[jose] Proposed New Security Consideration for Algorithm Draft
"Jim Schaad" <ietf@augustcellars.com> Mon, 14 October 2013 14:37 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 944A811E8147 for <jose@ietfa.amsl.com>; Mon, 14 Oct 2013 07:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.531
X-Spam-Level:
X-Spam-Status: No, score=-3.531 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0BvYUvpD8SQ for <jose@ietfa.amsl.com>; Mon, 14 Oct 2013 07:37:38 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) by ietfa.amsl.com (Postfix) with ESMTP id BD51111E8195 for <jose@ietf.org>; Mon, 14 Oct 2013 07:37:38 -0700 (PDT)
Received: from Philemon (winery.augustcellars.com [206.212.239.129]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id 19FC038F2D for <jose@ietf.org>; Mon, 14 Oct 2013 07:37:38 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: jose@ietf.org
Date: Mon, 14 Oct 2013 07:36:21 -0700
Message-ID: <005f01cec8ea$c10006f0$430014d0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0060_01CEC8B0.14A2B590"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac7I6ZnBw9/h/73PTw6PHPCPXxEzwQ==
Content-Language: en-us
Subject: [jose] Proposed New Security Consideration for Algorithm Draft
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 14:37:45 -0000
The following text should be added to the algorithm draft unless there is an objection. This will address the last piece of Issue #129 in the tracker. Jim Add new section 7.9 7.9 MACs vs Signatures for Security Properties While in many cases MACs and Signatures can be used for integrity checking, there are some significant differences between the security properties that each of them provides and this needs to be taken into consideration when designing protocols and selecting the algorithms to be used in protocols. Both signatures and MACs provide for integrity checking, that is that the message has not been modified since the integrity values was computed, however MACs provide for origination identification only under specific circumstances. It can be assumed that a signature private key is in the hands of a single entity (although perhaps a distributed entity in the case of replicated servers), however for a MAC key it needs to be in the hands of all the entities that use it for integrity computation and checking. This means that origination can only be assumed if a MAC key is known only to two entities and the receiver knows that it did not create the message. MAC authentication cannot be used to prove anything to a third party.