Archive for the 'Cryptography' Category

June 24, 2015
JWK Thumbprint -06 addressing SecDir review comments

IETF logoA new JWK Thumbprint draft has been posted addressing the IETF Security Directorate (SecDir) comments from Adam Montville. The changes clarify aspects of the selection and dissemination of the hash algorithm choice and update the instructions to the Designated Experts when registering JWK members and values.

The specification is available at:

An HTML formatted version is also available at:

May 27, 2015
JWS Signing Input Options Specification

IETF logoThere’s been interest being able to not base64url-encode the JWS Payload under some circumstances by a number of people. I’ve occasionally thought about ways to accomplish this, and prompted again by discussions with Phillip Hallam-Baker, Martin Thomson, Jim Schaad, and others at IETF 92 in Dallas, recollections of conversations with Matt Miller and Richard Barnes on the topic, and with Anders Rundgren on the JOSE mailing list, I decided to write down a concrete proposal while there’s still a JOSE working group to possibly consider taking it forward. The abstract of the spec is:

JSON Web Signature (JWS) represents the payload of a JWS as a base64url encoded value and uses this value in the JWS Signature computation. While this enables arbitrary payloads to be integrity protected, some have described use cases in which the base64url encoding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not base64url-encode the payload.

Also, JWS includes a representation of the JWS Protected Header and a period (‘.’) character in the JWS Signature computation. While this cryptographically binds the protected Header Parameters to the integrity protected payload, some of have described use cases in which this binding is unnecessary and/or an impediment to adoption, especially when the payload is large and/or detached. This specification defines a means of accommodating these use cases by defining an option to change the JWS Signing Input computation to not include a representation of the JWS Protected Header and a period (‘.’) character in the JWS Signing Input.

These options are intended to broaden the set of use cases for which the use of JWS is a good fit.

The specification is available at:

An HTML formatted version is also available at:

May 27, 2015
Tightened Key Managed JWS Spec

IETF logoThe -01 version of draft-jones-jose-key-managed-json-web-signature tightened the semantics by prohibiting use of “dir” as the “alg” header parameter value so a second equivalent representation for content integrity-protected with a MAC with no key management isn’t introduced. (A normal JWS will do just fine in this case.) Thanks to Jim Schaad for pointing this out. This version also adds acknowledgements and references the now-final JOSE RFCs.

This specification is available at:

An HTML formatted version is also available at:

May 27, 2015
JWK Thumbprint -05 draft addressing issues raised in Kathleen Moriarty’s AD review

IETF logoThis JWK Thumbprint draft addresses issues raised in Kathleen Moriarty’s AD review of the -04 draft. This resulted in several useful clarifications. This version also references the now-final JOSE RFCs.

The specification is available at:

An HTML formatted version is also available at:

May 19, 2015
The OAuth Assertions specs are now RFCs!

OAuth logoThe OAuth Assertions specifications are now standards – IETF RFCs. They are:

  • RFC 7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
  • RFC 7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
  • RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

This completes the nearly 5 year journey to create standards for using security tokens as OAuth 2.0 authorization grants and for OAuth 2.0 client authentication. Like the JWT and JOSE specs that are now also RFCs, these specifications have been in widespread use for a number of years, enabling claims-based use of OAuth 2.0. My personal thanks to Brian Campbell and Chuck Mortimore for getting the ball rolling on this and seeing it through to completion, to Yaron Goland for helping us generalize what started as a SAML-only authorization-grant-only spec to a framework also supporting client authentication and JWTs, and to the OAuth working group members, chairs, area directors, and IETF members who contributed to these useful specifications.

May 19, 2015
JWT and JOSE are now RFCs!

