Re: [jose] Question on enc location

Richard Barnes <rlb@ipv.sx> Tue, 23 July 2013 14:00 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7664821E804B for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 07:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o3TDxK+fnj7e for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 06:59:56 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id A2E8511E8125 for <jose@ietf.org>; Tue, 23 Jul 2013 06:59:34 -0700 (PDT)
Received: by mail-vc0-f172.google.com with SMTP id m17so4089897vca.3 for <jose@ietf.org>; Tue, 23 Jul 2013 06:59:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=L5Y4MLL0p7aGu1b0It1w9C/xSXSLsQJ2rJT3h36pHxk=; b=ApGxDxycqcraR6JWDJfDm59fEbjSxKS3miQ+lD4T18M6h2tcaRagt2IMZ69WczT5Wp zgyrvoyyhgd4S6eKJaEjiwJxmX/hfuD3o2KWW3s97Lw5m/vn+3AOFFZ9hrlowzae/fHT udHN7AKqTLgjnSYzgCYn3ufnE+W4qs+mH6KR+x2/Z+MIKc1YQ3r7a80geyat7uWkRxD1 c2OjJbxhNIQZ4lVGeVQ5vgKD6MXyRbvTUB4ELh52w0KkbH3OEHZ7gPFaDFiwx7Nlep7k BY0LnNl/2HLprUShlv5WtlFJn9JyN9sQbGbUicYUjRm9v7Mxv+K/BzXSgmDsl9m8r9VJ c6zw==
MIME-Version: 1.0
X-Received: by 10.52.32.133 with SMTP id j5mr9575180vdi.103.1374587974009; Tue, 23 Jul 2013 06:59:34 -0700 (PDT)
Received: by 10.58.199.84 with HTTP; Tue, 23 Jul 2013 06:59:33 -0700 (PDT)
X-Originating-IP: [192.1.51.54]
In-Reply-To: <05fd01ce879f$581712a0$084537e0$@augustcellars.com>
References: <05a101ce8733$d96415e0$8c2c41a0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B6FFED3@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgRFsoVOu4=opCark=iY6EXZ4kscR5Q3v2KpcZu4_ubQQw@mail.gmail.com> <05fd01ce879f$581712a0$084537e0$@augustcellars.com>
Date: Tue, 23 Jul 2013 09:59:33 -0400
Message-ID: <CAL02cgTVE7JkfMkXrth974Zy=mo6CJ-tObDMRB7jpnRi5O8urw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary=bcaec51d2e54e7593d04e22e33a6
X-Gm-Message-State: ALoCoQmQFIHX7cj7sXmAaZRqvRNnZWzwtElgKNTruFL2qOVZ1TPiSuNTxchcgvKYObKJGgVbYO/A
Cc: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Question on enc location
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 14:00:03 -0000

I think that simplification would be nice to have in the
single-recipient/single-signer case, but not critical.


On Tue, Jul 23, 2013 at 8:22 AM, Jim Schaad <ietf@augustcellars.com> wrote:

> As a follow up.   Is this legal?****
>
> ** **
>
> {****
>
>   Header: <alg:”direct”, enc:”AES-GCM”},****
>
>   IV: …, tag:…, payload:…****
>
> }****
>
> ** **
>
> Or is the line****
>
> ** **
>
> Recipients:[{}],****
>
> ** **
>
> Required?****
>
> ** **
>
> *From:* Richard Barnes [mailto:rlb@ipv.sx]
> *Sent:* Tuesday, July 23, 2013 5:04 AM
> *To:* Mike Jones
> *Cc:* Jim Schaad; jose@ietf.org
> *Subject:* Re: [jose] Question on enc location****
>
> ** **
>
> In which case, it seems like it should be in the top level header, to
> avoid having it repeated every time. ****
>
> ** **
>
> In general, it seems like there are "content" parameters (e.g., enc, zip,
> cty) that should go at the top level, and "key" parameters that should be
> per-recipient (e.g., alg, epk, salt).  It would be helpful to implementors
> to be clear about what goes where. ****
>
> ** **
>
>
>
> On Monday, July 22, 2013, Mike Jones wrote:****
>
> No – just that the “enc” field for all recipients be the same.****
>
>  ****
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Jim Schaad
> *Sent:* Monday, July 22, 2013 4:33 PM
> *To:* jose@ietf.org
> *Subject:* [jose] Question on enc location****
>
>  ****
>
> Is there supposed to be a requirement in the JWE specification that the
> enc field be in the common protected (or unprotected) header and no in the
> individual recipient header information?****
>
>  ****
>
> Jim****
>
>  ****
>