Re: [jose] #4: Remove wrapped keys from integrity check (allow separation of keys from data)
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Wed, 03 April 2013 19:52 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3F1721F8C6F for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 12:52:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fp7Q1PIYCgvc for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 12:52:27 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id DC7C721F8BF2 for <jose@ietf.org>; Wed, 3 Apr 2013 12:52:26 -0700 (PDT)
Received: from localhost ([127.0.0.1]:44899 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UNTjB-0001Dc-9i; Wed, 03 Apr 2013 21:52:13 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, sakimura@gmail.com, rlb@ipv.sx, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Wed, 03 Apr 2013 19:52:13 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:3
Message-ID: <069.cb2ef616e569d8dbd7a4f637fa064e1c@trac.tools.ietf.org>
References: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org>
X-Trac-Ticket-ID: 4
In-Reply-To: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, sakimura@gmail.com, rlb@ipv.sx, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130403195226.DC7C721F8BF2@ietfa.amsl.com>
Resent-Date: Wed, 03 Apr 2013 12:52:26 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #4: Remove wrapped keys from integrity check (allow separation of keys from data)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 19:52:27 -0000
#4: Remove wrapped keys from integrity check (allow separation of keys from data) Comment (by michael.jones@microsoft.com): This write-up is missing the fact that even if the wrapped keys were removed from the integrity calculation, there's still per-recipient content in the headers, such as information about the key used for that recipient. So I believe what you're really asking for, Richard, is to remove both the wrapped key and the header from the integrity calculation, so there is no per-recipient information protected. (Please correct me if I'm wrong.) For starters, not protecting the headers could open us up to algorithm substitution attacks, because the "alg" and/or "enc" values could be modified by the attacker. Furthermore, protecting the headers cryptographically binds the information in them to the Ciphertext, which is a very good thing. Especially given that we've now allowed additional information to be passed in the headers (by saying that header parameter values that are not understood must be ignored), I fully expect that some of that information will only be of any value when cryptographically bound to the Ciphertext, so attackers cannot modify it. Protecting the headers values is a "secure by default" architecture. It removes the need to ask questions about what attacks are enabled if header parameter A or header parameter B can be modified by the attacker, because we've taken that possibility away from the attacker. Especially given that we know that we don't know what all the header parameters will be, from a security viewpoint, continuing to protect them seems like the only sensible choice. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- rbarnes@bbn.com | encryption@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: encryption | Resolution: Severity: Active WG | Document | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:3> jose <http://tools.ietf.org/jose/>
- [jose] #4: Impossible to separate wrapped key fro… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Impossible to separate wrapped key… Mike Jones
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker