IETF Logo Mail Archive

Re: [jose] Review Comments: Web Payments, Secure Messaging, and JOSE

Manu Sporny <msporny@digitalbazaar.com> Mon, 23 December 2013 22:31 UTC

Return-Path: <msporny@digitalbazaar.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7498E1AE229 for <jose@ietfa.amsl.com>; Mon, 23 Dec 2013 14:31:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.896
X-Spam-Level:
X-Spam-Status: No, score=0.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrQP-I4Q2M8G for <jose@ietfa.amsl.com>; Mon, 23 Dec 2013 14:31:25 -0800 (PST)
Received: from mail.digitalbazaar.com (unknown [216.252.204.51]) by ietfa.amsl.com (Postfix) with ESMTP id 0A1AE1AE0B0 for <jose@ietf.org>; Mon, 23 Dec 2013 14:31:25 -0800 (PST)
Received: from [192.168.100.5] by mail.digitalbazaar.com with esmtp (Exim 4.72) (envelope-from <msporny@digitalbazaar.com>) id 1VvE1v-00005U-RZ for jose@ietf.org; Mon, 23 Dec 2013 17:31:21 -0500
Message-ID: <52B8B9B2.1040309@digitalbazaar.com>
Date: Mon, 23 Dec 2013 17:31:14 -0500
From: Manu Sporny <msporny@digitalbazaar.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.4) Gecko/20120510 Icedove/10.0.4
MIME-Version: 1.0
To: JOSE WG <jose@ietf.org>
References: <52A8DCBC.6030801@digitalbazaar.com> <255B9BB34FB7D647A506DC292726F6E115376CFF47@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E115376CFF47@WSMSG3153V.srv.dir.telstra.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [jose] Review Comments: Web Payments, Secure Messaging, and JOSE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2013 22:31:26 -0000

On 12/16/2013 06:34 PM, Manger, James wrote:
> There might be some nice ideas in the JSON-LD-based Secure
> Messaging. However, a crypto spec that uses encryption without
> authentication (no AEAD), uses raw CBC mode,

The spec has been updated, it uses GCM now.

We thought picking the final authenc algorithm now would be premature.
We had considered that the side-channel attacks would be a problem for
reviewers but hadn't updated the spec because we wanted to have a more
detailed discussion w/ the security community before picking an authenc
algorithm. We may not pick GCM in the end, but just picked that one
right now so that this wouldn't continue to be a distraction.

The spec is rough, implementations lead it by many months. What we're
trying to get feedback on right now is the overall approach. We'll put
more work into polishing up the spec as soon as we've determined that
there are no serious issues with the approach.

> thinks CBC stands for *cyclic* block chaining,

A typo in the spec, fixed.

> puts "BEGIN *PRIVATE* KEY" in a field named publicKeyPem,

A typo in the blog post, fixed.

> requires RDF Graph Normalization that seems far removed from JSON,

We actually started out with a JSON-based normalization algorithm. We
quickly discovered that we could generalize the normalization to not
just JSON, but a general graph-based data model. This is useful when
you're exchanging Linked Data like the Web Payments work does. We are
able to use the same normalization scheme for a variety of Linked Data
languages (JSON-LD, RDFa, Microdata, Turtle, NQuads, etc.). So, one
could express the data in HTML5+RDFa (via a web page) or JSON-LD (via a
REST API) and share the same digital signature since the sig is on the
information and not the structure of the JSON message.

That's not to say that the normalization algorithm couldn't be switched
out pretty easily, but to date we haven't had a need for another one
that is JSON specific. If that need arises, the only modification to the
Secure Messaging spec that would be needed would be to define the @type
of that normalization algorithm. For example:

"signature":
{
  "@type": "JsonSignature2014", <-- this is the only change necessary
  "creator": "http://example.org/manu/keys/5",
  "created": "2013-08-04T17:39:53Z",
  "signatureValue": "OGQzN ... IyZTk="
}

JSON-LD[1] expresses Linked Data[2]. The data model is a graph of
information (like the Web). We digitally sign that information at the
data model layer, not the JSON syntax layer. Doing so allows us to use
the same digital signature across a variety of syntaxes. It's more
flexible than just hard coding the normalization algorithm to JSON.

-- manu

[1] http://www.youtube.com/watch?v=vioCbTo3C-4
[2] http://www.youtube.com/watch?v=4x_xzT5eF5Q

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
http://www.w3.org/2013/10/payments/

v2.23.0 | Report a Bug | By Email