Re: [jose] proposal: put encryption header parameters into a separate object
Bob Wyman <bob@wyman.us> Fri, 09 November 2012 16:29 UTC
Return-Path: <bobwyman@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE2C21F8646 for <jose@ietfa.amsl.com>; Fri, 9 Nov 2012 08:29:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lOBZwXMqD1H for <jose@ietfa.amsl.com>; Fri, 9 Nov 2012 08:29:09 -0800 (PST)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7E02721F8680 for <jose@ietf.org>; Fri, 9 Nov 2012 08:29:08 -0800 (PST)
Received: by mail-lb0-f172.google.com with SMTP id k13so3452636lbo.31 for <jose@ietf.org>; Fri, 09 Nov 2012 08:29:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=pgYhax5KVvOKbS7ABD0+OxQUQ8t4Z3jD8q8Wc1tZwnc=; b=tMyPJjmYT3eoAHRsbiBzk21Z6EFazmM58Wj/6lInRRdirBnmkHARDiwkInJ7IqWFP+ XafEAlB/XdnS9pYntWmblu/6tl4BgJHP5Km54RQBSWFDygTOe48YRgpQOkZtby/n5LvE 80Q6MlEde1VzZqaovNIhD4KzBnjdeNmvW92I7229KZRzDWhL3o80PfG11kVa03jj0AHu QSg6rfGJbZJAa4EzbC1Tnl3j4Ee5dVJQucYSy5JiRGBPuH0TZiEA5Eb1dYvjiHrcNkWN m5EZbAPfHnWHGPhLLnGQ3+PRBFB2RTKcVn/SH9EFtkI2BXpntwQr0HbCfudcpvc6yzBg jtCg==
MIME-Version: 1.0
Received: by 10.152.104.50 with SMTP id gb18mr11320003lab.9.1352478547120; Fri, 09 Nov 2012 08:29:07 -0800 (PST)
Sender: bobwyman@gmail.com
Received: by 10.114.37.227 with HTTP; Fri, 9 Nov 2012 08:29:07 -0800 (PST)
In-Reply-To: <3F30DDAB-F245-459F-90B9-91DCFED11A3A@bbn.com>
References: <20121107093441.26081.45621.idtracker@ietfa.amsl.com> <19F1B8FA-6655-4933-A58C-70B12BE025C3@gmail.com> <3F30DDAB-F245-459F-90B9-91DCFED11A3A@bbn.com>
Date: Fri, 09 Nov 2012 11:29:07 -0500
X-Google-Sender-Auth: tFvzHj2CPdJdz7Yt_f0VBe5EAss
Message-ID: <CAA1s49X_y+bccYLNN7dV39LevgFvWUqo79C=5qhcg6=+VDqb3Q@mail.gmail.com>
From: Bob Wyman <bob@wyman.us>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: multipart/alternative; boundary="f46d04083df75e12e104ce1273b5"
Cc: "jose@ietf.org" <jose@ietf.org>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [jose] proposal: put encryption header parameters into a separate object
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2012 16:29:09 -0000
The "val" element in Barnes' proposal would need some parameters (typ, cty, etc.) as well as the content in val: { "enc": { /* encryption parameters */ }, "sig": { /* signature parameters + value */ }, "val": *{*/** content parameters +* plaintext */*}* } On Fri, Nov 9, 2012 at 1:58 AM, Richard L. Barnes <rbarnes@bbn.com> wrote: > Hey Dick, > > To make sure I understand your use case correctly: You want to convey an > encrypted object, as well as a signature over the plaintext (without having > to encrypt the signature value). Does that sound accurate? > > It seems like there are three types of information you want in the object: > (1) cipher text, (2) encryption parameters, and (3) signature > value/parameters. So why not encapsulate it like that? To propose a JSON > syntax: > > { > "enc": { /* encryption parameters */ }, > "sig": { /* signature parameters + value */ }, > "val": "/* ciphertext */" > } > > Obviously: > -- JWE/JWS could be the special cases where only one of "enc" or "sig" is > present > -- This cleanly supports multiple signatures via multiple "sig" values > (e.g., in an array) > -- This cleanly supports multiple recipients via multiple "enc" values > (e.g., in an array) > -- You could leave one of "enc" or "sig" parameters as flat lists (as in > JWS/JWE), but it seems cleaner to have them parallel > -- For a compact serialization, you would want certain fields to be not > double-base64'ed. We can figure that out later :) > > This seems like kind of an appealing line of reasoning to me. I would be > glad to do some work on figuring out the details. > > --Richard > > > > > On Nov 7, 2012, at 3:23 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > > To enable encrypting and then signing of the same token, we need to > specify the encrypting and signing algorithms separately. > > > > Since we are using JSON, how about if we create an encryption object to > contain all the parameters defined in JWE so that there is no overlap in > the JWS namespace. > > > > "enc": > > { "alg" > > , "enc" > > , "zip" > > } > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] proposal: put encryption header parameters… Dick Hardt
- [jose] I-D Action: draft-ietf-jose-json-web-encry… internet-drafts
- Re: [jose] proposal: put encryption header parame… Richard L. Barnes
- Re: [jose] proposal: put encryption header parame… Bob Wyman
- Re: [jose] proposal: put encryption header parame… Dick Hardt