Re: [jose] SPI proposal
Richard Barnes <rlb@ipv.sx> Wed, 06 February 2013 22:34 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B1821E8044 for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 14:34:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.972
X-Spam-Level:
X-Spam-Status: No, score=-0.972 tagged_above=-999 required=5 tests=[AWL=-0.547, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWvvocayfmez for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 14:34:06 -0800 (PST)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 1FBD521E8039 for <jose@ietf.org>; Wed, 6 Feb 2013 14:34:05 -0800 (PST)
Received: by mail-la0-f52.google.com with SMTP id fs12so1933554lab.39 for <jose@ietf.org>; Wed, 06 Feb 2013 14:33:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=4WZ9Fnvwr325OzMGsUDdgCBnzvhoMKh5SniotucB8O0=; b=QGbbroQE1rFit7LHN5ctKTh7YsQzXQdRX0j68F5c9KCtAy/76vk99uQ6UwV4Av+w/H zeYPcRmm8E31DBJSu1ff+Hu4PuxE4u7Tpn4BetPjEyUOYs74qRVb/xiyhQDfN8USvwkb osfjpUYS14NuMEWxGUoe2slh/8IY7ypb5Xj6Bmif0MIdz3LYZumy7czidcP8pYnpEs+G mhEy4ePT+KhxXkJ58kB0eEXwxxsjOi9gcTBnZYOPeqUlzosRauZNccFooxL+EQViMSkN qvjgqVU9VBrOZkjh4xXlOa4QXFfpuJxeeuuQQDVzMk7cqcpbdCwX7eoC/pjSCEsd+t6f /ERQ==
MIME-Version: 1.0
X-Received: by 10.112.26.169 with SMTP id m9mr12107895lbg.116.1360190036920; Wed, 06 Feb 2013 14:33:56 -0800 (PST)
Received: by 10.112.147.164 with HTTP; Wed, 6 Feb 2013 14:33:56 -0800 (PST)
X-Originating-IP: [128.89.254.55]
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943674186EF@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgSt7w5CrP+DXo7bz_+YsxKsVMoRbZLNWa6EHjnAyScWMg@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943674186EF@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Wed, 06 Feb 2013 17:33:56 -0500
Message-ID: <CAL02cgR0+WV7MT7aJBx_mpFU0_BYcEupWdSsQfiBwq2H7zdmxw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="bcaec5555590fa49ed04d515ebce"
X-Gm-Message-State: ALoCoQl+NL+AYQto70rrOg++POiatzZNW6EBFh6KAObvHwZ7lAJ4z0p9NM13qxNFt6MQcRcAip7D
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 22:34:07 -0000
Including this as an "alg" value would pollute the definition of "alg".
Right now, "alg" values tell you how the key is wrapped, and any full
header MUST have one. SPI has a completely different semantic. The
proposed text uses the presence of "alg" as a signal that a full header was
present, providing a very simple state machine for SPI processing:
if (alg && !spi) { /* normal */ }
else if (alg && spi) { /* add to cache */ }
else if (!alg && spi) { /* pull from cache */ }
On Wed, Feb 6, 2013 at 5:26 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:
> Thanks for writing this up, Richard. I believe that captures the intent
> fairly well.****
>
> ** **
>
> As we’d discussed off-list, I believe that it would be more consistent if,
> in the case were you are using a previously cached “spi” value, that the
> header contained “alg”:”spi” and “spi”:*spi-value*. That would maintain
> the invariant that implementations always use the “alg” value to determine
> what the rest of the structure is – albeit in this case, via an indirection.
> ****
>
> ** **
>
> Also, then we’d register “spi” like any other “alg” value. Other
> algorithms specify the use of particular header parameters. This one would
> be no exception. Registering it as an algorithm would also make it clear
> that it is up to implementations whether to support it or not.****
>
> ** **
>
> I don’t feel super-strongly about this, but I always try for consistency,
> where reasonable. I think that this is such a case.****
>
> ** **
>
> Again, thanks for the write-up to help move this forward.****
>
> ** **
>
> Cheers,****
>
> -- Mike****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Wednesday, February 06, 2013 2:12 PM
> *To:* jose@ietf.org
> *Subject:* [jose] SPI proposal****
>
> ** **
>
> To move us toward closing Issue #9 [9], here is some proposed text for an
> SPI [1] field. To recall, SPI stands for "security parameters index",
> borrowing a term from IPsec. The idea is that in cases where the same
> crypto parameters are being used repeatedly, this would save the parties
> from having to re-send the same parameters.****
>
> ** **
>
> The below text is designed for the JWE spec, but could be adapted for JWS
> (just keep header, ignore part about key/iv). Similar text is probably
> needed for the encryption/decryption/signing/verification sections.****
>
> ** **
>
> Feedback welcome,****
>
> --Richard****
>
> ** **
>
> -----BEGIN-----****
>
> Section 4.1.X. "spi" Header Parameter****
>
> ** **
>
> The "spi" (Security Parameters Index) header parameter contains an opaque
> byte string that labels a set of security parameters. This index is
> designed to enable the use of smaller headers in cases where entities will
> be re-using the same security parameters for several messages.****
>
> ** **
>
> Entities supporting the use of the "spi" parameter MUST maintain a table
> of cached security parameters. When an entity receives an object whose
> header contains both "spi" and "alg" values, then it MUST cache the
> following values from the JWE, indexed by the "spi" value:****
>
> -- Contents of the JWE header****
>
> -- Encrypted Key****
>
> -- Initialization Vector****
>
> ** **
>
> If an object containing an "spi" parameter but no "alg" parameter, then it
> MUST NOT contain an Encrypted Key or Initialization Vector. That is, it
> will have the form "header.ciphertext.integrity_value". When a recipient
> receives such an object, it uses the "spi" value to retrieve cached header,
> key, and initialization vector and reconstructs a full JWE. This full JWE
> can then be further processed according to the normal JWE processing rules.
> If the recipient has no cached parameters for the "spi" value, the process
> MUST fail.****
>
> -----END-----****
>
> ** **
>
> ** **
>
> [9] http://tools.ietf.org/wg/jose/trac/ticket/9****
>
- [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Mike Jones
- Re: [jose] SPI proposal Mike Jones
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Richard Barnes
- [jose] SPI - KID conflict -- Re: SPI proposal Hannes Tschofenig
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Richard Barnes
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Mike Jones
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Anthony Nadalin
- Re: [jose] SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal John Bradley