Re: [COSE] MAC with no recipient structures
"Jim Schaad" <ietf@augustcellars.com> Tue, 17 November 2015 01:23 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 362B81A89FA for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9Vrdfqh2r-Y for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 17:23:55 -0800 (PST)
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 793FE1A89F9 for <cose@ietf.org>; Mon, 16 Nov 2015 17:23:52 -0800 (PST)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id DD48D2C9C5; Mon, 16 Nov 2015 17:23:51 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, cose@ietf.org
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com> <BY2PR03MB442E641DA7A791CB8CCAD8AF51E0@BY2PR03MB442.namprd03.prod.outlook.com>
In-Reply-To: <BY2PR03MB442E641DA7A791CB8CCAD8AF51E0@BY2PR03MB442.namprd03.prod.outlook.com>
Date: Mon, 16 Nov 2015 17:21:00 -0800
Message-ID: <010801d120d6$381c3d40$a854b7c0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIfvpSiX18QdRwxvFtmOBjrli/sGAKSUBmrne2coTA=
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/UVloj62whKVrouu6yXPoT4hmYkg>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 01:23:57 -0000
For this case, what is the benefit that you see for favoring HMAC over AES-GCM? Jim > -----Original Message----- > From: Mike Jones [mailto:Michael.Jones@microsoft.com] > Sent: Monday, November 16, 2015 2:39 PM > To: Jim Schaad <ietf@augustcellars.com>; cose@ietf.org > Subject: RE: [COSE] MAC with no recipient structures > > It should be up to the application whether a MAC operation or an authenticated > encryption operation is the best choice for the application. COSE needs to > simply and efficiently support both, giving the application that choice. > > One use case would be a CBOR mapping of OpenID Connect login for IoT usage - > replacing the JWT-based ID Token with a CWT-based ID Token. This would > often be used with symmetric crypto, where per RP/IdP symmetric HMAC keys > are employed. The ID Token (containing information about the authentication > that occurred) would use direct HMAC. > > -- Mike > > -----Original Message----- > From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Jim Schaad > Sent: Saturday, November 07, 2015 2:40 PM > To: cose@ietf.org > Subject: [COSE] MAC with no recipient structures > > People keep telling me that they want to have a version of MACs that do not > have a set of recipient information attached so that they can do direct MACs. I > keep asking for a use case where this makes sense. In all of the use cases that I > have been presented so far, a better answer is going to be to do an AEAD > encrypted item rather than a MACed item. > > The scenario that wants this is going to be: > > Alice sends data to Bob in such a way that Bob can authenticate the data. > Eve needs to be able to read the data in transit, without knowing if the message > contains data or misinformation and will act on the message as if it were data. > > The difference in message size between MAC and Encryption is going to be > minimal, at most a few bytes. The execution difference is going to be a few > extra encryption operations. > > What use cases exist for this where encryption is not a better security answer > anyway. > > Jim > > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose
- [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Francesca Palombini
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Hannes Tschofenig
- Re: [COSE] MAC with no recipient structures Brian Campbell