Discussion:
Updated: Re: Giving up on XML DSig => JSON
Anders Rundgren
2013-08-31 03:22:58 UTC
Permalink
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.

Canonicalization:
- Remove whitespace
- Unescape "strings"
- Sort properties

Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.

That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)

{
"@context": "http://example.com/test-signature",
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
"Signature":
{
"SignatureInfo":
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
"KeyInfo":
{
"SignatureCertificate":
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
"X509CertificatePath":
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
}
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}

The sample shows the new KeyGen2 message structure which has been derived from JSON-LD (@context)

Cheers
Anders
David Chadwick
2013-09-02 08:08:35 UTC
Permalink
Hi Anders

I am interested in the contents of the "X509CertificatePath" element.
Which certificates does it contain in which order? Does it contain
multiple paths? Is it taken from any standard definition (such as the
OASIS J2ME Code-Signing Profile of the OASIS Digital Signature Services
Standard of 11 April 2007)

regards

David
Post by Anders Rundgren
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)
{
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
{
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
{
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
}
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
Cheers
Anders
Anders Rundgren
2013-09-02 09:18:24 UTC
Permalink
Post by David Chadwick
Hi Anders
I am interested in the contents of the "X509CertificatePath" element.
Which certificates does it contain in which order? Does it contain
multiple paths? Is it taken from any standard definition (such as the
OASIS J2ME Code-Signing Profile of the OASIS Digital Signature Services
Standard of 11 April 2007)
Hi David,

Thank you for pointing out this glaring hole in the documentation !
It has been fixed now (update 0.44):

https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON-Clear-Text-Signature-Scheme.pdf

I think JCS should be regarded as an _extremely_ scaled-down and simplified version of XML DSig.
The primary target for JCS are security protocols with KeyGen2 as the first "victim".

Regards
Anders
Post by David Chadwick
regards
David
Post by Anders Rundgren
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)
{
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
{
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
{
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
}
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
Cheers
Anders
David Chadwick
2013-09-02 10:43:34 UTC
Permalink
Hi Anders

given that JSC should be scaled down and simplified version of DSIG can
I suggest two simplifications

i) only one path should be in certification path, and not multiple paths
ii) the path should start with the root of trust and end with the
signer's certificate, as this is the order needed for path validation.
Currently you have it with the signer's certificate as the first cert in
the path.

FYI, the X.509 standard defines PKIPath to be precisely the above

regards

David
Post by Anders Rundgren
Post by David Chadwick
Hi Anders
I am interested in the contents of the "X509CertificatePath" element.
Which certificates does it contain in which order? Does it contain
multiple paths? Is it taken from any standard definition (such as the
OASIS J2ME Code-Signing Profile of the OASIS Digital Signature Services
Standard of 11 April 2007)
Hi David,
Thank you for pointing out this glaring hole in the documentation !
https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON-Clear-Text-Signature-Scheme.pdf
I think JCS should be regarded as an _extremely_ scaled-down and simplified version of XML DSig.
The primary target for JCS are security protocols with KeyGen2 as the first "victim".
Regards
Anders
Post by David Chadwick
regards
David
Post by Anders Rundgren
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)
{
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
{
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
{
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
}
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
Cheers
Anders
Anders Rundgren
2013-09-02 15:08:05 UTC
Permalink
Post by David Chadwick
Hi Anders
Hi David,
Post by David Chadwick
given that JSC should be scaled down and simplified version of DSIG can
I suggest two simplifications
i) only one path should be in certification path, and not multiple paths
This is what I meant :-) Now I have upgraded the text a bit.
Post by David Chadwick
ii) the path should start with the root of trust and end with the
signer's certificate, as this is the order needed for path validation.
Currently you have it with the signer's certificate as the first cert in
the path.
It seems that many APIs think differently and recent standards-in-progress have
[probably] followed that:

http://tools.ietf.org/id/draft-ietf-jose-json-web-signature-14.html#rfc.section.4.1.6

Regards,
Anders
Post by David Chadwick
FYI, the X.509 standard defines PKIPath to be precisely the above
regards
David
Post by Anders Rundgren
Post by David Chadwick
Hi Anders
I am interested in the contents of the "X509CertificatePath" element.
Which certificates does it contain in which order? Does it contain
multiple paths? Is it taken from any standard definition (such as the
OASIS J2ME Code-Signing Profile of the OASIS Digital Signature Services
Standard of 11 April 2007)
Hi David,
Thank you for pointing out this glaring hole in the documentation !
https://openkeystore.googlecode.com/svn/resources/trunk/docs/JSON-Clear-Text-Signature-Scheme.pdf
I think JCS should be regarded as an _extremely_ scaled-down and simplified version of XML DSig.
The primary target for JCS are security protocols with KeyGen2 as the first "victim".
Regards
Anders
Post by David Chadwick
regards
David
Post by Anders Rundgren
Hi,
Based on the _extremely_ useful feedback received, I have decided to update the proposed clear-text JSON Signature scheme.
- Remove whitespace
- Unescape "strings"
- Sort properties
Signature scope: a JSON Signature signs the object (including possible child objects) it is declared in.
That is, the final XML DSig "leftover", the awkward Reference has been shelved.
I expect the resulting code to be even shorter than today :-)
{
"Now": "2013-08-30T07:56:08+02:00",
"ID": "lADU_sO067Wlgoo52-9L",
"STRINGS": ["One","Two","Three"],
"EscapeMe": "A\\\n\"",
"Intra": 78,
{
{
"Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
{
{
"Issuer": "CN=Demo Sub CA,DC=webpki,DC=org",
"SerialNumber": 1377713637130,
"Subject": "CN=example.com,O=Example Organization,C=US"
},
[
"MIIClzCCAX+gAwIBAgIG...RBYG3uk9W/uNIHdoyQn19w=="
]
}
},
"SignatureValue": "MEYCIQCCAxLBoPw5h8hW4M...L5t0XscOTPWXE67c1SCT"
},
}
Cheers
Anders
Loading...