IETF Logo Mail Archive

Re: [COSE] MAC with no recipient structures

Mike Jones <Michael.Jones@microsoft.com> Mon, 16 November 2015 22:39 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 613981A89A7 for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 14:39:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRPk-dsJKzQO for <cose@ietfa.amsl.com>; Mon, 16 Nov 2015 14:39:19 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0747.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:747]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC33E1A899A for <cose@ietf.org>; Mon, 16 Nov 2015 14:39:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xdGkGrfbgMH2Onp2zEQ4NrHWjpDVqGsu7KinybdevEc=; b=AzWBHVJLpBXWohxnteYTjGR63cXRfxrX8N/DjhfskB84zIIIxei8YqAD/wQEpx5uR0FaiYidAMgRunJZAoeONmzOIJBt8VId0bXP0FZXOTY4GhEJQOUUDFXzenNrRPkPHOSHzz7j+tZzebpRnWuP7k3iiDA9yTcVRMt8073X7B4=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB444.namprd03.prod.outlook.com (10.141.141.154) with Microsoft SMTP Server (TLS) id 15.1.325.17; Mon, 16 Nov 2015 22:38:57 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0325.003; Mon, 16 Nov 2015 22:38:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] MAC with no recipient structures
Thread-Index: AdEZrBdSSIa9OxvISLeJdU4BkqsMwwHEqn+A
Date: Mon, 16 Nov 2015 22:38:56 +0000
Message-ID: <BY2PR03MB442E641DA7A791CB8CCAD8AF51E0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com>
In-Reply-To: <04e901d119ad$3207bea0$96173be0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:7::30f]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB444; 5:igy2jdRzxr11zBaRpFRFym2MnzPKJcJxm1akMgz4MRLDdd64ocLBIS1fR2kS5uMxQ3b4cQkOE0S385ShdU2UvlaawpNEGzRFQ68z9bNoTGwZ3bWwGVttA1zcYAetOvD3GyE3pd4CYqs4LurpFIUlUg==; 24:2bnZ8PVl/0emTyz49WMbGUff1R75z70bThd2DMuu+D/yLejOsw8BgThEeSo5/wV0yOuTL8smzI9ug0+dC8cJtYOZ+Sr8n8NsHCOtP6QHFmM=; 20:pkvYsKanJ6Q2T8ERADi+QoCT86COjopXy4byTnlIi0Xi58cGy+I6ZecojBCvamZZOV0rrHGJG3Pw4+qIv4sw4A==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB444;
x-microsoft-antispam-prvs: <BY2PR03MB444F6140F2997E92493505FF51E0@BY2PR03MB444.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001)(61426024)(61427024); SRVR:BY2PR03MB444; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB444;
x-forefront-prvs: 0762FFD075
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(377454003)(13464003)(8990500004)(40100003)(11100500001)(87936001)(2501003)(74316001)(122556002)(50986999)(76576001)(102836002)(106356001)(92566002)(5001960100002)(77096005)(54356999)(81156007)(15975445007)(97736004)(19580405001)(33656002)(19580395003)(5003600100002)(5005710100001)(10290500002)(76176999)(189998001)(586003)(99286002)(2900100001)(86612001)(101416001)(2950100001)(5008740100001)(5007970100001)(10400500002)(107886002)(86362001)(5001770100001)(5890100001)(5002640100001)(10090500001)(105586002)(5004730100002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB444; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2015 22:38:56.9284 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB444
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/kbcEU1hhedUC8d7udEzovio4wBI>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2015 22:39:21 -0000

It should be up to the application whether a MAC operation or an authenticated encryption operation is the best choice for the application.  COSE needs to simply and efficiently support both, giving the application that choice.

One use case would be a CBOR mapping of OpenID Connect login for IoT usage - replacing the JWT-based ID Token with a CWT-based ID Token.  This would often be used with symmetric crypto, where per RP/IdP symmetric HMAC keys are employed.  The ID Token (containing information about the authentication that occurred) would use direct HMAC.

				-- Mike

-----Original Message-----
From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Jim Schaad
Sent: Saturday, November 07, 2015 2:40 PM
To: cose@ietf.org
Subject: [COSE] MAC with no recipient structures

People keep telling me that they want to have a version of MACs that do not have a set of recipient information attached so that they can do direct MACs.  I keep asking for a use case where this makes sense.  In all of the use cases that I have been presented so far, a better answer is going to be to do an AEAD encrypted item rather than a MACed item.

The scenario that wants this is going to be:

Alice sends data to Bob in such a way that Bob can authenticate the data.
Eve needs to be able to read the data in transit, without knowing if the message contains data or misinformation and will act on the message as if it were data.

The difference in message size between MAC and Encryption is going to be minimal, at most a few bytes.  The execution difference is going to be a few extra encryption operations.

What use cases exist for this where encryption is not a better security answer anyway.

Jim


_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email