- From: Henry Story <henry.story@gmail.com>
- Date: Sun, 28 Mar 2021 12:57:12 +0200
- To: Credentials CG <public-credentials@w3.org>
- Cc: Chadwick David <D.W.Chadwick@kent.ac.uk>
- Message-Id: <589AC9F6-5E89-47A7-8E3D-6503CD408794@gmail.com>
> On 27 Mar 2021, at 19:12, Henry Story <henry.story@gmail.com> wrote: > > >> On 27 Mar 2021, at 18:41, David Chadwick <D.W.Chadwick@kent.ac.uk> wrote: >> >> Hi Henry >> >> This is very similar to the did:jwt method that I have proposed >> >> On 27/03/2021 17:26, Henry Story wrote: >>> "publicKeyJwk": { >>> "kty": "RSA", >>> "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", >>> "e":"AQAB", >>> "alg":"PS512", >>> "kid":"2011-04-29" >>> } >>> >> It would be good if we could harmonise them > > Sure :-) Can you leave some pointers at > https://github.com/solid/authentication-panel/issues/156 Thanks for posting the links. I opened an issue on whether Solid could support did-jws here: https://github.com/solid/authentication-panel/issues/157 I would like the wider community here to provide some feedback on this. We seem to have the following problem (explained more at length in the issue) namely that various protocols (defined as a key+hash type) were removed from ”Signing HTTP Messages” the reason given being: > Status: Deprecated; specifying signature algorithm enables attack vector. My guess is that the attack vector can only take place between the end of the TLS connection and the web server [1]. Insights on this would be appreciated. Could this be solved if one required the did (jws) key to come with its own signature - not using a checksum of course? But then why not sign the headers just with the pure (RSA) key? The headers to sign should be quite short, if one does not choose too long a keyid. That may depend on each of the crypto algorithms. I think for RSA the bit length is the maxsize that can be safely signed, so a 4096 key could contain 585 ascii characters, which is about 7 lines of 80char length. With a 8192 key one should be able to cover all headers we need. Would that work with the other encryption algorithms? Henry [1] I think the token binding work was trying to solve that but the Chrome folks refused to implement it arguing that there should not be a security problem between the end of the TLS connection and the web server (given that that should be within a secured space). Ie. their argument was that this was outside the browser scope, as otherwise why not also take into considerations security holes inside the web server? See a set of links on the topic and links to discussions here: https://twitter.com/bblfish/status/1365603981259595780
Received on Sunday, 28 March 2021 10:57:27 UTC