vcarddav D. Boese Internet-Draft Intended status: Standards Track Expires: Mar 1, 2014 Aug 31, 2013 vCard Format Extensions : Signed vCards draft-boese-vcarddav-signedvcard-01 Abstract The base vCard 4.0 specification defines a large number of properties. This specification adds two new parameters and six new properties to vCard 4.0, which allow the use of cryptography and public-key infrastructure (PKI) for identity assertion. Note Discussion and suggestions for improvement are requested, and should be sent to vcarddav@ietf.org. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 1, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Boese Expires March 1, 2013 [Page 1] Internet-Draft Signed vCards August 2013 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 1.1. Terminology Used in This Document 2. Version Extension 3. Identification Parameter Extensions 3.1. Parameter: CONFIDENCE 3.2. Parameter: DATE 4. Identification Property Extensions 4.1. Property: PREFERRED-ID 4.2. Property: AUTHORITY 4.3. Property: SOCIALMEDIA 4.1. Property: HASH 4.2. Property: HASHKEY 4.3. Property: HASHLIST 5. Example: Author's vCard 6. Security Considerations 7. IANA Considerations 8. Acknowledgements 9. Normative References Authors' Addresses 1. Introduction The base vCard 4.0 specification defines a large number of properties. This specification adds two new parameters and six new properties to vCard 4.0, which allow the use of cryptography and public-key infrastructure (PKI) for identity assertion. Online identities are often much more complicated than having a single email address in one's PGP key identity field, and adding a surprisingly small number of items to the vCard format can allow for vCards to cover a much more comprehensive range of them. vCard is the source for several other formats, such as hCard and jCard, which contain the same information in a different format. This creates some difficulty in writing a canonical text-string to compare against a cryptographic hash. This problem is solved by including enough information to reconstruct a partial vCard, no matter what format that information is saved in; and that partial vCard will be what is compared against the hash. Boese Expires March 1, 2013 [Page 2] Internet-Draft Signed vCards August 2013 Several other properties and parameters are added, to make it easier for users to assert various aspects of their identity, to revoke other aspects, and to integrate with webs-of-trust, up to the point of Signed vCards being able to be used as the basis for an ad-hoc mesh-networked certificate authority system. (A protocol based on webfist, but without webfist's reliance on DKIM-verified email addresses as identification strings, is one possibility.) 1.1. Terminology Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Syntax specifications shown here use the augmented Backus-Naur Form (ABNF) as described in [RFC5234], and are specified as in the base vcard specification [RFC6350]. 2. Version Extension. Simplistically, Signed vCards have an 's' in the version number. More complicatedly: The 's' is meant as a signal that a vCard interpreter needs to include crypto libraries to fully interpret all the information in the vCard. Thus, a vCard which is compatible with the fields here MAY have an 's'; a vCard which includes the HASH property MUST have an 's'. In order to prevent confusing a revocation of a part of an identity with an assertion, a vCard which uses a negative number in a CONFIDENCE field also SHOULD have an 's'. 