incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: Cryptograhically signed docs...
Date Fri, 06 Jul 2012 16:37:08 GMT

On Jul 5, 2012, at 9:31 AM, Jim Klo wrote:

> That's one area where I think your proposal is lacking is that there's not really a method
to exclude fields from the signature except via underscore fields. The key thing to note is
we had a document model before object signing requirement; so we had to design a signature
solution that was additive in order to not change object model field names for risk of blowing
backwards compatibility.

It's definitely possible to do this, at the cost of complicating the spec. Two possibilities:

(a) Add optional (mutually exclusive) 'include' and 'exclude' properties of the 'signature'
property; they would contain arrays of strings naming top-level properties. If 'include' is
present, only the named properties are signed; if 'exclude', the named properties are not
signed.

or

(b) Allow the 'signature' property to appear below the top level of a document. If it's in
a nested object, the signature applies only to that object. (This is nice in that it allows
multiple signed objects to be combined in a document; but it requires validation to search
recursively through the whole document for 'signature' properties.)

> If you haven't been following IETF's JOSE, you should take a look at it http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/?include_text=1
 It's not very CouchDB friendly

I looked at it briefly; it seems pretty lame. The major flaw is that it doesn't specify how
to canonicalize JSON, so it's really only useful for signing strings. (Of course you can encode
the JSON as a string, but then it's 'dead' and not part of the document. This may be what
you mean by 'not very CouchDB friendly'.) The other weird thing I noticed is that they insist
on base64 encoding data before signing it, which is totally pointless and makes me wonder
how much these people understand about cryptography.

> FWIW canonical JSON is very difficult to make portable (ordered maps aren't supported
across many languages)

You just need to define an ordering for the keys in a dictionary, as I did. Then you write
a simple JSON encoder that sorts the keys before writing them out.

—Jens
Mime
View raw message