Re: [jose] question regarding JWE header "kid"' attribute

"Andrew Biggs (adb)" <adb@cisco.com> Tue, 07 October 2014 15:05 UTC

Return-Path: <adb@cisco.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806221ACE01 for <jose@ietfa.amsl.com>; Tue, 7 Oct 2014 08:05:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.286
X-Spam-Level:
X-Spam-Status: No, score=-15.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvFcgbNEJpmR for <jose@ietfa.amsl.com>; Tue, 7 Oct 2014 08:05:23 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A08701ACE00 for <jose@ietf.org>; Tue, 7 Oct 2014 08:05:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5955; q=dns/txt; s=iport; t=1412694323; x=1413903923; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=9X3g5QsZeM7zIuGSLzDOuXAqO05w+MnCQ8sjPmurvfo=; b=bXMt+jxyNXZwYNO0Q+7Yi8kZSMyOKFk79mlpNZVslCBFZdkjBqwPK3sV RuBClsiQlnUpyTlQv/R52IwnPlPK5p/oeMW8puWXsFSI/Nx057DTo0wDQ Aa/xPYfh6kGfOyMWKq4eQdX32eC1pKIV4dhklFnsdKhHvl03kezKTng2o I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjAFAHEANFStJA2H/2dsb2JhbABfgkhGU1gE1E8CgQ8WAXuEAwEBAQQtXAIBCA4DBAEBKAcyFAkIAgQBEog+wX0BF5AgKgGESwWFFYpHghqLTJYIg2NsgUiBAgEBAQ
X-IronPort-AV: E=Sophos; i="5.04,670,1406592000"; d="scan'208,217"; a="84759897"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-5.cisco.com with ESMTP; 07 Oct 2014 15:05:22 +0000
Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s97F5LGO010145 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 7 Oct 2014 15:05:21 GMT
Received: from xmb-aln-x06.cisco.com ([169.254.1.175]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0195.001; Tue, 7 Oct 2014 10:05:21 -0500
From: "Andrew Biggs (adb)" <adb@cisco.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: question regarding JWE header "kid"' attribute
Thread-Index: AQHP4eDUUhhndZORSU6+UJUGUxaYz5wkGY4wgACSIoA=
Date: Tue, 7 Oct 2014 15:05:20 +0000
Message-ID: <D0595C6F.2DA60%adb@cisco.com>
References: <D058BD72.2D9EC%adb@cisco.com> <4E1F6AAD24975D4BA5B16804296739439BAF35C4@TK5EX14MBXC286.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAF35C4@TK5EX14MBXC286.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
x-originating-ip: [64.101.72.39]
Content-Type: multipart/alternative; boundary="_000_D0595C6F2DA60adbciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/AL1Rpk2NRV3bvz4JShULzTui7JE
Subject: Re: [jose] question regarding JWE header "kid"' attribute
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 15:05:25 -0000

Thanks Mike!

For the sake of clarity, would it make sense to strike the word “public” from the quoted sentence, since it may potentially be a symmetric key that is being referenced?

Andrew

On 10/6/14, 11:22 PM, "Mike Jones" <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:

Yes, the “kid” would refer to the CEK in that case.

From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Andrew Biggs (adb)
Sent: Monday, October 06, 2014 8:43 PM
To: jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] question regarding JWE header "kid"' attribute

Section 4.1.6 of the JWE draft describes the “kid” attribute of the JWE header as a "hint [that] references the public key to which the JWE was encrypted”.  If the JWE were encrypted in direct key agreement mode, would it be incorrect for the “kid” attribute to reference the CEK used in the JWE?

Thanks,
Andrew