Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
Mike Jones <Michael.Jones@microsoft.com> Fri, 10 July 2015 23:11 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E255B1A036B for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 16:11:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rYdX3Qr96JN for <cose@ietfa.amsl.com>; Fri, 10 Jul 2015 16:11:43 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0111.outbound.protection.outlook.com [65.55.169.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05EA71A036A for <cose@ietf.org>; Fri, 10 Jul 2015 16:11:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9dS69CSlWBMrnQouOtDSAAzpDmkzRwXqKG3VubpVuvo=; b=hHuixU1fYW+VVWWX9ak2555xxdg7IdEldenIETSH7WsDaSGqhY/qt1V9v0qXrXWoSGrUGGkOnvB0K7kbaIYRuaNjheR9xLvVZd6yapMyR9Il2J/f9CgfrEeYPOfbPESNzApQoaDEy8VtRvzUuSPmjPmYxqwHGCXoTGYGD/Io24g=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.213.10; Fri, 10 Jul 2015 23:11:40 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0213.000; Fri, 10 Jul 2015 23:11:40 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Brian Campbell' <bcampbell@pingidentity.com>
Thread-Topic: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
Thread-Index: AQHQtO7otSq2x1sR40SvzKRDC45tbp3IdCkggAg6cYCAATMYgIAB5ByAgAArZoCAAVtFAIAACPoAgAABvYCAAAmGAIAAACHA
Date: Fri, 10 Jul 2015 23:11:39 +0000
Message-ID: <BY2PR03MB442B5A56792D5543C067232F59F0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <CA+k3eCQUPxZfWM9XcKaTLN-WOx2cHEi9SAGSRFTtv71iSCUqdQ@mail.gmail.com> <559576A9.9090002@gmx.net> <BY2PR03MB442C02F758E34B29BBD0CEAF5970@BY2PR03MB442.namprd03.prod.outlook.com> <001001d0b90c$3c874af0$b595e0d0$@augustcellars.com> <00c501d0b9a5$c8f869d0$5ae93d70$@augustcellars.com> <CA+k3eCS-7UK9RDfnkKCLK0ApTdNhSamYY3LL73+e1=rBvz7vDA@mail.gmail.com> <000f01d0baad$8a781b20$9f685160$@augustcellars.com> <CA+k3eCSHOjdWyqbRAWR8AitEA5Z-vekUcCY7XQpFj=n2vhsi=A@mail.gmail.com> <001401d0bb5f$a98fdf90$fcaf9eb0$@augustcellars.com> <CA+k3eCRe+OimGD3n_m59EogP5geeCq4SSNQu6k_ECuj_63c5pA@mail.gmail.com> <003001d0bb65$4a55c390$df014ab0$@augustcellars.com>
In-Reply-To: <003001d0bb65$4a55c390$df014ab0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: augustcellars.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:vSVWhI52UZ8RNJc5RouuF3oa3JsCDxQOoac9jiEuThoxwaaxDmgKXnA3IjD0ojr3rZhzsHjilrvN08j30n7BhI1tqAHm8DYND5WH1FGRUCnXcES1GJRFbDmmvTrPNY8HNFqXTEGWITCSL8Zid2yYJQ==; 24:1Orm2XzSCs7H/BW3fqRamNa0egU9AHVf21qMp8/mNoPZCZFevfWKIbzYe5SzbgihHtK+qn14VJq0+AFNiGxBysBGkNWixjzvsEa6meUl6oo=; 20:4dQYUZQsgNNQhyc2YBdCAd4NrGsodEr7wsNrGRQOz0z7B1g8FnBzaac4gkcKFVb0QzZ7ar3G3lnACfklVK3d8Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
by2pr03mb442: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <BY2PR03MB442CF11E35CA71D467637D2F59F0@BY2PR03MB442.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 06339BAE63
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(5002640100001)(46102003)(77156002)(33656002)(76576001)(77096005)(122556002)(15975445007)(102836002)(74316001)(62966003)(92566002)(99286002)(5001770100001)(93886004)(106116001)(76176999)(230783001)(2656002)(86612001)(189998001)(2950100001)(16236675004)(19580395003)(19580405001)(87936001)(2900100001)(5003600100002)(86362001)(19625215002)(40100003)(50986999)(54356999)(19300405004)(5001960100002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB442B5A56792D5543C067232F59F0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2015 23:11:39.9186 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/iPzHmLdh4m35Jqu0CMj0IPXTBNU>
Cc: "cose@ietf.org" <cose@ietf.org>
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 23:11:46 -0000
Per my issue 2, I believe that the default key management mode should be “no key management” – what we called “direct” in JOSE. If developers want to also add it in, more power to them.
Yes, key rotation will have to occasionally be done to make this safe. That’s always been a given. (And yes, that’s part of the meaning of “key management” that is out of scope for this working group, but is clearly necessary for any secure application.)
The overhead you’re not talking about below Jim is the computation time and power overhead of generating the ephemeral key and encrypting it. If this isn’t absolutely necessary, it’s better to not do it. JOSE seems to be working fine without this even being an option…
-- Mike
From: Cose [mailto:cose-bounces@ietf.org] On Behalf Of Jim Schaad
Sent: Friday, July 10, 2015 4:08 PM
To: 'Brian Campbell'
Cc: cose@ietf.org
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
The overhead on key management is going to be based a lot on what you are doing.
If you are doing direct shared secret –then you have a kid
If you are doing ECDH-SS – then you need two kids and a nonce (which can be very short)
If you are doing ECDSA – then you need a kid
This means that to be the same size you have 24 bytes to express a second kid (which could be implicit) and a nonce (which can be a short as 2 or 3 bytes). I don’t think you need that much space – so yes, it would be smaller.
The overhead from the basic messages (MAC vs Sign) is going to be about the same in both cases.
From: Brian Campbell [mailto:bcampbell@pingidentity.com]
Sent: Friday, July 10, 2015 3:34 PM
To: Jim Schaad
Cc: cose@ietf.org<mailto:cose@ietf.org>
Subject: Re: [Cose] Key management for MACs (was Re: Review of draft-schaad-cose-msg-01)
Really, there's no overhead from the key management part?
I've admittedly not done the comparison but the message size overhead seems like it'd be similar with something like ECDSA (admittedly not RSA).
ECDSA = 2 * SHA-256 or 32 bytes
Truncated AES-CMAC is 8 bytes (64 bits)
- [Cose] Key management for MACs (was Re: Review of… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Hannes Tschofenig
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Jim Schaad
- Re: [Cose] Key management for MACs (was Re: Revie… Mike Jones
- Re: [Cose] Key management for MACs (was Re: Revie… Brian Campbell
- Re: [Cose] Key management for MACs (was Re: Revie… Derek Atkins
- Re: [Cose] Key management for MACs (was Re: Revie… Ilari Liusvaara