Comments on: Cloudy Identity http://jens.mooseyard.com/2008/04/cloudy-identity/ Little boxes made of words, by Jens Alfke Sun, 14 Mar 2010 11:32:26 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Sam Roberts http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2583 Sam Roberts Sat, 03 May 2008 18:05:19 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2583 You don't have to canonicalize data to sign it. Canonicalization code is usually buggy, and causes interop problems. Standards developers like it, because they define a signature over an abstraction. Unfortunately, abstractions aren't crptographically digestable, only bit sequences, but rather than admitting this, they go down the canonicalization route. Aka "the long road to hell that starts in a green and peaceful valley". I worked with large PKI toolkits written under the assumption that you could actually read signed DER (s/mime and x509) into internal data structures, then write it out, and the signatures would match. That assumption was wrong in the Real World (TM). What we eventually found was that even if it works with perfectly encoded data, the approach doesn't work with badly encoded data. In your case, if somebody uses a leading TAB when your canonical rule says it should be 4 spaces, and they sign it, the signature will be valid. Until you read the data, then write it out again reformatting it correctly. People will report bugs to you, and you will tell them their data is wrong, and its not your fault. There are lots of symptoms of this. x.509 cert numbers encoded as negative numbers, unwittingly, there are a dozen DER string types, most programming languages only support 2, and neither are ancient teletype character sets, extensions that aren't supported by the decoding app, so it doesn't handle them and write them correctly. etc. Then they will tell you that the data was output by a 3rd party vendor they have no control over, and that it works with product X, and they aren't going to buy your toolkit anymore... Oops. But at least you have the comfort of being "right". Anyhow, short story is that robust commercial cryptographic toolkits do NOT modify signed data. They decode it into internal data structures so they can query it, but they keep the original data around in it's original encoding, and when they need the encoded representatio of the data, they use the original. Marshall Rose talks about this in the BEEP justification RFC, IIRC, where he talks about it as playing telephone. Ok, back to my own projects. Cheers You don’t have to canonicalize data to sign it. Canonicalization code is usually buggy, and causes interop problems. Standards developers like it, because they define a signature over an abstraction. Unfortunately, abstractions aren’t crptographically digestable, only bit sequences, but rather than admitting this, they go down the canonicalization route. Aka “the long road to hell that starts in a green and peaceful valley”.

I worked with large PKI toolkits written under the assumption that you could actually read signed DER (s/mime and x509) into internal data structures, then write it out, and the signatures would match. That assumption was wrong in the Real World (TM).

What we eventually found was that even if it works with perfectly encoded data, the approach doesn’t work with badly encoded data. In your case, if somebody uses a leading TAB when your canonical rule says it should be 4 spaces, and they sign it, the signature will be valid. Until you read the data, then write it out again reformatting it correctly. People will report bugs to you, and you will tell them their data is wrong, and its not your fault. There are lots of symptoms of this. x.509 cert numbers encoded as negative numbers, unwittingly, there are a dozen DER string types, most programming languages only support 2, and neither are ancient teletype character sets, extensions that aren’t supported by the decoding app, so it doesn’t handle them and write them correctly. etc.

Then they will tell you that the data was output by a 3rd party vendor they have no control over, and that it works with product X, and they aren’t going to buy your toolkit anymore… Oops. But at least you have the comfort of being “right”.

Anyhow, short story is that robust commercial cryptographic toolkits do NOT modify signed data. They decode it into internal data structures so they can query it, but they keep the original data around in it’s original encoding, and when they need the encoded representatio of the data, they use the original.

Marshall Rose talks about this in the BEEP justification RFC, IIRC, where he talks about it as playing telephone.

Ok, back to my own projects.

Cheers

]]> By: Superdotman http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2576 Superdotman Thu, 17 Apr 2008 02:50:06 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2576 Half the stuff here is technobabble to me, and I'm excited anyway. Do go on! Half the stuff here is technobabble to me, and I’m excited anyway. Do go on!

]]> By: ydna (LJ) http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2582 ydna (LJ) Wed, 16 Apr 2008 20:00:57 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2582 No need to quote the word thrilling! I'm on the edge of my seat waiting for the next chapter. I'm am just loving watching the layers being peeled back. It's like a nerdy mystery novel. Gosh! What will Jens do next? Arbitrary objects are afoot and they have a calling card! No need to quote the word thrilling! I’m on the edge of my seat waiting for the next chapter. I’m am just loving watching the layers being peeled back. It’s like a nerdy mystery novel. Gosh! What will Jens do next? Arbitrary objects are afoot and they have a calling card!

]]> By: Jens Ayton http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2581 Jens Ayton Wed, 16 Apr 2008 18:32:19 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2581 The use of numbers for <i>stat</i>, <i>algorithm</i> and <i>format</i> strike me as a bit of a wart. String identifiers would be my preference for that sort of thing, for much the same reason as constants or enums in code. It also provides a straightforward path for decentralized extensions to the system. Nice stuff apart from that, though. The use of numbers for stat, algorithm and format strike me as a bit of a wart. String identifiers would be my preference for that sort of thing, for much the same reason as constants or enums in code. It also provides a straightforward path for decentralized extensions to the system.

Nice stuff apart from that, though.

]]> By: Gordon Meyer http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2580 Gordon Meyer Wed, 16 Apr 2008 15:09:42 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2580 Nicely written, Jens. Thanks for the education and I'm looking forward to the next installment. Nicely written, Jens. Thanks for the education and I’m looking forward to the next installment.

]]> By: Jeff LaMarche http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2579 Jeff LaMarche Wed, 16 Apr 2008 14:10:25 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2579 This is very cool stuff, Jens... I can't wait to se what the front end of this thing looks like. I'm forming ideas of what it might be, but they're probably a bit off-base.... Thanks again for sharing! This is very cool stuff, Jens… I can’t wait to se what the front end of this thing looks like. I’m forming ideas of what it might be, but they’re probably a bit off-base….

Thanks again for sharing!

]]> By: Eben Bruyns http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2578 Eben Bruyns Wed, 16 Apr 2008 08:27:08 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2578 I think I can see where you are heading with this, it's got me thinking in a million different directions and you potentially have something great on your hands here. Keep the info coming, I hope I'm right about what you're doing, exciting to say the least!!! I think I can see where you are heading with this, it’s got me thinking in a million different directions and you potentially have something great on your hands here.

Keep the info coming, I hope I’m right about what you’re doing, exciting to say the least!!!

]]> By: Elliott Harris http://jens.mooseyard.com/2008/04/cloudy-identity/comment-page-1/#comment-2577 Elliott Harris Wed, 16 Apr 2008 07:27:19 +0000 http://mooseyard.com/Jens/2008/04/cloudy-identity/#comment-2577 The plot thickens! Interesting use of YAML, I'd really like to see that YAML-Cocoa interface of yours. ;) Can't wait for the next part -- it's building and building, like some kind of wicked nerdy novel. And the teaser! Profiles, Neighbors, and Relationships? Delicious. Also, welcome back to Twitter. :) The plot thickens! Interesting use of YAML, I’d really like to see that YAML-Cocoa interface of yours. ;) Can’t wait for the next part — it’s building and building, like some kind of wicked nerdy novel.

And the teaser! Profiles, Neighbors, and Relationships? Delicious.

Also, welcome back to Twitter. :)

]]>