IETF Logo Mail Archive

Re: [COSE] MAC with no recipient structures

Mike Jones <Michael.Jones@microsoft.com> Sat, 21 November 2015 19:54 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03A8C1B2B05 for <cose@ietfa.amsl.com>; Sat, 21 Nov 2015 11:54:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdmCt0U7pDww for <cose@ietfa.amsl.com>; Sat, 21 Nov 2015 11:54:27 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0137.outbound.protection.outlook.com [65.55.169.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34C5F1A1AE6 for <cose@ietf.org>; Sat, 21 Nov 2015 11:54:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8iLl59VzEvWAroGQCfNOUOx/zfKKZQkCKcttcQ47xd4=; b=OGVoCVG7GHLwHXZJ7bhmjpIUsv9gMMiZMBr9Kqw/1UJBlB+Kmoq8PAtptcDBRn9PGTnZBIkBzidO0XCRDAY6TC2AATbQpMA+AHX1GeZXk+ahD5dw5PBif10sucLJBIQU7t27PnVlx37IUpmX9aLh8OIaALbmGi1dC6YYzvc2yXU=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.325.17; Sat, 21 Nov 2015 19:54:24 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0325.019; Sat, 21 Nov 2015 19:54:24 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Justin Richer <jricher@mit.edu>, Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] MAC with no recipient structures
Thread-Index: AdEZrBdSSIa9OxvISLeJdU4BkqsMwwJuLwEAAExCDuA=
Date: Sat, 21 Nov 2015 19:54:24 +0000
Message-ID: <BY2PR03MB442BD44092F5E07F21CA7BBF5190@BY2PR03MB442.namprd03.prod.outlook.com>
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com> <564ECB3C.1070203@mit.edu>
In-Reply-To: <564ECB3C.1070203@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.85.157]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:8sfPRf4+6aoy8B8/z5Qsns+6uu8cEYL07v4NJ2JKwhIDyWHkKz9ITpd6p0P+/OBKj8i+3uUzRHOXB2K9bge1+k592QuZQ8/+SA0uTdLfrWaRxzUXQl/rXtE2nqXgEBnp/fMsTEQJ/w2ITRmEbZgBMg==; 24:UlJ7cWaLF8DH3qAiQSHzif5Y9+j+j/lt1FajnNG1Wm6UysGUjuO4eX4kuiNZ15PasM5mWkPVAQMSpwzY5d+EGCP2LPMr9uXcZL7x9Ps0gn8=; 20:yuBNqn7oxYef9hm1JWpYUeO2EWKfCFOzNYPdgcx1FHefUpefdUDPt+SV5q5FH2W+2apLEB97TxN69bT1wao0OQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
x-microsoft-antispam-prvs: <BY2PR03MB442954490934FCF341AC3E8F5190@BY2PR03MB442.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425024)(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001)(61426024)(61427024); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 076777155F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(199003)(479174004)(189002)(377454003)(24454002)(2950100001)(105586002)(10090500001)(106356001)(40100003)(92566002)(99286002)(189998001)(97736004)(54356999)(122556002)(5008740100001)(87936001)(101416001)(2900100001)(76176999)(77096005)(66066001)(15975445007)(50986999)(2171001)(8990500004)(2501003)(5001770100001)(10290500002)(5890100001)(5001960100002)(5003600100002)(5007970100001)(19580405001)(11100500001)(5002640100001)(19580395003)(5004730100002)(74316001)(10400500002)(5001920100001)(586003)(86362001)(76576001)(33656002)(3846002)(102836003)(5005710100001)(86612001)(81156007)(107886002)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2015 19:54:24.3035 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/mluH4C03b_1Qm3pcmHcDIU2g04o>
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2015 19:54:30 -0000

As a point of clarification, this thread wasn't about removing MAC.  It was about adding a MAC representation with no explicit recipient - the equivalent of the JWS example in http://tools.ietf.org/html/rfc7515#section-3.3.

This feature request is tracked as https://github.com/cose-wg/cose-issues/issues/10 - Make "recipients" field optional.

				-- Mike

-----Original Message-----
From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Justin Richer
Sent: Thursday, November 19, 2015 11:27 PM
To: Jim Schaad <ietf@augustcellars.com>; cose@ietf.org
Subject: Re: [COSE] MAC with no recipient structures

What I'm hearing from this thread is a lot of support for plain MAC structures, including several documented use cases. Not the least of which is mapping to JOSE's HS* algorithm suite in JWS, one of the two most-used and most-successful portions of JOSE to date.

Consequently, I'm not seeing any consensus to drop plain MAC support in favor of any other method. I'm also not seeing opposition to defining AEAD structures in addition to MAC structures in COSE and allowing applications to choose.

Therefore, we'll keep MAC in place until there's sufficient consensus to remove the capability from COSE.

Thank you,
  -- Justin, your COSE chair.

On 11/7/2015 5:39 PM, Jim Schaad wrote:
> People keep telling me that they want to have a version of MACs that 
> do not have a set of recipient information attached so that they can 
> do direct MACs.  I keep asking for a use case where this makes sense.  
> In all of the use cases that I have been presented so far, a better 
> answer is going to be to do an AEAD encrypted item rather than a MACed item.
>
> The scenario that wants this is going to be:
>
> Alice sends data to Bob in such a way that Bob can authenticate the data.
> Eve needs to be able to read the data in transit, without knowing if 
> the message contains data or misinformation and will act on the 
> message as if it were data.
>
> The difference in message size between MAC and Encryption is going to 
> be minimal, at most a few bytes.  The execution difference is going to 
> be a few extra encryption operations.
>
> What use cases exist for this where encryption is not a better 
> security answer anyway.
>
> Jim
>
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email