Re: [jose] proposal: put encryption header parameters into a separate object
Bob Wyman <bob@wyman.us> Fri, 09 November 2012 16:29 UTC
Return-Path: <bobwyman@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE2C21F8646 for <jose@ietfa.amsl.com>; Fri, 9 Nov 2012 08:29:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lOBZwXMqD1H for <jose@ietfa.amsl.com>; Fri, 9 Nov 2012 08:29:09 -0800 (PST)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7E02721F8680 for <jose@ietf.org>; Fri, 9 Nov 2012 08:29:08 -0800 (PST)
Received: by mail-lb0-f172.google.com with SMTP id k13so3452636lbo.31 for <jose@ietf.org>; Fri, 09 Nov 2012 08:29:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=pgYhax5KVvOKbS7ABD0+OxQUQ8t4Z3jD8q8Wc1tZwnc=; b=tMyPJjmYT3eoAHRsbiBzk21Z6EFazmM58Wj/6lInRRdirBnmkHARDiwkInJ7IqWFP+ XafEAlB/XdnS9pYntWmblu/6tl4BgJHP5Km54RQBSWFDygTOe48YRgpQOkZtby/n5LvE 80Q6MlEde1VzZqaovNIhD4KzBnjdeNmvW92I7229KZRzDWhL3o80PfG11kVa03jj0AHu QSg6rfGJbZJAa4EzbC1Tnl3j4Ee5dVJQucYSy5JiRGBPuH0TZiEA5Eb1dYvjiHrcNkWN m5EZbAPfHnWHGPhLLnGQ3+PRBFB2RTKcVn/SH9EFtkI2BXpntwQr0HbCfudcpvc6yzBg jtCg==
MIME-Version: 1.0
Received: by 10.152.104.50 with SMTP id gb18mr11320003lab.9.1352478547120; Fri, 09 Nov 2012 08:29:07 -0800 (PST)
Sender: bobwyman@gmail.com
Received: by 10.114.37.227 with HTTP; Fri, 9 Nov 2012 08:29:07 -0800 (PST)
In-Reply-To: <3F30DDAB-F245-459F-90B9-91DCFED11A3A@bbn.com>
References: <20121107093441.26081.45621.idtracker@ietfa.amsl.com> <19F1B8FA-6655-4933-A58C-70B12BE025C3@gmail.com> <3F30DDAB-F245-459F-90B9-91DCFED11A3A@bbn.com>
Date: Fri, 09 Nov 2012 11:29:07 -0500
X-Google-Sender-Auth: tFvzHj2CPdJdz7Yt_f0VBe5EAss
Message-ID: <CAA1s49X_y+bccYLNN7dV39LevgFvWUqo79C=5qhcg6=+VDqb3Q@mail.gmail.com>
From: Bob Wyman <bob@wyman.us>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: multipart/alternative; boundary="f46d04083df75e12e104ce1273b5"
Cc: "jose@ietf.org" <jose@ietf.org>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [jose] proposal: put encryption header parameters into a separate object
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2012 16:29:09 -0000
The "val" element in Barnes' proposal would need some parameters (typ, cty,
etc.) as well as the content in val:
{
"enc": { /* encryption parameters */ },
"sig": { /* signature parameters + value */ },
"val": *{*/** content parameters +* plaintext */*}*
}
On Fri, Nov 9, 2012 at 1:58 AM, Richard L. Barnes <rbarnes@bbn.com> wrote:
> Hey Dick,
>
> To make sure I understand your use case correctly: You want to convey an
> encrypted object, as well as a signature over the plaintext (without having
> to encrypt the signature value). Does that sound accurate?
>
> It seems like there are three types of information you want in the object:
> (1) cipher text, (2) encryption parameters, and (3) signature
> value/parameters. So why not encapsulate it like that? To propose a JSON
> syntax:
>
> {
> "enc": { /* encryption parameters */ },
> "sig": { /* signature parameters + value */ },
> "val": "/* ciphertext */"
> }
>
> Obviously:
> -- JWE/JWS could be the special cases where only one of "enc" or "sig" is
> present
> -- This cleanly supports multiple signatures via multiple "sig" values
> (e.g., in an array)
> -- This cleanly supports multiple recipients via multiple "enc" values
> (e.g., in an array)
> -- You could leave one of "enc" or "sig" parameters as flat lists (as in
> JWS/JWE), but it seems cleaner to have them parallel
> -- For a compact serialization, you would want certain fields to be not
> double-base64'ed. We can figure that out later :)
>
> This seems like kind of an appealing line of reasoning to me. I would be
> glad to do some work on figuring out the details.
>
> --Richard
>
>
>
>
> On Nov 7, 2012, at 3:23 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
> > To enable encrypting and then signing of the same token, we need to
> specify the encrypting and signing algorithms separately.
> >
> > Since we are using JSON, how about if we create an encryption object to
> contain all the parameters defined in JWE so that there is no overlap in
> the JWS namespace.
> >
> > "enc":
> > { "alg"
> > , "enc"
> > , "zip"
> > }
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>
- [jose] proposal: put encryption header parameters… Dick Hardt
- [jose] I-D Action: draft-ietf-jose-json-web-encry… internet-drafts
- Re: [jose] proposal: put encryption header parame… Richard L. Barnes
- Re: [jose] proposal: put encryption header parame… Bob Wyman
- Re: [jose] proposal: put encryption header parame… Dick Hardt