search

w3c / vc-jose-cose

Verifiable Credentials Working Group — VC JSON Web Tokens specification
https://w3c.github.io/vc-jose-cose/
Other
30 stars 9 forks source link

Detached payloads can be used #292

Open selfissued opened 3 weeks ago

selfissued commented 3 weeks ago

Fixes #278

Also updated the SD-JWT terminology to use the term "JWT Claims Set", which the SD-JWT spec now does.

Preview | Diff

selfissued commented 3 weeks ago

I'm fine with the working group discussing it, but the underlying facts of the situation are that both JWS and COSE support detached payloads. Therefore, this PR is editorial, in that it doesn't change the normative meaning of the specification or add any functionality that didn't already exist.

What it does do is remove any ambiguity that may be in people's minds about this functionality already existing and being usable with Verifiable Credentials.

As for security, there's nothing less secure about signing detached content than attached content. In both cases, you continue processing the input only if the signature validates.

iherman commented 3 weeks ago

The issue was discussed in a meeting on 2024-08-21

View the transcript ### 5. Detached payloads can be used (pr vc-jose-cose#292) _See github pull request [vc-jose-cose#292](https://github.com/w3c/vc-jose-cose/pull/292)._ **Gabe Cohen:** It came to my attention that there's a PR in JOSE-COSE that we should discuss. **Michael Jones:** Ambiguity around using detached signatures. If we do nothing, we can use detached signatures. That said, readers would be better served for us to repeat what's in the underlying specifications. It's not normative, because it doesn't change the meaning of the spec. **Manu Sporny:** The reason this surprised me is because I don't think we use detached signatures anywhere else in the ecosystem. … We see a very large payload followed by a very small signature payload without reference to the original. … I don't understand what the use case for that is. … If we're going to support this, we probably need to talk about how that signature is associated with the payload. … It feels like it could lead to a number of security concerns. I want to know what the concrete use case is. … If there is a valid use case, then we need to make sure that we have thought about the implications of just doing a detached signature. Are we going to provide any guidance at all? **Michael Jones:** I also answered the security question in the issue that it's no less secure than including it in the payload, because if it doesn't validate, detached or not, we can't proceed. How do we associate the payload with the container? We don't do protocols, and that's a protocol feature. … There are plenty of cases in the real world where there is data in various channels and you want to validate that it's correct. It's out of scope for us to say how a signature is transmitted or checked against a piece of data. **Joe Andrieu:** In the way that we're using the detached payload, what's going over the wire has a media type of application/vc, but because it's detached, it's not going with the payload. What do we call that thing that's securing that data, that is not a VC? **Ivan Herman:** Without going technical, it's a procedural thing. My understanding is that the fact of having the detached signature is something that the standard allows. … If we do not want that, we have to actively in the standard disallow it, which I think would be a heavy thing from our side to do. It's out there, it's the user's business to make sure it's secure, it's not our responsibility. **Michael Jones:** That's correct, and likewise COSE defines the mechanism for detached signature. **Manu Sporny:** I haven't yet heard a use case where we need to use detached signatures. It's really hard to analyze the usefulness until we have them. I have concerns, because in our COSE examples, we're going to be showing how to secure things, and we will be showing detached signatures, but we don't have a media type for it and we don't know how to. > *Kevin Dean:* associate it with the original payload. **Manu Sporny:** There are a number of questions. We shouldn't put a number of examples if the group isn't using it. Others can use it and other mechanisms, but we don't have examples in the spec because we haven't got concrete use cases. … I'm fine with staying silent on it, not with putting examples throughout the specifications. **Michael Jones:** This PR doesn't change the examples, nor am I proposing to do so. One of the technical reasons in JOSE for using detached signatures is that you can use the unencoded payload option, which means you never have to Base64 encode the payload. If you have an authenticated way to transmit the payload between parties, that's outside the scope of what we specify. We get the size savings of not doing the encoding. That is a use case. > *Joe Andrieu:* seems like Mike's payload is not a VC, as in application/vc, but something else. **Manu Sporny:** I would be find with us staying silent on it. Someone out there that is implementing this would be good to hear from. … It raises a whole bunch of other questions that have not been answered. **Gabe Cohen:** We do use detached payloads. We haven't explored COSE yet, but will ask my team.