- From: Chris Boscolo <chris@boscolo.net>
- Date: Sun, 28 Oct 2018 17:10:53 -0700
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Cc: anders.rundgren.net@gmail.com, dean@authenticity.ac, pelle.braendgaard@consensys.net
- Message-ID: <CAByYRhaQt2Awz-CXShkD5kbpLNmM8+cBMSxxkNZKXWkYkcdhNA@mail.gmail.com>
I agree with Pelle's conclusions, but for different reasons. If you are going to use JSON as the representation for VCs, I think it is a mistake to try to impose JSON canonicalization to sign them. We at lifeID, are also working on a JWT-based VCs. -chrisb On Sun, Oct 28, 2018 at 2:32 PM Pelle Braendgaard < pelle.braendgaard@consensys.net> wrote: > Just to clarify. I’m not a fan of canonicalization for the reasons > mentioned here, but it could work with proper tooling. > > My main problem is that it you have to be intimately knowledgeable of how > json-ld, canonicalization and even how did resolution works before you can > safely take a verifiable claim and verify it. > > It is even more complex due to the nested aspects of many parts of the > proposed VC standards. > > In many cases in its extreme flexibility it has the same very dangerous > aspects of xmlsig. > > For VC to actually be used it needs to have tooling that can safely be > used by regular bank or web devs to verify what is sent to them. > > Ideally it would be simple enough that we could get a plethora of > implementations as well, but it seems unlikely since it’s fans don’t seem > interested in fixing these aspects in the name of flexibility and > readability. > > This is why I propose a workable middleground. Those who believe strongly > in the power of JSONLD invest in useable tooling to make it foolproof. > > At the same time those of us that are sceptical work to create better > proposals for VC based on JWT. > > Currently the state of libraries for json ld signature validation means > that most of us working on real production apps will not support it. > > The problem is not solved by a back and forth sending links on the pros > and cons. I think we’re all aware of them and are past that. > > Thanks. Hopefully we can make progress. > > Pelle > > On Sun, Oct 28, 2018 at 17:04 Anders Rundgren < > anders.rundgren.net@gmail.com> wrote: > >> On 2018-10-28 19:37, Dean Kevin Poulsen wrote: >> > Anders, >> > >> > Maybe canonicalization can be eliminated, because the need for >> canonicalization stems from the core issue, which is: >> > — The requirement that signed content be modified after being >> signed. >> >> Kevin, >> It is rather the wish using standard JSON tools which (typically) do not >> respect property order that calls for canonicalization. >> >> In the case of JSON-LD it is even worse since the requirement is to >> verify that both sides use the same graph expansion scheme. >> >> I started with building unique JSON tools which preserved property order >> and textual representation of elements. This worked flawlessly but I had >> to give it up anyway since nobody wanted to change their parser :-( The >> recent draft has a potentially very interesting quality: It can (with ease) >> be implemented as a option in a JSON serializer. Sorting is a one-liner >> and number serializing is well defined and open sourced. I use the >> canonicalization scheme for multiple purposes in my applications. Example: >> https://cyberphone.github.io/doc/saturn/bank2bank-payment.html#userauthz >> (requestHash). >> >> Enveloping and detached signature schemes do not require explicit >> modification of signed data but I stick to enveloped signatures because >> they preserve the structure of the data. >> >> Related discussion in the IETF: >> https://www.ietf.org/mail-archive/web/jose/current/msg05752.html >> >> Regards, >> Anders >> >> >> Then, the receiver is required to recreate the signed content through >> prescribed manipulations. >> > >> > “Seasoned XML developers recalling difficulties getting signatures to >> > validate (usually due to different interpretations of the quite >> > intricate XML canonicalization rules as well as of the equally >> > extensive Web Services security standards)…” >> > — From the introduction to: >> https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 >> > >> > >> > ------ >> > My opinion: SIGNED CONTENT SHOULD NOT BE MODIFIED AFTER IT IS SIGNED. >> > >> > To simplify the proposal, here's a signed JSON-LD in the existing >> standard and the same signed JSON-LD revised per my proposal: >> > >> > >> > My proposal does two things: >> > >> > 1. It splits the “proof” array into two arrays: “proofMetadata” and >> “proofValue”. >> > 2. It puts the signed content into a “signedContent” array. The >> “proofValue” immediately follows the “signedContent” >> > >> > This pulls the “proofValue” out of the signed content, eliminating the >> need to modify the signed content after it has been signed (except in the >> case of signature sets, where minimal modification is suggested for >> convenience). >> > >> > >> > — >> > You mentioned that one form of canonicalization doesn’t require the >> signature to be included. I can’t find that option in the links that you >> sent. Can you point me in the right direction? >> > >> > Thanks, >> > Kevin >> > [“Dean” is a title, not my name. :) ] >> > >> > >> > >> > >> >> On Oct 27, 2018, at 11:27 PM, Anders Rundgren < >> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> >> wrote: >> >> >> >> Hi Dean, >> >> >> >> I don't completely follow your proposal. Does it actually remove the >> need for RDF/LD canonicalization? >> >> >> >> Anyway, there are subtle differences between formats and one is if the >> signature parameters should be included or not. Including them requires >> that the data is modified by the signature and verify process. >> >> >> >> FWIW, this is how my Java verifier code deals with this particular >> topic for JSON Clear text Signatures: >> >> >> >> // 1. Make a shallow copy of the signature object >> >> LinkedHashMap<String, JSONValue> savedProperties = >> >> new LinkedHashMap<String, >> JSONValue>(innerSignatureObject.root.properties); >> >> // 2. Hide the signature value property for the serializer... >> >> >> innerSignatureObject.root.properties.remove(JSONCryptoHelper.VALUE_JSON); >> >> // 3. Serialize ("JSON.stringify()") >> >> normalizedData = >> signedData.serializeToBytes(JSONOutputFormats.CANONICALIZED); >> >> // 4. Restore the signature object >> >> innerSignatureObject.root.properties = savedProperties; >> >> >> >> Regards, >> >> Anders >> > >> >> -- > *Pelle Brændgaard // uPort Engineering Lead* > pelle.braendgaard@consensys.net > 49 Bogart St, Suite 22, Brooklyn NY 11206 > Web <https://consensys.net/> | Twitter <https://twitter.com/ConsenSys> | > Facebook <https://www.facebook.com/consensussystems> | Linkedin > <https://www.linkedin.com/company/consensus-systems-consensys-> | > Newsletter > <http://consensys.us11.list-manage.com/subscribe?u=947c9b18fc27e0b00fc2ad055&id=257df01285&utm_content=buffer1ce12&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer> >
Received on Monday, 29 October 2018 00:11:29 UTC