Re: JWK attributes for WebCrypto keys: last call from Alexey Proskuryakov on 2013-12-16 (public-webcrypto@w3.org from December 2013)

From: Alexey Proskuryakov <ap@webkit.org>
Date: Mon, 16 Dec 2013 09:48:13 -0800
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Ryan Sleevi <sleevi@google.com>, Mark Watson <watsonm@netflix.com>, GALINDO Virginie <Virginie.GALINDO@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-id: <200F7341-0EE2-4A0E-B996-233F6884A0FC@webkit.org>
Hi Mike,

I suggest that we try to design a system with both "use" and "uses" attributes in this e-mail thread. My expectation is that will either be insecure, or very subtle, making it effectively insecure in real world implementations.

The constraints are:

1. Implementations that don't know about WebCrypto may not reuse a JWK key exported via WebCrypto API in ways that violate its original usage limitations.

2. For WebCrypto keys whose usages can be mapped onto "pure JWK" uses, the exported keys should be usable by "pure JWK" implementations.

3. Rules for conflict resolution are explicitly defined for each actor. No implementation, whether WebCrypto aware or not, may accept keys that have conflicting use and uses attributes.

For a specific example, how would a WebCrypto key with usages encrypt+decrypt look in JWK?

I also don't understand the purpose of extensibility in JWK "use" value set if we are not allowed to extend it. WebCrypto is likely to become the #1 application of JWK by any metric, simply due to the prominence of web browsing. Putting it aside as a special case seems counter-productive.

Embedding two different concepts of "use" into a single format - which is not even a legacy one yet - is extremely confusing, and would remain confusing for as long as JWK exists.

- WBR, Alexey Proskuryakov

16 дек. 2013 г., в 8:25, Mike Jones <Michael.Jones@microsoft.com> написал(а):

> You could call it “uses” if you prefer – since it’s multi-valued.  Use the same values as used in the WebCrypto spec.  Keep things simple.
>  
> Simplicity is why “use” doesn’t specify multi-valued combinations.  It’s good enough to prevent people from mixing signing and encryption, which is the problem it’s trying to prevent.  It’s not that finer-grained use descriptions aren’t reasonable in some contexts – it just that they’re not always necessary, and so JOSE went with something simpler.
>  
> If you feel that they’re necessary, go for it.  Define “uses” or whatever you want to call it and get it registered.  I’m sure that people would thank you.
>  
>                                                             -- Mike
>  
> From: Ryan Sleevi [mailto:sleevi@google.com] 
> Sent: Monday, December 16, 2013 8:21 AM
> To: Mike Jones
> Cc: Mark Watson; GALINDO Virginie; public-webcrypto@w3.org
> Subject: Re: JWK attributes for WebCrypto keys: last call
>  
>  
>  
> 
> On Mon, Dec 16, 2013 at 8:16 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> JWK is a general-purpose key format.  “use” is a simple optional key use designator within that format.  The format is extensible.  There’s no barrier to WebCrypto defining and registering a different finer-grained key use designator for that format as well.  Just use a different name and define the set of values.
>  
> I’m not sure why people seem hell-bent on cramming finer-grained multi-valued use values into a single-valued property.  Doing it right and creating a different property is so much easier.
>  
>                                                             -- Mike
>  
> Because we would hope that an IETF standard would accomodate multiple use cases beyond JWE/JWS, which it seems to be a design flaw - whether intentional from design philosophy or accidental from the fact that JWE/JWS were the only users of JWK at the time - that it would fail to accomodate such a use case that has long been recognized by other key formats.
>  
> You're absolutely correct that we could specify "WebCrypto_use" - but it would seem like, for symmetry and following that design logic, JWK's "use" should be "JWE_use" or "JWS_use", or something equally spec-specific.
>  
> I'm sure the visceral reaction to such a design proposal is negative, which is I think what some of us are feeling with a suggestion that "Webcrypto_use" is a somehow clean or elegant solution for the intransigent inflexibility of JWK.
>  
>  
> From: Ryan Sleevi [mailto:sleevi@google.com] 
> Sent: Monday, December 16, 2013 8:11 AM
> To: Mike Jones
> Cc: Mark Watson; GALINDO Virginie; public-webcrypto@w3.org
> 
> Subject: Re: JWK attributes for WebCrypto keys: last call
>  
>  
>  
> 
> On Mon, Dec 16, 2013 at 7:44 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> From my point of view, it would be a lot cleaner to use a different JWK identifier than “use”, such as “WebCrypto_uses” than to overload “use” with different, but related values.  It will hurt interoperation by creating keys that use a common identifier differently, and in a non-interoperable manner.  It would be far better to use a different identifier, which can be safely ignored by vanilla JWK implementations, rather than to overload the standard identifier, and potentially cause JWK implementations to reject the keys.
>  
> Mike,
>  
> Respectfully, this makes no sense to me.
>  
> I could understand your argument if the basis was that it hurt interoperability with JWE/JWS libraries, but that's not the argument you made - you suggested it hurts interoperability with "vanilla JWK implementations". There is, I believe, an inherent assumption that "vanilla JWK implementations" == "JWE and JWE", but I don't think that's the case at all, nor do I think that's a fair sign for the JOSE efforts if that is believed to be the case.
>  
> If JWK is meant to be a key descriptor/key container format, for use in a variety of specifications (including JWE and JWS, but also WebCrypto), then supporting extensions to "use" per the relevant specifications seems absolutely the correct approach. However, if your view is that JWK is "really" only meant for JWE/JWK, and everything else should either extend JWE/JWS or define custom attributes, well, then I think this WG is making a mistake by attaching to JWK, since it's clear that is not the authors' intent.
>  
> Cheers
>  
>  
> Since “use” is OPTIONAL, WebCrypto could also specify that it not be used in a JWK when “WebCrypto_uses” is used, so that there’s no duplication of information.
>  
>                                                             -- Mike
>  
> From: Mark Watson [mailto:watsonm@netflix.com] 
> Sent: Monday, December 16, 2013 7:37 AM
> To: Ryan Sleevi
> Cc: GALINDO Virginie; public-webcrypto@w3.org; Mike Jones
> Subject: Re: JWK attributes for WebCrypto keys: last call
>  
> 
> 
> Sent from my iPhone
> 
> On Dec 16, 2013, at 7:32 AM, Ryan Sleevi <sleevi@google.com> wrote:
> 
> Were we not waiting to hear from JOSE?
> 
> We heard from them that it is ok / intended for others to register new use values for JWK and they have modified their specification accordingly.
>  
> Separately, I have raised the question of whether we should change the comma-separated string format for multiple use values to an Array. On this there is no consensus yet, so we should stick with the format in the proposal and now in the Editor's Draft.
>  
> ...Mark
>  
> On Dec 16, 2013 7:07 AM, "GALINDO Virginie" <Virginie.GALINDO@gemalto.com> wrote:
> Dear all,
> FYI, as there was no comment to this call, the text proposed by Mark has been integrated.
> Virginie
>  
> From: Mark Watson [mailto:watsonm@netflix.com] 
> Sent: lundi 2 décembre 2013 17:32
> To: public-webcrypto@w3.org
> Subject: JWK attributes for WebCrypto keys: last call
>  
> All,
>  
> On our call today we discussed the proposal for this [1] which I revised as a result of the email/bug discussion (Comment 12 to [1]). There were no further comments on the call and have been no further comments on the list.
>  
> We agreed to send a "last chance" email to the list (that is what this is). In the absence of comments we'll add this material to the editor's draft.
>  
> ...Mark
>  
> [1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796
>  
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
Received on Monday, 16 December 2013 17:48:45 UTC