IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

Javier Rojas Blum <javier@gluu.org> Fri, 19 April 2013 03:00 UTC

Return-Path: <javier@gluu.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 610E821F8D00 for <jose@ietfa.amsl.com>; Thu, 18 Apr 2013 20:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.168
X-Spam-Level:
X-Spam-Status: No, score=0.168 tagged_above=-999 required=5 tests=[AWL=0.167, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcYHhCkxZsqi for <jose@ietfa.amsl.com>; Thu, 18 Apr 2013 20:00:31 -0700 (PDT)
Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [70.85.130.16]) by ietfa.amsl.com (Postfix) with ESMTP id 437A321F8C30 for <jose@ietf.org>; Thu, 18 Apr 2013 20:00:31 -0700 (PDT)
Received: by gateway14.websitewelcome.com (Postfix, from userid 5007) id 36105D2CFAA68; Thu, 18 Apr 2013 22:00:27 -0500 (CDT)
Received: from gator405.hostgator.com (gator405.hostgator.com [184.172.165.9]) by gateway14.websitewelcome.com (Postfix) with ESMTP id 25EFED2CFAA40 for <jose@ietf.org>; Thu, 18 Apr 2013 22:00:27 -0500 (CDT)
Received: from [190.186.177.27] (port=40851 helo=localhost.localdomain) by gator405.hostgator.com with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from <javier@gluu.org>) id 1UT1Ys-0000YC-52; Thu, 18 Apr 2013 22:00:30 -0500
Message-ID: <5170B34C.6050806@gluu.org>
Date: Thu, 18 Apr 2013 23:00:28 -0400
From: Javier Rojas Blum <javier@gluu.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130402 Thunderbird/17.0.5
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>
References: <51674E3D.7030004@isoc.org> <71C65BBC-A7CB-4A5A-AE85-20650203F2FB@ve7jtb.com> <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
In-Reply-To: <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060306040704060608060008"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator405.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gluu.org
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (localhost.localdomain) [190.186.177.27]:40851
X-Source-Auth: javier+gluu.org
X-Email-Count: 2
X-Source-Cap: ZGlnaW1vbjtkaWdpbW9uO2dhdG9yNDA1Lmhvc3RnYXRvci5jb20=
Cc: John Bradley <ve7jtb@ve7jtb.com>, odonoghue@isoc.org, jose@ietf.org
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2013 03:00:33 -0000

1


On 04/16/2013 10:24 AM, Richard Barnes wrote:
> I'm confused.  This is not about the IV == Initialization Vector, it's 
> about the JWE Integrity Value (inconveniently also "IV").  I don't 
> think anyone has proposed merging in the initialization vector, both 
> because that's not what RFC 5116 does and because it's a terrible idea :)
>
>
> On Mon, Apr 15, 2013 at 2:41 PM, John Bradley <ve7jtb@ve7jtb.com 
> <mailto:ve7jtb@ve7jtb.com>> wrote:
>
>     1 ish.
>
>     Representing the nonce/IV separately should not preclude using a
>     crypto library generated nonce/IV , as may be done in some
>     libraries implementing  draft-mcgrew-aead-aes-cbc-hmac-sha2.
>
>     So I am in favour of the current serialization while wanting to
>     support the crypto from  draft-mcgrew-aead-aes-cbc-hmac-sha2 if
>     not the particular serialization which is optimized for
>     a different use-case.   The current
>     draft-mcgrew-aead-aes-cbc-hmac-sha2 conflates crypto and
>     serialization.  I am hoping we can resolve that so the crypto can
>     be supported.
>
>     John B.
>
>     On 2013-04-11, at 8:58 PM, Karen O'Donoghue <odonoghue@isoc.org
>     <mailto:odonoghue@isoc.org>> wrote:
>
>>     Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11
>>     <http://trac.tools.ietf.org/wg/jose/trac/ticket/11> proposes
>>     restructuring the JWE representation to remove the JWE Integrity
>>     Value field and instead use the RFC 5116 (AEAD) binary
>>     serialization to represent the Ciphertext, Initialization Vector,
>>     and Integrity Value values.  If this proposal is adopted, JWEs
>>     would then have three fields -- the header, the encrypted key,
>>     and the RFC 5116 combination of the Ciphertext, Initialization
>>     Vector, and Integrity Value values.
>>
>>     This issue is also related to issue #3.  Note that the updated
>>     McGrew draft described there could be used whether or not we
>>     switched to using RFC 5116.
>>
>>     Which of these best describes your preferences on this issue?
>>
>>     1.  Continue having separate Ciphertext, Initialization Vector,
>>     and Integrity Value values in the JWE representation.
>>
>>     2.  Switch to using the RFC 5116 (AEAD) serialization to
>>     represent the combination of these three values.
>>
>>     3.  Another resolution (please specify in detail).
>>
>>     0.  I need more information to decide.
>>
>>     Your reply is requested by Friday, April 19^th or earlier.
>>     _______________________________________________
>>     jose mailing list
>>     jose@ietf.org <mailto:jose@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/jose
>
>
>     _______________________________________________
>     jose mailing list
>     jose@ietf.org <mailto:jose@ietf.org>
>     https://www.ietf.org/mailman/listinfo/jose
>
>
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email