- From: Daniel Burnett <daniel.burnett@consensys.net>
- Date: Mon, 29 Oct 2018 16:20:46 -0400
- To: Pelle Braendgaard <pelle.braendgaard@consensys.net>
- Cc: anders.rundgren.net@gmail.com, dean@authenticity.ac, public-credentials@w3.org
- Message-ID: <CAJ-gw3ExMrWEKLyOJnuxbaGR+1jrgdaMQHe6o04B+rJsXSaipQ@mail.gmail.com>
On Sun, Oct 28, 2018 at 5:32 PM Pelle Braendgaard < pelle.braendgaard@consensys.net> wrote: > Just to clarify. I’m not a fan of canonicalization for the reasons > mentioned here, but it could work with proper tooling. > > My main problem is that it you have to be intimately knowledgeable of how > json-ld, canonicalization and even how did resolution works before you can > safely take a verifiable claim and verify it. > > It is even more complex due to the nested aspects of many parts of the > proposed VC standards. > > In many cases in its extreme flexibility it has the same very dangerous > aspects of xmlsig. > > For VC to actually be used it needs to have tooling that can safely be > used by regular bank or web devs to verify what is sent to them. > > Ideally it would be simple enough that we could get a plethora of > implementations as well, but it seems unlikely since it’s fans don’t seem > interested in fixing these aspects in the name of flexibility and > readability. > > This is why I propose a workable middleground. Those who believe strongly > in the power of JSONLD invest in useable tooling to make it foolproof. > > At the same time those of us that are sceptical work to create better > proposals for VC based on JWT. > The Verifiable Claims Working Group, the standards-track group where this work is being finalized, takes this very seriously, having discussed this topic at every face-to-face meeting since inception and always reaching a conclusion of 'we would like more detailed proposals from those who prefer a JWT-based approach'. As a member of the VCWG yourself, you are no doubt aware that we have been seeking precisely such detailed proposals since the beginning of that group in March 2017. As a co-chair of the VCWG, I would like to ask you to expedite that work. Our group is chartered to complete in March of next year, with an expectation of feature / substantive content freeze on November 6th of this year (yes, in just a couple of weeks). If your detailed proposals come in after that time we may need to consider adding them in a version 2.0 when/if such additional work is chartered. We look forward to receiving your (and others') proposals. > Currently the state of libraries for json ld signature validation means > that most of us working on real production apps will not support it. > > The problem is not solved by a back and forth sending links on the pros > and cons. I think we’re all aware of them and are past that. > > Thanks. Hopefully we can make progress. > > Pelle > > On Sun, Oct 28, 2018 at 17:04 Anders Rundgren < > anders.rundgren.net@gmail.com> wrote: > >> On 2018-10-28 19:37, Dean Kevin Poulsen wrote: >> > Anders, >> > >> > Maybe canonicalization can be eliminated, because the need for >> canonicalization stems from the core issue, which is: >> > — The requirement that signed content be modified after being >> signed. >> >> Kevin, >> It is rather the wish using standard JSON tools which (typically) do not >> respect property order that calls for canonicalization. >> >> In the case of JSON-LD it is even worse since the requirement is to >> verify that both sides use the same graph expansion scheme. >> >> I started with building unique JSON tools which preserved property order >> and textual representation of elements. This worked flawlessly but I had >> to give it up anyway since nobody wanted to change their parser :-( The >> recent draft has a potentially very interesting quality: It can (with ease) >> be implemented as a option in a JSON serializer. Sorting is a one-liner >> and number serializing is well defined and open sourced. I use the >> canonicalization scheme for multiple purposes in my applications. Example: >> https://cyberphone.github.io/doc/saturn/bank2bank-payment.html#userauthz >> (requestHash). >> >> Enveloping and detached signature schemes do not require explicit >> modification of signed data but I stick to enveloped signatures because >> they preserve the structure of the data. >> >> Related discussion in the IETF: >> https://www.ietf.org/mail-archive/web/jose/current/msg05752.html >> >> Regards, >> Anders >> >> >> Then, the receiver is required to recreate the signed content through >> prescribed manipulations. >> > >> > “Seasoned XML developers recalling difficulties getting signatures to >> > validate (usually due to different interpretations of the quite >> > intricate XML canonicalization rules as well as of the equally >> > extensive Web Services security standards)…” >> > — From the introduction to: >> https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01 >> > >> > >> > ------ >> > My opinion: SIGNED CONTENT SHOULD NOT BE MODIFIED AFTER IT IS SIGNED. >> > >> > To simplify the proposal, here's a signed JSON-LD in the existing >> standard and the same signed JSON-LD revised per my proposal: >> > >> > >> > My proposal does two things: >> > >> > 1. It splits the “proof” array into two arrays: “proofMetadata” and >> “proofValue”. >> > 2. It puts the signed content into a “signedContent” array. The >> “proofValue” immediately follows the “signedContent” >> > >> > This pulls the “proofValue” out of the signed content, eliminating the >> need to modify the signed content after it has been signed (except in the >> case of signature sets, where minimal modification is suggested for >> convenience). >> > >> > >> > — >> > You mentioned that one form of canonicalization doesn’t require the >> signature to be included. I can’t find that option in the links that you >> sent. Can you point me in the right direction? >> > >> > Thanks, >> > Kevin >> > [“Dean” is a title, not my name. :) ] >> > >> > >> > >> > >> >> On Oct 27, 2018, at 11:27 PM, Anders Rundgren < >> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> >> wrote: >> >> >> >> Hi Dean, >> >> >> >> I don't completely follow your proposal. Does it actually remove the >> need for RDF/LD canonicalization? >> >> >> >> Anyway, there are subtle differences between formats and one is if the >> signature parameters should be included or not. Including them requires >> that the data is modified by the signature and verify process. >> >> >> >> FWIW, this is how my Java verifier code deals with this particular >> topic for JSON Clear text Signatures: >> >> >> >> // 1. Make a shallow copy of the signature object >> >> LinkedHashMap<String, JSONValue> savedProperties = >> >> new LinkedHashMap<String, >> JSONValue>(innerSignatureObject.root.properties); >> >> // 2. Hide the signature value property for the serializer... >> >> >> innerSignatureObject.root.properties.remove(JSONCryptoHelper.VALUE_JSON); >> >> // 3. Serialize ("JSON.stringify()") >> >> normalizedData = >> signedData.serializeToBytes(JSONOutputFormats.CANONICALIZED); >> >> // 4. Restore the signature object >> >> innerSignatureObject.root.properties = savedProperties; >> >> >> >> Regards, >> >> Anders >> > >> >> -- > *Pelle Brændgaard // uPort Engineering Lead* > pelle.braendgaard@consensys.net > 49 Bogart St, Suite 22, Brooklyn NY 11206 > Web <https://consensys.net/> | Twitter <https://twitter.com/ConsenSys> | > Facebook <https://www.facebook.com/consensussystems> | Linkedin > <https://www.linkedin.com/company/consensus-systems-consensys-> | > Newsletter > <http://consensys.us11.list-manage.com/subscribe?u=947c9b18fc27e0b00fc2ad055&id=257df01285&utm_content=buffer1ce12&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer> >
Received on Monday, 29 October 2018 20:22:01 UTC