IETF logoThe JSON Web Token (JWT) and JSON Object Signing and Encryption (JOSE) specifications are now standards – IETF RFCs. They are:

This completes a 4.5 year journey to create a simple JSON-based security token format and underlying JSON-based cryptographic standards. The goal was always to “keep simple things simple” – making it easy to build and deploy implementations solving commonly-occurring problems using whatever modern development tools implementers chose. We took an engineering approach – including features we believed would be commonly used and intentionally leaving out more esoteric features, to keep the implementation footprint small. I’m happy to report that the working groups and the resulting standards stayed true to this vision, with the already widespread adoption and an industry award being testaments to this accomplishment.

The origin of these specifications was the realization in the fall of 2010 that a number of us had created similar JSON-based security token formats. Seemed like it was time for a standard! I did a survey of the choices made by the different specs and made a convergence proposal based on the survey. The result was draft-jones-json-web-token-00. Meanwhile, Eric Rescorla and Joe Hildebrand had independently created another JSON-based signature and encryption proposal. We joined forces at IETF 81, incorporating parts of both specs, with the result being the -00 versions of the JOSE working group specs.

Lots of people deserve thanks for their contributions. Nat Sakimura, John Bradley, Yaron Goland, Dirk Balfanz, John Panzer, Paul Tarjan, Luke Shepard, Eric Rescorla, and Joe Hildebrand created the precursors to these RFCs. (Many of them also stayed involved throughout the process.) Richard Barnes, Matt Miller, James Manger, and Jim Schaad all provided detailed input throughout the process that greatly improved the result. Brian Campbell, Axel Nennker, Emmanuel Raviart, Edmund Jay, and Vladimir Dzhuvinov all created early implementations and fed their experiences back into the spec designs. Sean Turner, Stephen Farrell, and Kathleen Moriarty all did detailed reviews that added ideas and improved the specs. Matt Miller also created the accompanying JOSE Cookbook – RFC 7520. Chuck Mortimore, Brian Campbell, and I created the related OAuth assertions specs, which are now also RFCs. Karen O’Donoghue stepped in at key points to keep us moving forward. Of course, many other JOSE and OAuth working group and IETF members also made important contributions. Finally, I want to thank Tony Nadalin and others at Microsoft for believing in the vision for these specs and consistently supporting my work on them.

I’ll close by remarking that I’ve been told that the sign of a successful technology is that it ends up being used in ways that the inventors never imagined. That’s certainly already true here. I can’t wait to see all the ways that people will continue to use JWTs and JOSE to build useful, secure applications!

March 9, 2015
OAuth Proof-of-Possession draft -02 closing open issues

OAuth logoAn updated OAuth Proof-of-Possession draft has been posted that address the open issues identified in the previous draft. Changes were:

  • Defined the terms Issuer, Presenter, and Recipient and updated their usage within the document.
  • Added a description of a use case using an asymmetric proof-of-possession key to the introduction.
  • Added the “kid” (key ID) confirmation method.

Thanks to Hannes Tschofenig for writing text to address the open issues.

This specification is available at:

An HTML formatted version is also available at:

March 3, 2015
JWK Thumbprint -04 draft incorporating feedback during second WGLC

IETF logoThe latest JWK Thumbprint draft addresses review comments on the -03 draft by Jim Schaad, which resulted in several clarifications and some corrections to the case of RFC 2119 keywords.

The specification is available at:

An HTML formatted version is also available at:

March 3, 2015
Key Managed JSON Web Signature (KMJWS) specification

IETF logoI took a little time today and wrote a short draft specifying a JWS-like object that uses key management for the MAC key used to integrity protect the payload. We had considered doing this in JOSE issue #2 but didn’t do so at the time because of lack of demand. However, I wanted to get this down now to demonstrate that it is easy to do and specify a way to do it, should demand develop in the future – possibly after the JOSE working group has been closed. See http://tools.ietf.org/html/draft-jones-jose-key-managed-json-web-signature-00 or http://self-issued.info/docs/draft-jones-jose-key-managed-json-web-signature-00.html.

This spec reuses key management functionality already present in the JWE spec and MAC functionality already present in the JWS spec. The result is essentially a JWS with an Encrypted Key value added, and a new “mac” Header Parameter value representing the MAC algorithm used. (Like JWE, the key management algorithm is carried in the “alg” Header Parameter value.)

