IETF Logo Mail Archive

Re: [COSE] MAC with no recipient structures

Justin Richer <jricher@mit.edu> Fri, 20 November 2015 07:26 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF001A8979 for <cose@ietfa.amsl.com>; Thu, 19 Nov 2015 23:26:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Level:
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8QO71kbyZHF for <cose@ietfa.amsl.com>; Thu, 19 Nov 2015 23:26:57 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B8F21A8974 for <cose@ietf.org>; Thu, 19 Nov 2015 23:26:56 -0800 (PST)
X-AuditID: 12074423-f797f6d0000023d0-e7-564ecb3f47b7
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 65.88.09168.F3BCE465; Fri, 20 Nov 2015 02:26:55 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id tAK7QsIN024141; Fri, 20 Nov 2015 02:26:55 -0500
Received: from [192.168.128.56] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAK7QqPX017727 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 20 Nov 2015 02:26:54 -0500
To: Jim Schaad <ietf@augustcellars.com>, cose@ietf.org
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com>
From: Justin Richer <jricher@mit.edu>
Message-ID: <564ECB3C.1070203@mit.edu>
Date: Fri, 20 Nov 2015 02:26:52 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <04e901d119ad$3207bea0$96173be0$@augustcellars.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDIsWRmVeSWpSXmKPExsUixG6nomt/2i/MYOlCeYtpW6eyWqye/p3N gclj45zpbB5LlvxkCmCK4rJJSc3JLEst0rdL4Mr4dv4HS8Fcvor/R86wNzDO4+5i5OCQEDCR eHHLq4uRE8gUk7hwbz1bFyMXh5DAYiaJszc+sEM4GxkldjT8hMrcZpJY+3wbC0iLMFD3xs3X mUFsEQEziTVnm9hAbCEBe4n7B56wgthsAqoS09e0MIHYvAJqEo9mzwGrYQGKX3rxF6xXVCBG 4v2mVYwQNYISJ2c+AZvPKeAgcercS7BeZgFbiTtzdzND2PIS29/OYZ7AKDALScssJGWzkJQt YGRexSibklulm5uYmVOcmqxbnJyYl5dapGuml5tZopeaUrqJERyoLso7GP8cVDrEKMDBqMTD 2yDuFybEmlhWXJl7iFGSg0lJlNfiEFCILyk/pTIjsTgjvqg0J7X4EKMEB7OSCO9SP6Acb0pi ZVVqUT5MSpqDRUmcd+4X3zAhgfTEktTs1NSC1CKYrAwHh5IEL9spoEbBotT01Iq0zJwShDQT ByfIcB6g4ZIgNbzFBYm5xZnpEPlTjIpS4ry3TgIlBEASGaV5cL2gRJLw9rDpK0ZxoFeEeWtB 2nmASQiu+xXQYCagwb9rfEEGlyQipKQaGL1jLLqPqbUW8F72z7aXspaLPJ7995R06Bp39w/q TSv7131YcO0CnzXjtBN5Pm8zXIWd0vee6Qy+fOe3SWWcUcedShmDP74nK0/e2+FVuf5mOaOJ 5Z3l0tu2+pmzaN4q2D39GVuspMfa0FSVV0Gr5wT/nSK6hME5aGOK7vUPp7PKu/+cOe+sosRS nJFoqMVcVJwIAPmT0Mb/AgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/L67KezZ4nuJkEB9pJTCigdKHdBI>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2015 07:26:58 -0000

What I'm hearing from this thread is a lot of support for plain MAC 
structures, including several documented use cases. Not the least of 
which is mapping to JOSE's HS* algorithm suite in JWS, one of the two 
most-used and most-successful portions of JOSE to date.

Consequently, I'm not seeing any consensus to drop plain MAC support in 
favor of any other method. I'm also not seeing opposition to defining 
AEAD structures in addition to MAC structures in COSE and allowing 
applications to choose.

Therefore, we'll keep MAC in place until there's sufficient consensus to 
remove the capability from COSE.

Thank you,
  -- Justin, your COSE chair.

On 11/7/2015 5:39 PM, Jim Schaad wrote:
> People keep telling me that they want to have a version of MACs that do not
> have a set of recipient information attached so that they can do direct
> MACs.  I keep asking for a use case where this makes sense.  In all of the
> use cases that I have been presented so far, a better answer is going to be
> to do an AEAD encrypted item rather than a MACed item.
>
> The scenario that wants this is going to be:
>
> Alice sends data to Bob in such a way that Bob can authenticate the data.
> Eve needs to be able to read the data in transit, without knowing if the
> message contains data or misinformation and will act on the message as if it
> were data.
>
> The difference in message size between MAC and Encryption is going to be
> minimal, at most a few bytes.  The execution difference is going to be a few
> extra encryption operations.
>
> What use cases exist for this where encryption is not a better security
> answer anyway.
>
> Jim
>
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email