IETF Logo Mail Archive

Re: [COSE] MAC with no recipient structures

Mike Jones <Michael.Jones@microsoft.com> Tue, 17 November 2015 01:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDAC41AC43A for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3dOqDJpV9NV for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:33:52 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0111.outbound.protection.outlook.com [207.46.100.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D449C1AC439 for <cose@ietf.org>; Mon, 16 Nov 2015 17:33:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VHiV3fp57WgmGHiI0JzvOHYlBXbV8P7j+FrwVK/laKw=; b=U8P529rTKgQTE7VdULw9m9MF4awxlq/P2ks81SxbPXxFjSW8SjQXHbxBN1KoxyNS7vI2W71qTSjeh4z8P8GSoo1x7M3SIXdBFcUV2KNuatcFoFb+QbD2GQR+124RRWrkD0gIJqAmhcIWQoNzO5B3949gpjT13XyhHsWofHU1+Js=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.325.17; Tue, 17 Nov 2015 01:33:50 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0325.003; Tue, 17 Nov 2015 01:33:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] MAC with no recipient structures
Thread-Index: AdEZrBdSSIa9OxvISLeJdU4BkqsMwwHEqn+AAAXdmQAAAD7yEA==
Date: Tue, 17 Nov 2015 01:33:49 +0000
Message-ID: <BY2PR03MB442B135155104C6E82658E3F51D0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com> <BY2PR03MB442E641DA7A791CB8CCAD8AF51E0@BY2PR03MB442.namprd03.prod.outlook.com> <010801d120d6$381c3d40$a854b7c0$@augustcellars.com>
In-Reply-To: <010801d120d6$381c3d40$a854b7c0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:b::30f]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:7vX99U8KVhQWXlQspqegvcJn6/fNREwQLPj2ad36/N9VGcLFjX0z+9tm/3hyY0A+U4MU5OsiMD9KKbcdPq+vu56VLUnwWeVNUtMJmIgJIdohMGD3U7l34hEUolwRQOM2WWW2ZW9OGKkaXre5UMClZw==; 24:iHtNd+HoRTYia/x6FSa8UbgBtUt+ui2XSYgZejoIsMaRnXuu9cTr1J+CHngVWsuhQjARtKavhduxYBlDkXiCcqzU/L0t3wN2YgvHksp1hZc=; 20:oG6Ghsy9MaA8WMmDRG+H8wf62hIDVecIaomo0q+P1G9o6i3YXn2rvAfR3xr0YYO1c1MjyuKjgzMrKIsXkqPb1w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB44343D032835B9D2C506959F51D0@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046)(61426024)(61427024); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 07630F72AD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(13464003)(189002)(101416001)(10400500002)(81156007)(2950100001)(87936001)(2501003)(107886002)(50986999)(92566002)(76176999)(19580405001)(15395725005)(33656002)(106356001)(8990500004)(10090500001)(2900100001)(5890100001)(105586002)(5005710100001)(15975445007)(10290500002)(102836002)(77096005)(99286002)(122556002)(76576001)(5001920100001)(5008740100001)(86612001)(54356999)(5003600100002)(189998001)(19580395003)(5004730100002)(74316001)(5001960100002)(40100003)(5001770100001)(586003)(5002640100001)(5007970100001)(86362001)(97736004)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2015 01:33:49.5088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/8lxWjw160fr0E_tYzwQ4FEOfsI4>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 01:33:56 -0000

For starters - there's no need for encryption support.  Also, the ID Token claims are viewable by intermediaries.

But I really think you have the question backwards.  Why not allow applications the choice of HMAC?  Unless there's a compelling reason not to, COSE should do so - particularly in light of the JOSE experience in which no-explicit-recipient HMAC is second-most used behind digital signatures, with encryption being a distant third - data also cited recently by Justin.  If you look at the set of JOSE libraries represented at http://openid.net/developers/libraries/#jwt, you'll find that most, including Microsoft's current production JOSE libraries, don't support encryption, because they don't have a need for it.

I see no reason not to allow the same implementation choices by COSE developers.

				-- Mike

-----Original Message-----
From: Jim Schaad [mailto:ietf@augustcellars.com] 
Sent: Monday, November 16, 2015 5:21 PM
To: Mike Jones; cose@ietf.org
Subject: RE: [COSE] MAC with no recipient structures

For this case, what is the benefit that you see for favoring HMAC over AES-GCM?

Jim

> -----Original Message-----
> From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> Sent: Monday, November 16, 2015 2:39 PM
> To: Jim Schaad <ietf@augustcellars.com>; cose@ietf.org
> Subject: RE: [COSE] MAC with no recipient structures
> 
> It should be up to the application whether a MAC operation or an
authenticated
> encryption operation is the best choice for the application.  COSE 
> needs
to
> simply and efficiently support both, giving the application that choice.
> 
> One use case would be a CBOR mapping of OpenID Connect login for IoT 
> usage
-
> replacing the JWT-based ID Token with a CWT-based ID Token.  This 
> would often be used with symmetric crypto, where per RP/IdP symmetric 
> HMAC keys are employed.  The ID Token (containing information about 
> the
authentication
> that occurred) would use direct HMAC.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Jim Schaad
> Sent: Saturday, November 07, 2015 2:40 PM
> To: cose@ietf.org
> Subject: [COSE] MAC with no recipient structures
> 
> People keep telling me that they want to have a version of MACs that 
> do
not
> have a set of recipient information attached so that they can do 
> direct
MACs.  I
> keep asking for a use case where this makes sense.  In all of the use
cases that I
> have been presented so far, a better answer is going to be to do an 
> AEAD encrypted item rather than a MACed item.
> 
> The scenario that wants this is going to be:
> 
> Alice sends data to Bob in such a way that Bob can authenticate the data.
> Eve needs to be able to read the data in transit, without knowing if 
> the
message
> contains data or misinformation and will act on the message as if it 
> were
data.
> 
> The difference in message size between MAC and Encryption is going to 
> be minimal, at most a few bytes.  The execution difference is going to 
> be a
few
> extra encryption operations.
> 
> What use cases exist for this where encryption is not a better 
> security
answer
> anyway.
> 
> Jim
> 
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email