx8ZKhiJ-lt5U
Cc: Thijs Alkemade <me@thijsalkema.de>
Subject: Re: [xmpp] Fwd: [POSH] What's the point of using JWKs in POSH?
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jun 2014 22:46:34 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 6/4/14, 4:17 PM, Matt Miller wrote:
> [ Forwarding to the xmpp@ietf.org mailing list on behalf of Thjis 
> Alkemade ]
> 
> Hello,
> 
> Today, I've spent some time on trying to implement POSH-checking
> for xmpp.net. My implementation aimed to do two things: doing the 
> validation as described and showing someone how they could set up 
> their .well-known file by converting their X509 certificates to
> JSON Web Keys.
> 
> The latter part was a lot more work than the former and made me
> wonder why it is defined the way it is.
> 
> From draft-ietf-xmpp-posh:
> 
> Each included JWK object MUST possess the following information:
> 
> o  The "kty" field set to the appropriate key type used for TLS 
> connections (e.g., "RSA" for a certificate using an RSA key).
> 
> o  The required public parameters for the key type (e.g., "n" and
> "e" for a certificate using an RSA key).
> 
> o  The "x5t" field set to the certificate thumbprint, as described
> in section 3.6 of [JOSE-JWK].
> 
> Yet the data that is required in the first and second bullet is
> never used. It doesn't specify if and how clients should verify
> it. Verification only uses the x5t field and optionally x5c.
> 
> There are good arguments for "pinning" just the public key. 
> draft-ietf-websec-key-pinning only uses the SPKI field, DANE can
> use either the full cert or its SPKI field (and optionally hashed).
> But the way it is specified here won't allow that: the x5t field
> always needs to be present and clients should verify it.
> 
> So the public parameters of the key are useless here, but they make
> a key >10x as large is they have to be. Generating them is also not
> as easy: most certificate viewers show a SHA1 fingerprint and it's
> really easy to do with the openssl cli tool, but extracting n and e
> and base64-encoding them is a lot more work. I wouldn't even know
> what to do for ECDSA keys.
> 
> Are there any interoperability reasons for using JWKs that I'm not 
> aware of? Couldn't it just use a list of SHA1 hashes?
> 
> Best regards, Thijs

As I stated in the previous venue (posh@ietf.org), us authors were
originally working to support various other use-cases, such as
browserid.  However, no one is arguing to actually support those other
use-cases, so the desire to use JWKs is much less.

My co-author and I discussed this today, and think what would be best
is to switch from using a JWK-set to (roughly) your suggestion of a
list of hashes.  It would allow us to stay with a single syntax for
both the "by-reference" and "by-value" documents, as well as provide a
simple point of extension (if that is ever necessary).

An example:

{
    "fingerprints": [
        {
            "sha-1": "ij39Ctarv+LwSw45qoqaZl7venM=",
            "sha-256": "WhEr4Lpv2L5pv769aRj9rrm4G6MNNCfQlre23Gol/eA="
        },
        {
            "sha-1": "JWow1EHNSbNyRfhQchi22bjurr0=",
            "sha-256": "K52a2gXfrjchMLYwv16QyOtv5bkKRE6rnR30hY3JM8k="
        }
    ],
    "expires": 604800
}

Each "fingerprint" is a JSON object, where the key is the hash
algorithm and the value is the base64 encoding of hashing the
DER-encoded certificate with the given algorithm.  I do think that
algorithm agility is necessary, which means something more than a
simple array in my opinion.  Generating this should be very simple; I
could kludge this together on the command-line pretty quickly

If the WG is ok with this, we can get a new revision of
draft-ietf-xmpp-posh out relatively soon (by next week).


- --
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTj6G9AAoJEDWi+S0W7cO1aW4IAKdVeW6ayYrRWDu7oQh8Wx8D
b4NZ6eeMv29btPx+eXdTksctBU4GWj+qxYICznZkHjIhaQKZ8LJ9caJTinh9SW8G
Hz6JGCniAbU/gh2HgHIxyW0Fp71PuBeNxBkz1/K+T3FtnXjyZGbYHF755e89/OlO
ioGYK99m5ygS3hhYQH40FSfOcYc1DYjkAUZd05qPkHzLkuntcmq5T8hITu6RVuyS
MQYLcKDNmOXIV97S/npLZULszZft4LTuY+fr7iUIV2an6FqjLHzWnEAcGo8w0rRr
CR7XqwAEVoBWITEgOptRPcwwBDitntDSDgrF9HIKgxE/oYPH5IIWMSQIpnA2gd0=
=YAEX
-----END PGP SIGNATURE-----