3. Identification Parameter Extensions 3.1. Parameter: CONFIDENCE Namespace: Parameter name: CONFIDENCE Purpose: To specify the confidence of the authority that the information of the given parameter is accurate, measured in decibans. Value type: A single number, usually an integer. Boese Expires March 1, 2013 [Page 3] Internet-Draft Signed vCards August 2013 Description: A CONFIDENCE value of 0 decibans indicates odds of 1:1 (ie, 50%) that the information is correct. A change of 10 decibans changes the odds by a factor of 10; 10 decibans means 1:10 odds (~90%), 100 decibans 1:100 odds (~99%), -10 decibans 10:1 odds against (~10%). A change of 1 deciban is roughly equivalent to changing the odds by a factor of 5:4. Given human factors, it is rare for hand-typed data to be able to have a CONFIDENCE that every single bit is accurate of more than 50 decibans. Given that at least one out of roughly ten billion people is thoroughly disconnected from reality, it's very difficult for a human to have more than 100 decibans of confidence in anything, even that H2O is a useful description of water. Examples: BIRTHPLACE;CONFIDENCE=50:Winnipeg, Manitoba, Canada ABNF: confidence-param = "CONFIDENCE=" (INTEGER / FLOAT) 3.2. Parameter: DATE Namespace: Parameter name: DATE Purpose: To identify the particular moment, or the period of time, for which the property's value is being described. Value type: A date, or a time, or a date-time, or a period of time (from ISO 8601). Description: An ISO 8601 date, time, date-time, or period, for the property for which is being described. Eg, if an email address is being described for the year 2012, then the corresponding DATE could have the value 2012-01-01/P1Y. DATE can be combined with the existing GEO parameter for full four-dimensional time-and-space locations, such as to indicate that a person was in a particular place at a particular time. Boese Expires March 1, 2013 [Page 4] Internet-Draft Signed vCards August 2013 CONFIDENCE and DATE can be combined for identity revocation. Eg: EMAIL;DATE=2012-01-01/P1Y;CONFIDENCE=50:example@example.com EMAIL;DATE=2013-01-01;CONFIDENCE=-50:example@example.com would indicate that the given email address is/was/will-be in use for all of 2012, but cease to be used as of 2013. ABNF: DATE-param = "DATE=" date-tag date-tag = instant-tag / period-tag instant-tag = date-and-or-time ; from RFC 6350 section 4.3.4 period-tag = date-and-or-time"/"date-and-or-time / date-and-or-time"/"duration-tag / duration-tag"/"date-and-or-time / duration-tag duration-tag = "P" *1(1*DIGIT"Y") *1(1*DIGIT"M") *1(1*DIGIT"D") *1("T" *1(1*DIGIT"H") *1(1*DIGIT"M") *1(1*DIGIT"S") ) / "P" 1*DIGIT "W" / "P" year month day "T" hour minute second / "P" year"-"month"-"day "T" hour":"minute":"second ; translation of ISO 8601 periods into ABNF ; https://en.wikipedia.org/wiki/ISO_8601#Durations 4. Identification Property Extensions 4.1. Property: PREFERRED-ID Namespace: Property name: PREFERRED-ID Boese Expires March 1, 2013 [Page 5] Internet-Draft Signed vCards August 2013 Purpose: To list, in preferential order, which of the other fields (or which other data) the authority suggests should be used for sorting and identification purposes. Value type: One or more of the following, comma-separated: The name of a vCard property, with as many parameters are required to uniquely identify it; or a literal string, enclosed in quotes. Property parameters: DATE, GEO, CONFIDENCE Description: Given that some vCards have email addresses and some don't; some have UIDs; some have Twitter handles; etc; there doesn't seem to be any practical way to declare that one particular sort of field must to be used as a canonical ID-string. Implementing full-fledged authentication systems becomes easier by declaring which string are most useful to be used as such. Eg, "The UID is the preferred ID-string; but if your particular system doesn't handle that, you could use the email address instead, or failing that, the nickname." As a practical example; the webfist protocol uses email addresses as canonical ID strings, which, with a bit of hash function trickery, allows for relatively easy lookups in the webfist ID database. Having even just a short list of potential ID-strings could allow, if nothing else, all of them to be hashed into a similar database, so that in the future, someone seeking to authenticate that identity can lookup whichever one of those strings they happen to have available to them. ABNF: PREFERRED-ID-param = "VALUE=text" PREFERRED-ID-value = component *("," component) 4.2. Property: AUTHORITY Namespace: Property name: AUTHORITY Purpose: To identify which authority is the one responsible for the vCard's data (which may or may not be the same as the person or group described in the vCard itself, or as the person or group which Boese Expires March 1, 2013 [Page 6] Internet-Draft Signed vCards August 2013 publishes the vCard). Value type: A single text value Description: A text field describing the entity issuing the vCard, or who makes the claim that the data within it is accurate. If a vCard is available describing the authority, then if possible, the value of the AUTHORITY field should contain an entry from the authority's card's PREFERRED-ID property. This allows chains of vCards authenticating each other, in the manner of certificate authorities. ABNF: AUTHORITY-param = "VALUE=text" AUTHORITY-value = text 4.3. Property: SOCIALMEDIA Namespace: Property name: SOCIALMEDIA Purpose: To list a social profile which the subject of the vCard is associated with. Value type: A URI or a text value. Description: For SOCIALMEDIA, the TYPE parameter is a comma-separated list of values, which aren't limited to a particular list, but can include "blog", "profile", "im", the names of particular services, and so on. If the value of SOCIALMEDIA is not a well-formed URI, but the TYPE includes a social media service, then the value is assumed to be some form of personal identifier (such as a username) in whatever format that social profile provider prefers. That is, all of these would be valid: SOCIALMEDIA;TYPE=twitter:http://twitter.com/TwitterHandle SOCIALMEDIA;TYPE=twitter:@TwitterHandle SOCIALMEDIA;TYPE=twitter:TwitterHandle Boese Expires March 1, 2013 [Page 7] Internet-Draft Signed vCards August 2013 General recommendation: Company websites and personal homepages should continue to use the URL property, while everything else should use the SOCIALMEDIA property. ABNF: SOCIALMEDIA-param = "TYPE=" social-media-type social-media-type = "rss" / "atom" / "feed" / "homepage" / "profile" / "content" / "blog" / "gallery" / text ;social-media-type MUST NOT be used with a property other than ;SOCIALMEDIA. SOCIALMEDIA-value = text 4.4. Property: HASH Namespace: Property name: HASH Purpose: Contains an ASCII-armored version of the cryptographic hash. Value type: A single text value Description: An ASCII-armored hash, containing a cryptographic signature of a text stream consisting of the properties and values listed in HASHLIST. If no HASHLIST property is present, then it should be assumed that every property and value, save for HASH itself, are included, placed in alphabetical order. If HASHKEY is not present, then it should be compared to an appropriate key, such as the AUTHORITY's public key (preferably asserted in a previous vCard with the KEY property). ABNF: HASH-param = "VALUE=text" HASH-value = text 4.5. Property: HASHKEY Namespace: Boese Expires March 1, 2013 [Page 8] Internet-Draft Signed vCards August 2013 Property name: HASHKEY Purpose: To identify the key used to generate the value of the HASH property. Value type: A single URI. It can also be reset to a text value. Cardinality: * ABNF: HASHKEY-param = HASHKEY-uri-param / HASHKEY-text-param HASHKEY-value = HASHKEY-uri-value / HASHKEY-text-value ; Value and parameter MUST match. HASHKEY-uri-param = "VALUE=uri" / mediatype-param HASHKEY-uri-value = URI HASHKEY-text-param = "VALUE=text" HASHKEY-text-value = text HASHKEY-param =/ altid-param / pid-param / pref-param / type-param / any-param 4.6. Property: HASHLIST Namespace: Property name: HASHLIST Purpose: A list of properties for which the cryptographic authentication is being asserted. Value type: A comma-separated list of property values, with as many of the paramaters for each as are required to uniquely idenfity them. Description: Contains the list of property-and-parameter sets of the entries used to create the partial vCard to compare to the HASH. If HASH is present but HASHLIST isn't, then the set of properties is assumed to