I also wrote this now as possible input into our thinking on options for creating a CBOR JOSE mapping. If there are CBOR use cases needing managed MAC keys, this could help us reason about ways to structure the solution.

Yes, the spec name and abbreviation are far from catchy. Better naming ideas would be great.

Feedback welcomed.

February 26, 2015
JWK Thumbprint -03 draft incorporating additional feedback

IETF logoA new JWK Thumbprint draft has been posted that addresses additional review comments by James Manger and Jim Schaad. Changes included adding a discussion on the relationship of JWK Thumbprints to digests of X.509 values. No normative changes resulted.

The specification is available at:

An HTML formatted version is also available at:

February 19, 2015
JWK Thumbprint -02 draft incorporating WGLC feedback

IETF logoNat Sakimura and I have updated the JSON Web Key (JWK) Thumbprint draft to incorporate feedback receiving during JOSE working group last call. Changes were:

  • No longer register the new JSON Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters and the new JSON Web Key (JWK) member name jkt (JWK SHA-256 Thumbprint) for holding these values.
  • Added security considerations about the measures needed to ensure that a unique JWK Thumbprint value is produced for a key.
  • Added text saying that a base64url encoded JWK Thumbprint value could be used as a kid (key ID) value.
  • Broke a sentence up that used to be way too long.

The specification is available at:

An HTML formatted version is also available at:

January 22, 2015
JWK Thumbprint -01 draft incorporating feedback from Jim Schaad

IETF logoThe JSON Web Key (JWK) Thumbprint draft has been updated to incorporate feedback received from Jim Schaad, including defining the JWK Thumbprint computation in a manner that allows different hash functions to be used over time. The specification is available at:

An HTML formatted version is also available at:

January 16, 2015
The JWT, JOSE, and OAuth Assertions drafts have all been sent to the RFC Editor

IETF logoAll of these 9 drafts have now been approved and sent to the RFC Editor:

  1. draft-ietf-jose-json-web-signature
  2. draft-ietf-jose-json-web-encryption
  3. draft-ietf-jose-json-web-key
  4. draft-ietf-jose-json-web-algorithms
  5. draft-ietf-oauth-json-web-token
  6. draft-ietf-jose-cookbook
  7. draft-ietf-oauth-assertions
  8. draft-ietf-oauth-saml2-bearer
  9. draft-ietf-oauth-jwt-bearer

That means that their content is now completely stable and they’ll soon become Internet standards – RFCs. Thanks for all of your contributions in creating, reviewing, and most importantly, using these specifications. Special thanks go to the other spec editors Nat Sakimura, John Bradley, Joe Hildebrand, Brian Campbell, Chuck Mortimore, Matt Miller, and Yaron Goland.

January 16, 2015
Final pre-RFC JOSE drafts

IETF logoNew versions of the JSON Web Signature (JWS) and JSON Web Key (JWK) drafts have been submitted that address a few more IESG comments that were identified by our area director Kathleen Moriarty during her final review of the documents. Thanks to Richard Barnes for working on wording to address his comment on security considerations for binding attributes to JWKs. See the Document History sections for descriptions of the edits, none of which resulted in data structure changes.

The plan is for these documents to be forwarded to the RFC editor. The other related documents have already been approved.

The specifications are available at:

HTML formatted versions are available at:

January 13, 2015
JOSE -40 drafts intended for the RFC Editor

IETF logoThe document shepherd Karen O’Donoghue and I completed a review of all the IESG comments in the IETF data tracker today in preparation for the drafts going to the RFC Editor. This set of drafts addresses all the remaining comments that we thought should be dealt with in the final documents. The only changes were:

  • Clarified the definitions of UTF8(STRING) and ASCII(STRING).
  • Stated that “line breaks are for display purposes only” in places where this disclaimer was needed and missing.
  • Updated the WebCrypto reference to refer to the W3C Candidate Recommendation.

