IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

Dick Hardt <dick.hardt@gmail.com> Fri, 12 April 2013 00:19 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1906B21F89A6 for <jose@ietfa.amsl.com>; Thu, 11 Apr 2013 17:19:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.774
X-Spam-Level:
X-Spam-Status: No, score=-1.774 tagged_above=-999 required=5 tests=[AWL=-1.823, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2wCWhnibYn4b for <jose@ietfa.amsl.com>; Thu, 11 Apr 2013 17:19:57 -0700 (PDT)
Received: from mail-da0-x230.google.com (mail-da0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 8572921F87B6 for <jose@ietf.org>; Thu, 11 Apr 2013 17:19:57 -0700 (PDT)
Received: by mail-da0-f48.google.com with SMTP id p8so890388dan.21 for <jose@ietf.org>; Thu, 11 Apr 2013 17:19:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer; bh=sUZZyUDhyJWoROQjLadHs0BbccHvDO4KLZrjdLQ+ONg=; b=xfPGShAJCb45ATBk52JxUWiZbOsNnInBSFe2Is1PRe7qic1Dtmi0epc30/VhwCgISr Y6sFpjj9WvSpayL1A5pLkN4ii/Z89xVCab7N+det0UmUC1nj/wFssALLpdU8C0BHwN0x 9yOUyg+7RcQr2GvKzn2zd3Xidjy6j1TNm4DDWqavI7wCZ0qwlJh0rlhxStYIitvW3HnY ZBfXVt+89GG2dgqifbS6AFlMDpc90mLO+ReMR0JZRdcr/AvsduPMxJUMvnK24o9zl6eI se/9gfxdEAPsdOm0xcF9IYmZm3KfbedCKjpZ9GnQt2SXlgy+Mgjqw6B4R+PbU6xlNksD 6b6w==
X-Received: by 10.66.84.74 with SMTP id w10mr12181171pay.214.1365725997307; Thu, 11 Apr 2013 17:19:57 -0700 (PDT)
Received: from [10.0.0.80] (c-98-210-193-30.hsd1.ca.comcast.net. [98.210.193.30]) by mx.google.com with ESMTPS id jk11sm6074204pbb.0.2013.04.11.17.19.54 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 11 Apr 2013 17:19:55 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_9999262E-8296-4E91-8D99-C0AF10475D16"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <51674E3D.7030004@isoc.org>
Date: Thu, 11 Apr 2013 17:19:54 -0700
Message-Id: <D682E59C-C617-4FE6-ADC4-0E17CEC1E9B8@gmail.com>
References: <51674E3D.7030004@isoc.org>
To: odonoghue@isoc.org
X-Mailer: Apple Mail (2.1503)
Cc: jose@ietf.org
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2013 00:19:58 -0000

1

On Apr 11, 2013, at 4:58 PM, Karen O'Donoghue <odonoghue@isoc.org> wrote:

> Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 proposes restructuring the JWE representation to remove the JWE Integrity Value field and instead use the RFC 5116 (AEAD) binary serialization to represent the Ciphertext, Initialization Vector, and Integrity Value values.  If this proposal is adopted, JWEs would then have three fields – the header, the encrypted key, and the RFC 5116 combination of the Ciphertext, Initialization Vector, and Integrity Value values. 
> This issue is also related to issue #3.  Note that the updated McGrew draft described there could be used whether or not we switched to using RFC 5116.
>  
> 
> Which of these best describes your preferences on this issue?
> 
> 1.  Continue having separate Ciphertext, Initialization Vector, and Integrity Value values in the JWE representation.
> 
> 2.  Switch to using the RFC 5116 (AEAD) serialization to represent the combination of these three values.
> 
> 3.  Another resolution (please specify in detail).
> 
> 0.  I need more information to decide.
> 
>  
> 
> Your reply is requested by Friday, April 19th or earlier. 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email