- From: Ed Simon <edsimon@xmlsec.com>
- Date: Mon, 20 Dec 2004 14:55:47 -0500
- To: <www-xkms@w3.org>
Thank you Jose for your careful explanation. Ed wrote: > It seems to me, based on my inadequate knowledge as someone not > participating in the technical interop, that specifying the means of > converting a human language pass phrase into base64 may be extraneous > to the XKMS spec. (If the experience of actual implementors > disagrees, let me > know.) For me, the XKMS spec just has to say that the shared secret > data, wherever it came from, must be base64-encoded when appearing in > an XKMS message. Then it does not matter if the pass phrase was human > language text, a (tiny) image bitmap, or whatever. Jose responded: >>> ... What is important is that the user be able to type the same passphrase regardless of what device s/he is using. From some feedback I got (I've to ask if I can forward it to the list), it seems that the best way is to require that the pass-phrase be coded into UTF-8 before applying the MAC algorithms. This provides for having the same result regardless of the mechanism used to input the pass-phrase. <<< My concern is regarding support for non-human-language pass phrases. Yes, if it is human language, there needs to be a way to canonicalize the various textually equivalent, but binarily different, forms into one binary form. Whether that canonicalization needs to be part of the core XKMS spec, or in a profile, I'm not so sure (I lean toward a separate profile). What is important is that the XKMS spec a) NOT make it difficult for non-human-language pass phrases to be implemented b) read so that it is clear how one would use non-human-language pass phrases To address the above, I would rewrite paragraph [329] as follows (note: I've NOT separated out the canonicalization of the human-readable symmetric key into a separate profile): >>> [329a]The symmetric key data MAY be binary data (as from an authentication device) or as a human-readable value (numeric, alphabetic, or both). When it is binary data, no transformation is needed; the data can be used directly as input to the MAC function. [329b]When the symmetric key data is human-readable, it may be issued to a human user in the form of a text string which may in some circumstances be read over a telephone line. It may be randomly generated and represent an underlying numeric value, or may be a password or phrase. In either case, it is often convenient to present the value to the human user as a string of characters in a character set the particular user understands. To limit the possibility of human error in processing the symmetric key data, and to provide a canonical binary representation, follow these REQUIRED steps. 1) Allow only characters conforming to the XML Schema NMTOKEN type (http://w3.org/TR/xmlschema-2/#NMTOKEN). 2) Convert all upper case characters in the Latin-1 alphabet to lower case (no other characters, including accented characters are converted). 3) Encode the string in UTF-8. <<< Comments? Regards, Ed ======================================== Ed Simon (613) 726-9645 edsimon@xmlsec.com Interested in XML, Web Services, or Security? Visit "www.xmlsec.com". Now available! "Web Services Security" published by Osborne (ISBN# 0072224711) -----Original Message----- From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org] On Behalf Of Jose Kahan Sent: December 18, 2004 12:48 AM To: Ed Simon Cc: www-xkms@w3.org Subject: Re: Again, confusing 8.1 Ed, Mea-culpa! On Fri, Dec 17, 2004 at 02:42:58PM -0500, Ed Simon wrote: > > Jose wrote: "From what I understand, the pass-phrase is never sent on > the clear. We're only sending the base-64 of a MAC computation. So > that should be valid XML." > > No, a base64 string is NOT valid XML. That's why having the statement > in section 8.1 that "All shared string values are encoded as XML" is confusing. > base64 is not XML, it is base64 (eg. > http://w3.org/TR/xmlschema-2/#base64Binary). Oops! Sorry for my being ignorant about this! I had to do my homework again so to avoid saying confusing things. The XKMS schema uses xs:base64Binary for some of its attributes and elements, including <RevocationCodeIdentifier> and <RevocationCode> where the base64bin coding of the result of the encoded pass-phrase goes when registering a new key. > It seems to me, based on my inadequate knowledge as someone not > participating in the technical interop, that specifying the means of > converting a human language pass phrase into base64 may be extraneous > to the XKMS spec. (If the experience of actual implementors > disagrees, let me > know.) For me, the XKMS spec just has to say that the shared secret > data, wherever it came from, must be base64-encoded when appearing in > an XKMS message. Then it does not matter if the pass phrase was human > language text, a (tiny) image bitmap, or whatever. It's a bit more than that. For me part of the confusion is how 8.1 defintes what is a Limited-Use Shared secret. Looking at the example for the Registration of a Client-Generated Key pair in section 6.1.1, par[243], Alice uses the pass-phrase (or shared string?) "Help I have revealed my key" is used. This string is encoded twice with the HMAC-SHA1 one way function (Appendix C.2.1) and the final result is BASE64bin encoded (I guess this is how one referers to it) and then included inside this element: <RevocationCodeIdentifier> 5AEAai06hFJEkuqyDyqNh8k/u3M= </RevocationCodeIdentifier> In 6.3.1 this key is revoked and Alice uses the same pass-phrase for authentication purposes. But she only applies once the HMAC_SHA1 one way function and then BASE64bin encodes the result: <RevocationCode>PHx8li2SUhrJv2e1DyeWbGbD6rs=</RevocationCode> The server verifies the authentication by applying itself the second HMAC-SHA1 on the furnished value and comparing the values, which must be the same. In this case, the pass-phrase never circulated on the clear and the server never knew what it was. didn't saw it. This is explained in section 7.1.2. What is important is that the user be able to type the same passphrase regardless of what device s/he is using. From some feedback I got (I've to ask if I can forward it to the list), it seems that the best way is to require that the pass-phrase be coded into UTF-8 before applying the MAC algorithms. This provides for having the same result regardless of the mechanism used to input the pass-phrase. > If we do need to specify rules of pre-base64-encoded human language > pass phrase, then we should certainly NOT mandate that it must be valid XML (eg. > with start and end tags) unless someone has a good reason for doing so. We're only coding binary results into BASE64bin AFAIK. Did the explanations that I write here above clarify a bit this? -jose
Received on Monday, 20 December 2004 19:55:17 UTC