Re: [COSE] MAC with no recipient structures
Olaf Bergmann <bergmann@tzi.org> Sat, 14 November 2015 09:25 UTC
Return-Path: <bergmann@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F3A31B5BBB for <cose@ietfa.amsl.com>; Sat, 14 Nov 2015 01:25:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XL8z0asy83p9 for <cose@ietfa.amsl.com>; Sat, 14 Nov 2015 01:25:46 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88CD01B3744 for <cose@ietf.org>; Sat, 14 Nov 2015 01:25:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id tAE9Pdrc018003; Sat, 14 Nov 2015 10:25:39 +0100 (CET)
Received: from aung.tzi.org (p5B0DDA49.dip0.t-ipconnect.de [91.13.218.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3nyWVV6fFjz2FXh; Sat, 14 Nov 2015 10:25:38 +0100 (CET)
From: Olaf Bergmann <bergmann@tzi.org>
To: Jim Schaad <ietf@augustcellars.com>
References: <04e901d119ad$3207bea0$96173be0$@augustcellars.com>
Date: Sat, 14 Nov 2015 10:25:38 +0100
In-Reply-To: <04e901d119ad$3207bea0$96173be0$@augustcellars.com> (Jim Schaad's message of "Sat, 7 Nov 2015 14:39:41 -0800")
Message-ID: <87egftszjh.fsf@aung.informatik.uni-bremen.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/xN80g5RhXFSBPXE9ZOsA-nTVuBc>
Cc: cose@ietf.org
Subject: Re: [COSE] MAC with no recipient structures
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Nov 2015 09:25:48 -0000
"Jim Schaad" <ietf@augustcellars.com> writes: > People keep telling me that they want to have a version of MACs that do not > have a set of recipient information attached so that they can do direct > MACs. I keep asking for a use case where this makes sense. In all of the > use cases that I have been presented so far, a better answer is going to be > to do an AEAD encrypted item rather than a MACed item. An example where this is useful is given in Section 3.7 of draft-bergmann-ace-dcaf-cose [1]. Here, the recipient structure is empty because CAM and C must be able to read the payload. Technically, you can make this work with an encrypted AEAD item as well but then, the payload information entirely goes into the AAD part because CAM and C must not know the secret that is being used for generating the MAC tag (they just forward the data to S). Of course, this is a requirement only in the cross-domain authorization scenario where C and S can be constrained and can have distinct owners. Where this is not considered an issue, you can easily go with COSE_encryptData and AEAD. [1] https://tools.ietf.org/html/draft-bergmann-ace-dcaf-cose-00#section-3.7 Grüße Olaf
- [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Olaf Bergmann
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Mike Jones
- Re: [COSE] MAC with no recipient structures Francesca Palombini
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Justin Richer
- Re: [COSE] MAC with no recipient structures Jim Schaad
- Re: [COSE] MAC with no recipient structures Hannes Tschofenig
- Re: [COSE] MAC with no recipient structures Brian Campbell