IETF Logo Mail Archive

Re: [jose] proposal: put encryption header parameters into a separate object

Dick Hardt <dick.hardt@gmail.com> Tue, 13 November 2012 16:08 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6697D21F8717 for <jose@ietfa.amsl.com>; Tue, 13 Nov 2012 08:08:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.863
X-Spam-Level:
X-Spam-Status: No, score=-3.863 tagged_above=-999 required=5 tests=[AWL=-0.264, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pIRbvXYntE4 for <jose@ietfa.amsl.com>; Tue, 13 Nov 2012 08:08:10 -0800 (PST)
Received: from mail-da0-f44.google.com (mail-da0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id 018B421F8744 for <jose@ietf.org>; Tue, 13 Nov 2012 08:08:08 -0800 (PST)
Received: by mail-da0-f44.google.com with SMTP id h15so3359772dan.31 for <jose@ietf.org>; Tue, 13 Nov 2012 08:08:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=OTZjRrjmZMZ4d0lwDYJgDhyjiSxzYpuOlIYhxrqmwWA=; b=B+TwU0PHGSMmrLKzVb3s5VZZr4dO5TcEyxEbvc3pg+z+Q31P/AejHoZyUItX3IQy18 P709rY07qTcQbXp5YvzyliZBdlRnwsixxGm8hLtGUJGutUJqRm2V4/JofWEgc6TiTIs3 brhHtdkaOGb/GaUiuS4FLQNM2Hv0xRVThwh5gbbHN6h6BG++eQS/4rxlcyiQAfM8pVxg je42QJplbnpdFCXSsTlrROrNhNKNNZjwt/ue2Qd4ee4ZeQ/I5YjLsCP+mQj6Ffs2CCC9 Om6FQhTlDKCM2n4OeXpOBThXGUdytUoAYpUXB7jKmzWsIWS3xeVQ7ytjiDP2T7tW/CzL SPGg==
Received: by 10.69.1.8 with SMTP id bc8mr69797699pbd.9.1352822886655; Tue, 13 Nov 2012 08:08:06 -0800 (PST)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id nt5sm3950878pbb.59.2012.11.13.08.08.04 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 13 Nov 2012 08:08:05 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_86CFA2AF-9948-4D61-9618-BCF33E8E6595"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <CAA1s49X_y+bccYLNN7dV39LevgFvWUqo79C=5qhcg6=+VDqb3Q@mail.gmail.com>
Date: Tue, 13 Nov 2012 08:08:02 -0800
Message-Id: <1AB706FC-13B1-4462-ACB6-1980E70744C4@gmail.com>
References: <20121107093441.26081.45621.idtracker@ietfa.amsl.com> <19F1B8FA-6655-4933-A58C-70B12BE025C3@gmail.com> <3F30DDAB-F245-459F-90B9-91DCFED11A3A@bbn.com> <CAA1s49X_y+bccYLNN7dV39LevgFvWUqo79C=5qhcg6=+VDqb3Q@mail.gmail.com>
To: Bob Wyman <bob@wyman.us>
X-Mailer: Apple Mail (2.1499)
Cc: "Richard L. Barnes" <rbarnes@bbn.com>, "jose@ietf.org" <jose@ietf.org>, Dick Hardt <dick.hardt@gmail.com>
Subject: Re: [jose] proposal: put encryption header parameters into a separate object
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2012 16:08:14 -0000

Bob / Richard

Including the signature value and the ciphertext in the JSON would needlessly enlarge the resulting token as it was base64url encoded.

Having the header use a hierarchical structure seems to make it easier to support multiple keys, which is needed if you want to sign and encrypt a message -- which seems to be a common use case!

-- Dick

On Nov 9, 2012, at 8:29 AM, Bob Wyman <bob@wyman.us> wrote:

> The "val" element in Barnes' proposal would need some parameters (typ, cty, etc.) as well as the content in val:
> 
> {
>   "enc": { /* encryption parameters */ },
>   "sig": { /* signature parameters + value */ },
>   "val": {/* content parameters + plaintext */}
> }
> 
> 
> 
> On Fri, Nov 9, 2012 at 1:58 AM, Richard L. Barnes <rbarnes@bbn.com> wrote:
> Hey Dick,
> 
> To make sure I understand your use case correctly: You want to convey an encrypted object, as well as a signature over the plaintext (without having to encrypt the signature value).  Does that sound accurate?
> 
> It seems like there are three types of information you want in the object: (1) cipher text, (2) encryption parameters, and (3) signature value/parameters.  So why not encapsulate it like that?  To propose a JSON syntax:
> 
> {
>   "enc": { /* encryption parameters */ },
>   "sig": { /* signature parameters + value */ },
>   "val": "/* ciphertext */"
> }
> 
> Obviously:
> -- JWE/JWS could be the special cases where only one of "enc" or "sig" is present
> -- This cleanly supports multiple signatures via multiple "sig" values (e.g., in an array)
> -- This cleanly supports multiple recipients via multiple "enc" values (e.g., in an array)
> -- You could leave one of "enc" or "sig" parameters as flat lists (as in JWS/JWE), but it seems cleaner to have them parallel
> -- For a compact serialization, you would want certain fields to be not double-base64'ed.  We can figure that out later :)
> 
> This seems like kind of an appealing line of reasoning to me.  I would be glad to do some work on figuring out the details.
> 
> --Richard
> 
> 
> 
> 
> On Nov 7, 2012, at 3:23 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
> 
> > To enable encrypting and then signing of the same token, we need to specify the encrypting and signing algorithms separately.
> >
> > Since we are using JSON, how about if we create an encryption object to contain all the parameters defined in JWE so that there is no overlap in the JWS namespace.
> >
> > "enc":
> >       {  "alg"
> >       ,  "enc"
> >       ,  "zip"
> >       }
> >
> > _______________________________________________
> > jose mailing list
> > jose@ietf.org
> > https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email