Re: [COSE] MAC with no recipient structures
Mike Jones <Michael.Jones@microsoft.com> Tue, 17 November 2015 01:33 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDAC41AC43A for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3dOqDJpV9NV for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:33:52 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0111.outbound.protection.outlook.com [207.46.100.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D449C1AC439 for <cose@ietf.org>; Mon, 16 Nov 2015 17:33:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VHiV3fp57WgmGHiI0JzvOHYlBXbV8P7j+FrwVK/laKw=; b=U8P529rTKgQTE7VdULw9m9MF4awxlq/P2ks81SxbPXxFjSW8SjQXHbxBN1KoxyNS7vI2W71qTSjeh4z8P8GSoo1x7M3SIXdBFcUV2KNuatcFoFb+QbD2GQR+124RRWrkD0gIJqAmhcIWQoNzO5B3949gpjT13XyhHsWofHU1+Js=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.325.17; Tue, 17 Nov 2015 01:33:50 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0325.003; Tue, 17 Nov 2015 01:33:49 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] MAC with no recipient structures
Thread-Index: AdEZrBdSSIa9OxvISLeJdU4BkqsMwwHEqn+AAAXdmQAAAD7yEA==
Date: Tue, 17 Nov 2015 01:33:49 +0000
Message-ID: <BY2PR03MB442B135155104C6E82658E3F51D0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com> <BY2PR03MB442E641DA7A791CB8CCAD8AF51E0@BY2PR03MB442.namprd03.prod.outlook.com> <010801d120d6$381c3d40$a854b7c0$@augustcellars.com>
In-Reply-To: <010801d120d6$381c3d40$a854b7c0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:b::30f]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB443; 5:7vX99U8KVhQWXlQspqegvcJn6/fNREwQLPj2ad36/N9VGcLFjX0z+9tm/3hyY0A+U4MU5OsiMD9KKbcdPq+vu56VLUnwWeVNUtMJmIgJIdohMGD3U7l34hEUolwRQOM2WWW2ZW9OGKkaXre5UMClZw==; 24:iHtNd+HoRTYia/x6FSa8UbgBtUt+ui2XSYgZejoIsMaRnXuu9cTr1J+CHngVWsuhQjARtKavhduxYBlDkXiCcqzU/L0t3wN2YgvHksp1hZc=; 20:oG6Ghsy9MaA8WMmDRG+H8wf62hIDVecIaomo0q+P1G9o6i3YXn2rvAfR3xr0YYO1c1MjyuKjgzMrKIsXkqPb1w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB44343D032835B9D2C506959F51D0@BY2PR03MB443.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046)(61426024)(61427024); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 07630F72AD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(13464003)(189002)(101416001)(10400500002)(81156007)(2950100001)(87936001)(2501003)(107886002)(50986999)(92566002)(76176999)(19580405001)(15395725005)(33656002)(106356001)(8990500004)(10090500001)(2900100001)(5890100001)(105586002)(5005710100001)(15975445007)(10290500002)(102836002)(77096005)(99286002)(122556002)(76576001)(5001920100001)(5008740100001)(86612001)(54356999)(5003600100002)(189998001)(19580395003)(5004730100002)(74316001)(5001960100002)(40100003)(5001770100001)(586003)(5002640100001)(5007970100001)(86362001)(97736004)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2015 01:33:49.5088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/8lxWjw160fr0E_tYzwQ4FEOfsI4>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 01:33:56 -0000
For starters - there's no need for encryption support. Also, the ID Token claims are viewable by intermediaries. But I really think you have the question backwards. Why not allow applications the choice of HMAC? Unless there's a compelling reason not to, COSE should do so - particularly in light of the JOSE experience in which no-explicit-recipient HMAC is second-most used behind digital signatures, with encryption being a distant third - data also cited recently by Justin. If you look at the set of JOSE libraries represented at http://openid.net/developers/libraries/#jwt, you'll find that most, including Microsoft's current production JOSE libraries, don't support encryption, because they don't have a need for it. I see no reason not to allow the same implementation choices by COSE developers. -- Mike -----Original Message----- From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Monday, November 16, 2015 5:21 PM To: Mike Jones; cose@ietf.org Subject: RE: [COSE] MAC with no recipient structures For this case, what is the benefit that you see for favoring HMAC over AES-GCM? Jim > -----Original Message----- > From: Mike Jones [mailto:Michael.Jones@microsoft.com] > Sent: Monday, November 16, 2015 2:39 PM > To: Jim Schaad <ietf@augustcellars.com>; cose@ietf.org > Subject: RE: [COSE] MAC with no recipient structures > > It should be up to the application whether a MAC operation or an authenticated > encryption operation is the best choice for the application. COSE > needs to > simply and efficiently support both, giving the application that choice. > > One use case would be a CBOR mapping of OpenID Connect login for IoT > usage - > replacing the JWT-based ID Token with a CWT-based ID Token. This > would often be used with symmetric crypto, where per RP/IdP symmetric > HMAC keys are employed. The ID Token (containing information about > the authentication > that occurred) would use direct HMAC. > > -- Mike > > -----Original Message----- > From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Jim Schaad > Sent: Saturday, November 07, 2015 2:40 PM > To: cose@ietf.org > Subject: [COSE] MAC with no recipient structures > > People keep telling me that they want to have a version of MACs that > do not > have a set of recipient information attached so that they can do > direct MACs. I > keep asking for a use case where this makes sense. In all of the use cases that I > have been presented so far, a better answer is going to be to do an > AEAD encrypted item rather than a MACed item. > > The scenario that wants this is going to be: > > Alice sends data to Bob in such a way that Bob can authenticate the data. > Eve needs to be able to read the data in transit, without knowing if > the message > contains data or misinformation and will act on the message as if it > were data. > > The difference in message size between MAC and Encryption is going to > be minimal, at most a few bytes. The execution difference is going to > be a few > extra encryption operations. > > What use cases exist for this where encryption is not a better > security answer > anyway. > > Jim > > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose
- [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Francesca Palombini
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Hannes Tschofenig
- Re: [COSE] MAC with no recipient structures Brian Campbell