The problem with migrating away from SHA1-based thumbprints is that to do so,
the underlying development platforms used to build JOSE implementations would
also need to do so for the migration at the JOSE level to be useful. In
particular, as Nat pointed out, "x5t" was added to the JOSE specs in the first
place because Windows enables key lookup in the Windows key store using the
SHA-1 thumbprint.
While I'm sensitive to the fact that I'm using Windows as a motivating use case
and I'm a Microsoft employee (so you can discount my remarks relative to this
as you see fit), in practice, you can't look up a key in Windows using any
thumbprint value but the SHA-1 thumbprint. Unless that changes, I doubt that
any migration away from SHA-1 thumbprints will be practical, at least when
using keys in stored in the Windows key store. I believe the same is currently
also true of OpenSSL.
-- Mike
-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Kathleen Moriarty
Sent: Tuesday, May 27, 2014 8:28 AM
To: Matt Miller
Cc: [email protected]
Subject: Re: [jose] JWS Review, SHA 256 thumbprints - was - AD review of
draft-ietf-jose-json-web-algorithms
Thanks for the quick reply. Another argument would be for the ability to drop
SHA1 support eventually. If you move to all SHA2, there is no need to support
the SHA1 code anymore.
On Tue, May 27, 2014 at 11:00 AM, Matt Miller <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> /me dons "XMPP Expert" Hat
>
> There is some desire to use SHA2 but no strong requirement. As far as
> algorithm requirements go, look to [XMPP-TLS], [XEP-0300], and
> [XEP-0320] for the results of the community's more current discussions.
>
>
> - --
> - - m&m
>
> Matt Miller < [email protected] >
> Cisco Systems, Inc.
>
> [XMPP-TLS] Use of Transport Layer Security (TLS) in the Extensible
> Messaging and Presence Protocol (XMPP) <
> http://tools.ietf.org/html/draft-ietf-uta-xmpp-00 > [XEP-0300] Use of
> Cryptographic Hash Functions in XMPP <
> http://xmpp.org/extensions/xep-0300.html > [XEP-0320] Use of DTLS-SRTP
> in Jingle Sessions < http://xmpp.org/extensions/xep-0320.html >
>
> On 5/27/14, 8:42 AM, Kathleen Moriarty wrote:
>> The reviews got a little confused with the responses for SHA1 and
>> SHA2 thumbprints. A couple of people responded supporting Mike's
>> assertion, but I have had others tell me directly, SHA2 would be
>> good.
>>
>> Is there a need to support this for the XMPP community, since they
>> set to SHA256 as a default for certificate fingerprints:
>> http://xmpp.org/extensions/xep-0189.html
>>
>> Thanks, Kathleen
>>
>> On Wed, May 21, 2014 at 9:51 PM, Nat Sakimura <[email protected]>
>> wrote:
>>> ditto here.
>>>
>>> The primary reason for having thumbprint was for finding keys in the
>>> Windows crypto API. Security property must not depend on it.
>>> If it wants to deal with authentication, it should use the keys,
>>> IMHO.
>>>
>>>
>>> 2014-05-22 3:10 GMT+09:00 John Bradley <[email protected]>:
>>>>
>>>> I agree with Mike, many key stores use SHA1 thumbprints. I
>>>> don't know of any security consideration that makes SHA2
>>>> thumbprints better in any practical way.
>>>>
>>>> I don't think that adding SHA 2 thumbprints is something that we
>>>> need to do now.
>>>>
>>>> John B.
>>>>
>>>> On May 1, 2014, at 1:46 PM, Kathleen Moriarty
>>>> <[email protected]> wrote:
>>>>
>>>>>>
>>>>>> Mike> Per your JWS comment, SHA-1 thumbprints are widely
>>>>>> deployed. I’m aware of no SHA-256 certificate thumbprint
>>>>>> deployments. I’ll note that even if SHA-1 were completely
>>>>>> broken, that wouldn’t be a security issue because it’s just being
>>>>>> used to generate a digest of publicly available certificate
>>>>>> information. It’s not being used to cryptographically obscure
>>>>>> anything. (But that’s actually a discussion for another draft. J)
>>>>>>
>>>>>
>>>>> This is in place for the XML equivalents and should be possible
>>>>> for JSON. I used this at least 2 years ago in the XML Oxygen
>>>>> editor. I believe this has been brought up before in terms of
>>>>> JSON, so I am not the first. But it is another draft... I'd like
>>>>> to get through these all soon :-)
>>>>
>>>>
>>>> _______________________________________________ jose mailing list
>>>> [email protected] https://www.ietf.org/mailman/listinfo/jose
>>>>
>>>
>>>
>>>
>>> -- Nat Sakimura (=nat) Chairman, OpenID Foundation
>>> http://nat.sakimura.org/ @_nat_en
>>
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - https://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBCgAGBQJThKiWAAoJEDWi+S0W7cO1RT0H/115y7u4qLZbWNTC23/dZhNa
> cvH47z2l+cL5KEEKLCFlx3NNgDFYZMabZc9NfTnHYxs0oRw8HQ48B5UubDp/wOgL
> E35wM4k7+Qsdl+UuiQR86Xu6JRc/9NW8ov4dTSk80TN64AltEtvjyFCO1cN9Zs89
> 6x/LBtgxrvjhsze4R+LnwWnm/+lXswME01wK8mZTCl0tY753Ca8FtRoAeLb51f4S
> YwGolRZ8bSRv5waZhupxV/crMeWUFbEsSKQePqrnH7R0O6EzKEI8qZuYc1BsoQ1a
> EyhHkeElAmJ71qfvBRzLMM6xTA+AGGVtmQG5msm2ETyTiJ4b1ASfG5EHXU1KYVE=
> =bDGF
> -----END PGP SIGNATURE-----
--
Best regards,
Kathleen
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
