Internet-Draft | PIKA | July 2024 |
Barnes & Goldberg | Expires 9 January 2025 | [Page] |
A relying party verifying a JSON Web Token (JWT) needs to verify that the public key used to verify the signature legitimately represents the issuer represented in the "iss" claim of the JWT. Today, relying parties commonly use the "iss" claim to fetch a set of authorized signing keys over HTTPS, relying on the security of HTTPS to establish the authority of the downloaded keys for that issuer. The ephemerality of this proof of authority makes it unsuitable for use cases where a JWT might need to be verified for some time. In this document, we define a format for Proofs of Issuer Key Authority, which establish the authority of a key using a signed object instead of an HTTPS connection.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://bifurcation.github.io/redistributable-jwks/draft-barnes-oauth-redistributable-jwks.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/.¶
Discussion of this document takes place on the Web Authorization Protocol Working Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/oauth/. Subscribe at https://www.ietf.org/mailman/listinfo/oauth/.¶
Source for this draft and an issue tracker can be found at https://github.com/bifurcation/redistributable-jwks.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 9 January 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
A relying party verifying a JSON Web Token (JWT) [RFC7519] needs to verify that the public key used to verify the signature legitimately represents the issuer represented in the "iss" claim of the JWT.¶
Today, relying parties commonly use the iss
claim to fetch a set of authorized
signing keys over HTTPS, relying on the security of HTTPS to establish the
authority of the downloaded keys for that issuer. For example, in OpenID
Connect Discovery [OIDC-Discovery], the iss
claim is used to form a URL
from which issuer metadata is downloaded over HTTPS. The issuer's JWK set is
linked via the jwks_uri
field in the metadata. The SD-JWT-VC specification
describes a similar HTTPS-based mechanism for discovering the valid keys for an
issuer (see Section 5 of [I-D.ietf-oauth-sd-jwt-vc]).¶
These HTTPS-based authority mechanisms are "live", in the sense that they can only prove the authority of a key to someone who does an HTTPS transaction with the relevant server. The fact that the server needs to be reachable and responsive at the time the JWT is being validated is a serious limitation in some use cases, two examples of which are given below.¶
In this document, we define Proofs of Issuer Key Authority (PIKA), a format for a redistributable proof of authority for an issuer key. As in OIDC and SD-JWT-VC, we assume that issuers are identified by HTTPS URLs, or at least by domain names. A PIKA is then simply a JWT whose payload contains the issuer key in question, and whose header contains an X.509 certificate proving that the PIKA-signing key is authoritative for the issuer's domain name.¶
This design preserves the same trust model as in the HTTPS-based proof of authority; it just swaps the signature in the TLS handshake underlying HTTPS for an object signature. PIKAs are thus "redistributable" in the same sense that an intermediate certificate would be, so that they can be verified without the issuer being online and reachable.¶
We also define a simple syntax for referencing PIKAs keys in metadata documents such as OIDC Discovery metadata and SD-JWT-VC issuer metadata.¶
In applications using MLS for end-to-end security, endpoints can authenticate to each other using Verifiable Credentials (VCs) [I-D.barnes-mls-addl-creds]. These VCs are formatted as JWTs. In such applications, HTTPS-based proof of authority is an availability risk to the application and to the VC issuer.¶
The risk to the application is clear: A client joining an MLS group needs to validate the credentials of their peers. If part of that process entails making an HTTPS query to validate the authority of the keys used to sign their peers' credentials, and the relevant HTTPS server is down, then the client will not be able to join the group and use the application. Worse, since different peers may have credentials from different issuers, an outage at any one of those issuers can cause downtime for the application.¶
The use of HTTPS to validate authority also creates unnecessary load on the VC issuer. Consider, for example, an MLS-based video conference with 1,000 participants presenting credentials from 10 different issuers, all of whom join at the start of the meeting. This situation would create a spike of around 10,000 HTTPS requests to the VC issuer.¶
With PIKAs, the clients in a meeting can bundle the proof of authority along with their VC, avoiding the need for any HTTPS interaction with the issuer at all.¶
Some applications are interested in verifying historical signatures. For example, a container registry might wish to demonstrate that a container was signed by its author at some time in the past.¶
Live HTTPS-based proofs of authority are fundamentally incompatible with these applications, since the proof of authority they produce cannot be preserved and reused later. With PIKAs, a trusted timestamping authority is all that is needed to achieve the desired properties.¶
Suppose the registry stores the following information for each container:¶
A signature by the container author over the container¶
A JWT attesting to the container author's identity and public key, e.g., a Verifiable Credential or an OpenPubkey PK Token [OpenPubkey]¶
A PIKA providing the JWT issuer's key and proving its authority for the issuer¶
An assertion by the timestamping authority that all of the above artifacts existed at a time in the past when they were all valid¶
Based on the timetamping authority's assertion, a relying party can validate that at the specified time, the container was signed by an author with the specified identity, and that the identity was asserted by the specified issuer.¶
An alternative design discussed in Section 3.5 of [I-D.ietf-oauth-sd-jwt-vc] is to simply sign the based JWT with an X.509 certified keys. This design has a few drawbacks relative to the design described here:¶
First, it changes the trust model relative to HTTPS-based proof of authority. The issuer JWT-signing key is removed as an intermediate step. This makes it more difficult for this design to coexist with HTTPS-based proof of identity.¶
Second, it removes flexibility that allows for efficiency. The extra data of the X.509 certificate chain has to be sent every time the base JWT is sent. Allowing the two to be decoupled allows for more flexible caching schemes.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
A related problem arises from the fact that PIKAs are signed with the same sort of certificates that are used in HTTPS, i.e., certficiates that attest to domain names. An OP's web servers will be facing the Internet, and thus at greater risk of compromise than a more highly protected server in the OP's infrastructure. Compromising an OP's web server could provide the attacker with access to the signing key with which they could issue a bogus PIKA for the OP, containing an attacker-chosen public key.¶
NOTE: There are several ways to mitigate this risk:¶
We could make PIKA-signing certificates distinct from HTTPS certs, e.g., by means of a new extKeyUsage (EKU) value. This would be a significant deployment barrier, since CAs would have to be willing to issue the PIKA-compatible certificates.¶
We could use a distinct domain name for PIKA-signing certs, so that an OP
would be unlikely to create a cert for that domain name other than for PIKA
signing. For example, the validation rules could require the certificate to
authenticate _pika.example.com
instead of example.com
for the issuer URL
https://example.com/oauth2/
.¶
TODO acknowledge.¶