Re: [jose] #8: Direct mode for key agreement needs security analysis

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Mon, 15 April 2013 18:53 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E6621F95DE for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 11:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHRHtiKzf8ni for <jose@ietfa.amsl.com>; Mon, 15 Apr 2013 11:53:36 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 4084521F958A for <jose@ietf.org>; Mon, 15 Apr 2013 11:53:31 -0700 (PDT)
Received: from localhost ([127.0.0.1]:54950 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1URoWh-00057Q-Bt; Mon, 15 Apr 2013 20:53:15 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "jose issue tracker" <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, ietf@augustcellars.com
X-Trac-Project: jose
Date: Mon, 15 Apr 2013 18:53:15 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/jose/trac/ticket/8#comment:1
Message-ID: <069.14ddb6e5b2f85a9114e66558c07bea6c@trac.tools.ietf.org>
References: <054.96c0b71d4934f695a54309d767dbf877@trac.tools.ietf.org>
X-Trac-Ticket-ID: 8
In-Reply-To: <054.96c0b71d4934f695a54309d767dbf877@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, ietf@augustcellars.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130415185332.4084521F958A@ietfa.amsl.com>
Resent-Date: Mon, 15 Apr 2013 11:53:31 -0700 (PDT)
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #8: Direct mode for key agreement needs security analysis
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 18:53:39 -0000

#8: Direct mode for key agreement needs security analysis


Comment (by ietf@augustcellars.com):

 Personal Opinion -
 I have no problems with using the key that is the output of a key
 agreement directly as the content encryption key.  The rules here are
 going to be the standard ones such as you must make sure that the same key
 is not going to be generated each time and thus there is a requirement for
 a random value to be included from the senders side.  However there is not
 going to be a significant difference between the case of using this output
 to wrap a key vs using this output to wrap a body.

 I have no issues with this mode of encryption from a cryptography
 standpoint.

 I think that a more significant question deals with the processing.
 Allowing this generates a new path for dealing with processing of messages
 which potentially complicates the analysis of the code.  The requirement
 exists for doing the key wrap state in the event of multiple recipients
 and potentially should be a requirement for even the single recipient
 case.

-- 
-------------------------+-------------------------------------------------
 Reporter:               |       Owner:  draft-ietf-jose-json-web-
  rbarnes@bbn.com        |  encryption@tools.ietf.org
     Type:  defect       |      Status:  new
 Priority:  major        |   Milestone:
Component:  json-web-    |     Version:
  encryption             |  Resolution:
 Severity:  Active WG    |
  Document               |
 Keywords:               |
-------------------------+-------------------------------------------------

Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/8#comment:1>
jose <http://tools.ietf.org/jose/>