Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

"Salvatore D'Agostino" <sal@idmachines.com> Sat, 20 April 2013 02:41 UTC

Return-Path: <sal@idmachines.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7E021F9164 for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 19:41:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YUibSgYqCIea for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 19:41:27 -0700 (PDT)
Received: from atl4mhob09.myregisteredsite.com (atl4mhob09.myregisteredsite.com [209.17.115.47]) by ietfa.amsl.com (Postfix) with ESMTP id A68A821F8F0F for <jose@ietf.org>; Fri, 19 Apr 2013 19:41:27 -0700 (PDT)
Received: from mailpod1.hostingplatform.com ([10.30.71.116]) by atl4mhob09.myregisteredsite.com (8.14.4/8.14.4) with ESMTP id r3K2fQIp008856 for <jose@ietf.org>; Fri, 19 Apr 2013 22:41:26 -0400
Received: (qmail 32431 invoked by uid 0); 20 Apr 2013 02:41:26 -0000
Received: from unknown (HELO salPC) (sal@idmachines.com@74.104.35.96) by 0 with ESMTPA; 20 Apr 2013 02:41:26 -0000
From: Salvatore D'Agostino <sal@idmachines.com>
To: jose@ietf.org
References: <51674E3D.7030004@isoc.org> <92D56D5A-C8E3-4143-9976-409D3E6975C3@adm.umu.se> <4E1F6AAD24975D4BA5B168042967394367641218@TK5EX14MBXC283.redmond.corp.microsoft.com> <354223120e2d40b0aea99253c7a15400@BY2PR03MB041.namprd03.prod.outlook.com> <CAK+KdNX7fkrhFjD=40wLvBbf0ma_qa-JbHU5zMidEEFABoVoLw@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1150C90EC77@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E1150C90EC77@WSMSG3153V.srv.dir.telstra.com>
Date: Fri, 19 Apr 2013 22:41:25 -0400
Message-ID: <06b501ce3d70$8d50fe50$a7f2faf0$@com>
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac471+vG40O8lGoASna9eh8B7NcgiQBmHDtA
Content-Language: en-us
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="----=_NextPart_000_06B1_01CE3D4F.01F30EA0"; protocol="application/x-pkcs7-signature"; micalg="SHA1"
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2013 02:41:28 -0000

1

Sal D'Agostino




12 apr 2013 kl. 01:58 skrev Karen O'Donoghue <odonoghue@isoc.org>:

Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 proposes 
restructuring the JWE representation to remove the JWE Integrity Value field 
and instead use the RFC 5116 (AEAD) binary serialization to represent the 
Ciphertext, Initialization Vector, and Integrity Value values.  If this 
proposal is adopted, JWEs would then have three fields - the header, the 
encrypted key, and the RFC 5116 combination of the Ciphertext, Initialization 
Vector, and Integrity Value values.
This issue is also related to issue #3.  Note that the updated McGrew draft 
described there could be used whether or not we switched to using RFC 5116.


Which of these best describes your preferences on this issue?

1.  Continue having separate Ciphertext, Initialization Vector, and Integrity 
Value values in the JWE representation.

2.  Switch to using the RFC 5116 (AEAD) serialization to represent the 
combination of these three values.

3.  Another resolution (please specify in detail).

0.  I need more information to decide.



Your reply is requested by Friday, April 19th or earlier.