be everything but the HASH itself. If multiple properties of the same type are in the vCard, but not all of them are being signed, then enough of the parameters (eg, ALTID) should be included to differentiate which are part of the hash. If any properties are listed on multiple lines, they should be unfolded as given in RFC 6350 section 3.2 before being hashed. Boese Expires March 1, 2013 [Page 9] Internet-Draft Signed vCards August 2013 ABNF: HASHLIST-param = "VALUE=text" HASHLIST-value = component *("," component) 5. Example: Author's vCard BEGIN:VCARD VERSION:4.0s AUTHORITY:datapacrat@datapacrat.com FN:Daniel Eliot Boese N:Boese,Daniel,Eliot NICKNAME:DataPacRat EMAIL;PREF=1:datapacrat@datapacrat.com EMAIL;PREF=2:datapacrat@gmail.com REV:20130830T120000Z KEY;DATE=20130517;CONFIDENCE=50: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1ACA36542B26D0C3 PREFERRED-ID:FN,NICKNAME,"datapacrat@datapacrat.com", "datapacrat@gmail.com","datapacrat.com" SOCIALMEDIA;TYPE=homepage:http://www.datapacrat.com/ SOCIALMEDIA;TYPE=blog:http://blog.datapacrat.com/ SOCIALMEDIA;TYPE=profile:http://blog.datapacrat.com/about/ SOCIALMEDIA;TYPE=twitter:@DataPacRat SOCIALMEDIA;TYPE=facebook:http://www.facebook.com/DataPacRat SOCIALMEDIA;TYPE=gallery:http://datapacrat.deviantart.com/ HASHKEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1ACA36542B26D0C3 HASHLIST:EMAIL;PREF=1,AUTHORITY,KEY HASH: iQEcBAEBAgAGBQJSISgUAAoJEBrKNlQrJtDDqz8IAKOZwtSJmfZXNcC2kDJlZz4j Cl6lii3l2ZPoKXLLyzElGIiKEmUHJk4S1/4lEzabQkzaKsgCt3lORJuwtRKbbwVM pKAeCTnyXMQx3XkB5lYkR2P0d93WtSBMMk/Dqz7nusdE+vUTGvbpdZMtGkus4abL wX/Zn0k/eh3HmmfiUt/k/VQlc35ms6W/oMQVRqugfwxBSXP4gyZVadsDfvVRhYQE 3M/ry5ISzs061ljnHLX+gsBANInbipm87PruVLnoswtN+9Yh/QaRMKEKupONpRNL yM+Mhg874bWq/II/CKIhv2fmWNX4lP0cB0Xgs/6YTWroM7NQk4iJ5dmFS3fqoEE= =lBbY END:VCARD This leads to a partial vCard to hash, consisting of: EMAIL;PREF=1:datapacrat@datapacrat.com AUTHORITY:datapacrat@datapacrat.com KEY;DATE=20130517;CONFIDENCE=50: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1ACA36542B26D0C3 Boese Expires March 1, 2013 [Page 10] Internet-Draft Signed vCards August 2013 The KEY line should be unfolded into a single line to create the hash. 6. Security Considerations Signed vcards can contain cryptographic hashes. Depending on which crypto algorithms are used, these may be vulnerable to offline attacks. Programs should check that the key used to create the hash is linked to the appropriate authentication authority. When creating a new vCard, whether by hand or automatically generated, care should be taken to set appropriate CONFIDENCE values, to prevent further vCards based on such information from over- or under-estimating their own CONFIDENCE values. 7. IANA Considerations The IANA is requested to add the following entries to the vCard Parameters registry, defined in [RFC6350] section 10.3.2. +-----------+--------------+------------------------+ | Namespace | Property | Reference | +-----------+--------------+------------------------+ | | CONFIDENCE | RFCXXXX, section 3.1 | | | DATE | RFCXXXX, section 3.2 | +-----------+--------------+------------------------+ The IANA is requested to add the following entries to the vCard Properties registry, defined in [RFC6350] section 10.3.1. +-----------+--------------+------------------------+ | Namespace | Property | Reference | +-----------+--------------+------------------------+ | | PREFERRED-ID | RFCXXXX, section 4.1 | | | AUTHORITY | RFCXXXX, section 4.2 | | | SOCIALMEDIA | RFCXXXX, section 4.3 | | | HASH | RFCXXXX, section 4.4 | | | HASHKEY | RFCXXXX, section 4.5 | | | HASHLIST | RFCXXXX, section 4.6 | +-----------+--------------+------------------------+ 8. Acknowledgements Simon Perreault for writing the original vCard format. Boese Expires March 1, 2013 [Page 11] Internet-Draft Signed vCards August 2013 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, August 2011. Authors' Addresses Daniel Eliot Boese Email: datapacrat@datapacrat.com URI: http://www.datapacrat.com Boese Expires March 1, 2013 [Page 12]