Messaging Layer Security Credentials using Selective Disclosure JSON and CBOR Web Tokens

Messaging Layer Security Credentials using Selective Disclosure JSON and CBOR Web Tokens Rohan Mahy Consulting Services

rohan.ietf@gmail.com

Security Messaging Layer Security MLS credential SD-CWT SD-KBT SD-JWT key binding selective disclosure The Messaging Layer Security (MLS) protocol contains Credentials used to authenticate an MLS client with a signature key pair. Selective Disclosure CBOR Web Tokens (SD-CWT) and Selective Disclosure JSON Web Tokens (SD-JWT) define token formats where the holder can selectively reveal claims about itself with strong integrity protection and cryptographic binding to the holder's key. This document defines MLS credentials for both these token types. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the Messaging Layer Security Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction This document defines new MLS credential types for SD-CWT and SD-JWT tokens respectively. The SD-CWT Credential contains a Selective Disclosure Key Binding Token (SD-KBT). The SD-JWT Credential contains an SD-JWT with Key Binding (SD-JWT+KB), which could be represented in the traditional data format, or in a more compact binary encoding. The "holder" of one of these tokens could be the MLS client including the token in its Credential in its LeafNode (in a group or in a KeyPackage) or in an ExternalSender structure.

Note: It is not necessary for an AS to selectively disclose any claims. In other words, an Identity Provider that normally generates JWT or CWT web tokens could generate the same claim set, as long as the confirmation key is included and verified by the issuer.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The term Credential is used as defined in . The terms MLS Distribution Service (DS) and MLS Authentication Service (AS) are used as defined in . The terms MLS client, MLS group, LeafNode, KeyPackage, PublicMessage, PrivateMessage, ratchet tree, and GroupInfo are likewise common MLS terms defined in .

New MLS Credential types This document extends the list of defined CredentialTypes in MLS to include sd_cwt and sd_jwt types. Additional syntax and semantics are defined in the following subsections. ; case x509: Certificate certificates; ... case sd_cwt: opaque sd_kbt; case sd_jwt: SdJwt sd_jwt; }; } Credential; ]]> The MLS architecture describes the Authentication Services as having the following three services (i.e. requirements):

Issue credentials to clients that attest to bindings between identities and signature key pairs
Enable a client to verify that a credential presented by another client is valid with respect to a reference identifier
Enable a group member to verify that a credential represents the same client as another credential

The consequence of this is that the consumer of the SD-CWT or SD-JWT needs to be able to determine both the MLS client, and the application identity referred to in a token, in a Credential.

MLS SD-CWT Credential An MLS SD-CWT Credential contains a single SD-KBT, containing an SD-CWT in the KBT protected header. The SD-CWT contains zero of more disclosures; if there are any disclosures they appear in the sd_claims header field, otherwise the header field is absent. Any party that can view the credential can read the disclosed claims. For example if LeafNodes are visible to the MLS DS, because MLS handshake messages are conveyed via PublicMessage, the disclosed claims would also be visible to the DS. The SD-CWT inside the credential MAY include zero or more encrypted disclosures (in the sd_encrypted_claims header field if any encrypted disclosures are present). Each encrypted disclosure is separately AEAD encrypted with a per-disclosure unique ephemeral key and salt. The per-disclosure encryption key allows the holder/MLS client to disclose an element to a specific subset of members, or (in the common case when the DS is privy to the ratchet tree) only to members of the group. A proof of concept to decrypt encrypted disclosures only for members of the group is described in . The audience in the SD-KBT is either a representation of the MLS group, or a higher-level application structure associated with an MLS group or tightly-coupled collection of groups (for example, a chat room which maintains one MLS group for the main discussion and another for moderators to discuss the moderation of the room) such that being in one group without the collection would be nonsensical. The subject in the SD-CWT represents a specific MLS client (for example a COSE key thumbprint, or a client ID URI such as a mimi: client URI as described in ). It should not use an identifier which represents multiple signature key pairs of the same type, or represents the same "user" on multiple devices. The SD-CWT MAY contain other claims which represent a distinct "user" identity. Using the MLS signature key as the confirmation key is encouraged. In this case, the confirmation key MAY be expressed using the COSE Key Thumbprint confirmation method.