Unless additional issues are identified soon, these should be the drafts that go to the RFC Editor.

The specifications are available at:

HTML formatted versions are available at:

December 30, 2014
JOSE -39 drafts incorporating an additional registry field

IETF logoThese drafts incorporate this additional registry field in the JSON Web Signature and Encryption Algorithms registry, based on a comment by Stephen Farrell, with input from Jim Schaad and Kathleen Moriarty:

Algorithm Analysis Documents(s):


References to publication(s) in well-known cryptographic conferences, by national standards bodies, or by other authoritative sources analyzing the cryptographic soundness of the algorithm to be registered. The designated experts may require convincing evidence of the cryptographic soundness of a new algorithm to be provided with the registration request unless the algorithm is being registered as Deprecated or Prohibited. Having gone through working group and IETF review, the initial registrations made by this document are exempt from the need to provide this information.

This addition is in the document:

An HTML formatted version is also available at:

December 9, 2014
JOSE -38 and JWT -32 drafts addressing the last of the IESG review comments

IETF logoSlightly updated JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) drafts have been published that address the last of the IESG review comments, which were follow-up comments by Stephen Farrell and Pete Resnick. All DISCUSS comments had already been addressed by the previous drafts. The one normative change is that implementations must now discard RSA private keys with an “oth” parameter when the implementation does not support private keys with more than two primes. The remaining changes were editorial improvements suggested by Pete.

The specifications are available at:

HTML formatted versions are available at:

November 21, 2014
A JSON-Based Identity Protocol Suite

quillMy article A JSON-Based Identity Protocol Suite has been published in the Fall 2014 issue of Information Standards Quarterly, with this citation page. This issue on Identity Management was guest-edited by Andy Dale. The article’s abstract is:

Achieving interoperable digital identity systems requires agreement on data representations and protocols among the participants. While there are several suites of successful interoperable identity data representations and protocols, including Kerberos, X.509, SAML 2.0, WS-*, and OpenID 2.0, they have used data representations that have limited or no support in browsers, mobile devices, and modern Web development environments, such as ASN.1, XML, or custom data representations. A new set of open digital identity standards have emerged that utilize JSON data representations and simple REST-based communication patterns. These protocols and data formats are intentionally designed to be easy to use in browsers, mobile devices, and modern Web development environments, which typically include native JSON support. This paper surveys a number of these open JSON-based digital identity protocols and discusses how they are being used to provide practical interoperable digital identity solutions.

This article is actually a follow-on progress report to my April 2011 position paper The Emerging JSON-Based Identity Protocol Suite. While standards can seem to progress slowly at times, comparing the two makes clear just how much has been accomplished in this time and shows that what was a prediction in 2011 is now a reality in widespread use.

November 19, 2014
JOSE -37 and JWT -31 drafts addressing remaining IESG review comments

IETF logoThese JOSE and JWT drafts contain updates intended to address the remaining outstanding IESG review comments by Pete Resnick, Stephen Farrell, and Richard Barnes, other than one that Pete may still provide text for. Algorithm names are now restricted to using only ASCII characters, the TLS requirements language has been refined, the language about integrity protecting header parameters used in trust decisions has been augmented, we now say what to do when an RSA private key with “oth” is encountered but not supported, and we now talk about JWSs with invalid signatures being considered invalid, rather than them being rejected. Also, added the CRT parameter values to example JWK RSA private key representations.

The specifications are available at:

HTML formatted versions are available at:

November 11, 2014
JWK Thumbprint spec adopted by JOSE working group

IETF logoThe JSON Web Key (JWK) Thumbprint specification was adopted by the JOSE working group during IETF 91. The initial working group version is identical to the individual submission version incorporating feedback from IETF 90, other than the dates and document identifier.

JWK Thumbprints are used by the recently approved OpenID Connect Core 1.0 incorporating errata set 1 spec. JOSE working group co-chair Jim Schaad said during the working group meeting that he would move the document along fast.

The specification is available at:

An HTML formatted version is also available at:

Next »