MLS SD-JWT Credential The SD-JWT Credential can be represented in the classic SD-JWT+KB data format defined in (shown below), or in a more compact binary representation. MLS SD-JWT Credentials MUST include the Key Binding. The classic format uses only characters from the unpadded base64url character set (Section 5 of ) plus the period (.) character to separate the three parts of the Issuer-signed JWT, and the tilde (~) character to separate disclosures from the other components.

SD-JWT+KB in classic format ~~~...~~ ]]> This document also defines a "compacted" format where each of the components of the Issuer-signed JWT, every Disclosure, and the KB-JWT are base64url decoded and stored in individual fields in the SdJwt struct. ; opaque payload; opaque signature; SdJwtDisclosure disclosures; opaque sd_jwt_key_binding; case false: opaque sd_jwt_kb; }; } SdJwt; enum { false(0), true(1) } Bool; ]]>

The compacted variant allows implementations to tradeoff reduced size for the extra processing cost of base64url encoding and decoding the Credential.

Security Considerations The privacy considerations in SD-CWT, SD-JWT, and MLS apply. TODO more security.

Privacy Considerations The privacy considerations in SD-CWT and SD-JWT apply. The privacy considerations of MLS are largely discussed in . TODO more privacy.

IANA Considerations This document requests IANA to add the following entries to the MLS Credential Types registry. Please replace RFCXXXX with the RFC of this document.

SD-CWT Credential

Value: 0x0005 (suggested)
Name: sd_cwt
Recommended: Y
Reference: RFCXXXX

SD-JWT Credential

Value: 0x0006 (suggested)
Name: sd_jwt
Recommended: Y
Reference: RFCXXXX

References Normative References The Messaging Layer Security (MLS) Protocol Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands. Selective Disclosure CBOR Web Tokens (SD-CWT) mesur.io Tradeverifyd Fraunhofer SIT This specification describes a data minimization technique for use with CBOR Web Tokens (CWTs). The approach is inspired by the Selective Disclosure JSON Web Token (SD-JWT), with changes to align with CBOR Object Signing and Encryption (COSE) and CWTs. Selective Disclosure for JSON Web Tokens This specification defines a mechanism for the selective disclosure of individual elements of a JSON data structure used as the payload of a JSON Web Signature (JWS). The primary use case is the selective disclosure of JSON Web Token (JWT) claims. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. The Messaging Layer Security (MLS) Architecture The Messaging Layer Security (MLS) protocol (RFC 9420) provides a group key agreement protocol for messaging applications. MLS is designed to protect against eavesdropping, tampering, and message forgery, and to provide forward secrecy (FS) and post-compromise security (PCS). This document describes the architecture for using MLS in a general secure group messaging infrastructure and defines the security goals for MLS. It provides guidance on building a group messaging system and discusses security and privacy trade-offs offered by multiple security mechanisms that are part of the MLS protocol (e.g., frequency of public encryption key rotation). The document also provides guidance for parts of the infrastructure that are not standardized by MLS and are instead left to the application. While the recommendations of this document are not mandatory to follow in order to interoperate at the protocol level, they affect the overall security guarantees that are achieved by a messaging application. This is especially true in the case of active adversaries that are able to compromise clients, the Delivery Service (DS), or the Authentication Service (AS). The Base16, Base32, and Base64 Data Encodings This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK] Informative References *** BROKEN REFERENCE *** More Instant Messaging Interoperability (MIMI) using HTTPS and MLS Cisco The Matrix.org Foundation C.I.C. Phoenix R&D Rohan Mahy Consulting Services The Matrix.org Foundation C.I.C. Phoenix R&D This document specifies the More Instant Messaging Interoperability (MIMI) transport protocol, which allows users of different messaging providers to interoperate in group chats (rooms), including to send and receive messages, share room policy, and add participants to and remove participants from rooms. MIMI describes messages between providers, leaving most aspects of the provider-internal client- server communication up to the provider. MIMI integrates the Messaging Layer Security (MLS) protocol to provide end-to-end security assurances, including authentication of protocol participants, confidentiality of messages exchanged within a room, and agreement on the state of the room.

Acknowledgments Thanks to Richard Barnes for his comment.