Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
John Bradley <ve7jtb@ve7jtb.com> Wed, 17 April 2013 18:29 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2666621E8048 for <jose@ietfa.amsl.com>; Wed, 17 Apr 2013 11:29:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.684
X-Spam-Level:
X-Spam-Status: No, score=-2.684 tagged_above=-999 required=5 tests=[AWL=0.914, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G7qKkcyA3q7V for <jose@ietfa.amsl.com>; Wed, 17 Apr 2013 11:29:34 -0700 (PDT)
Received: from mail-qe0-f50.google.com (mail-qe0-f50.google.com [209.85.128.50]) by ietfa.amsl.com (Postfix) with ESMTP id 0BBC721E8042 for <jose@ietf.org>; Wed, 17 Apr 2013 11:29:33 -0700 (PDT)
Received: by mail-qe0-f50.google.com with SMTP id a11so1072895qen.37 for <jose@ietf.org>; Wed, 17 Apr 2013 11:29:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=ftulnL1A8TjoFi9QyQL6imz6wyijF2gnbrSjC5IlU5Q=; b=l5Ap0gOm6uLjicgNbuXonOpkANcANR//86h0/imnSu6RlewHsQ0b7Qzg1290Ed721W 5YMEydf+K7+xZJiMNrEy22Qb4L1spe9ibpBon0Py4IIb3YQVMGv01XcCU4z6GB3bW8+T iF52keUgE/rQ+vlCW1MGk6tCIdccKNfvJaE5wTiOyDy9GK1YF0afZQZQAsjYLzDKha+l 3fbNzi2Csxvu0KJiodw/5rypfDVRqSCtZjpDMVX3qM3IL5nxy6dZhUO1utP5fS1RhMsH zr+BWekEKGb2XUADa6/Hcvu8Gy7A/GqNzR/creRZr0CzhPQyQc4ZNqfY50+dvkjq5B8X 237Q==
X-Received: by 10.224.51.18 with SMTP id b18mr7721390qag.50.1366223373002; Wed, 17 Apr 2013 11:29:33 -0700 (PDT)
Received: from [192.168.1.39] (190-20-57-18.baf.movistar.cl. [190.20.57.18]) by mx.google.com with ESMTPS id bv6sm8533256qab.5.2013.04.17.11.29.21 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 17 Apr 2013 11:29:30 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_878466EC-BDF2-4170-BAFE-DD383C0BD54E"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
Date: Wed, 17 Apr 2013 15:29:15 -0300
Message-Id: <BB7E6938-C815-405E-B7B5-C742E36DC774@ve7jtb.com>
References: <51674E3D.7030004@isoc.org> <71C65BBC-A7CB-4A5A-AE85-20650203F2FB@ve7jtb.com> <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1503)
X-Gm-Message-State: ALoCoQmeczcbheQm9ckJphlaWokkxSxCrP8nD/0gHxE/+n7ws07eYWjdYTpoydsHjFc6JeT0DTgL
Cc: jose@ietf.org, odonoghue@isoc.org
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2013 18:29:35 -0000
Richard, I don't understand your comment about merging the IV. To be clear I am asking to keep the current serialization with separate elements for Ciphertext, Initialization Vector, and Integrity Value. I think there is some confusion around a subtle difference between RFC 5116 and draft-mcgrew-aead-aes-cbc-hmac-sha2.(Or perhaps it is just me:) RFC 5116 has a nonce as a separate input and output I am fine with that, however it also implicitly assumes that T (Tag) is a fixed length value concatenated to the end of the cypher-text. I am opposed to binary concatenation of the values. draft-mcgrew goes a step further than RFC 5116 where it basically fakes out the RFC 5116 interface by specifying the use of a zero length nonce (Sec 2.1) It then creates a random IV that is included as a prefix to the cypher-text (Sec 2.1-4 & 2.2-4). By listing the IV as one of the elements that would be affected by the change some people may be thinking that the poll question also includes changing the serialization of the IV. I am however OK with having the underlying library produce the IV as long as it provides that as an output to JWE. As a matter of principal I prefer separating the crypto from the serialization. Perhaps I am over thinking the question and my answer is 1. John B. On 2013-04-16, at 11:24 AM, Richard Barnes <rlb@ipv.sx> wrote: > I'm confused. This is not about the IV == Initialization Vector, it's about the JWE Integrity Value (inconveniently also "IV"). I don't think anyone has proposed merging in the initialization vector, both because that's not what RFC 5116 does and because it's a terrible idea :) > > > On Mon, Apr 15, 2013 at 2:41 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: > 1 ish. > > Representing the nonce/IV separately should not preclude using a crypto library generated nonce/IV , as may be done in some libraries implementing draft-mcgrew-aead-aes-cbc-hmac-sha2. > > So I am in favour of the current serialization while wanting to support the crypto from draft-mcgrew-aead-aes-cbc-hmac-sha2 if not the particular serialization which is optimized for a different use-case. The current draft-mcgrew-aead-aes-cbc-hmac-sha2 conflates crypto and serialization. I am hoping we can resolve that so the crypto can be supported. > > John B. > > On 2013-04-11, at 8:58 PM, Karen O'Donoghue <odonoghue@isoc.org> wrote: > >> Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 proposes restructuring the JWE representation to remove the JWE Integrity Value field and instead use the RFC 5116 (AEAD) binary serialization to represent the Ciphertext, Initialization Vector, and Integrity Value values. If this proposal is adopted, JWEs would then have three fields – the header, the encrypted key, and the RFC 5116 combination of the Ciphertext, Initialization Vector, and Integrity Value values. >> This issue is also related to issue #3. Note that the updated McGrew draft described there could be used whether or not we switched to using RFC 5116. >> >> >> Which of these best describes your preferences on this issue? >> >> 1. Continue having separate Ciphertext, Initialization Vector, and Integrity Value values in the JWE representation. >> >> 2. Switch to using the RFC 5116 (AEAD) serialization to represent the combination of these three values. >> >> 3. Another resolution (please specify in detail). >> >> 0. I need more information to decide. >> >> >> Your reply is requested by Friday, April 19th or earlier. >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > >
- Re: [jose] Feedback request on jose tracker issue… Dick Hardt
- [jose] Feedback request on jose tracker issue#11:… Karen O'Donoghue
- Re: [jose] Feedback request on jose tracker issue… Manger, James H
- Re: [jose] Feedback request on jose tracker issue… Axel.Nennker
- Re: [jose] Feedback request on jose tracker issue… Roland Hedberg
- Re: [jose] Feedback request on jose tracker issue… hideki nara
- Re: [jose] Feedback request on jose tracker issue… Mike Jones
- Re: [jose] Feedback request on jose tracker issue… nov matake
- Re: [jose] Feedback request on jose tracker issue… Edmund Jay
- Re: [jose] Feedback request on jose tracker issue… Anthony Nadalin
- Re: [jose] Feedback request on jose tracker issue… Matias Woloski
- Re: [jose] Feedback request on jose tracker issue… Matt Miller
- Re: [jose] Feedback request on jose tracker issue… John Bradley
- Re: [jose] Feedback request on jose tracker issue… Richard Barnes
- Re: [jose] Feedback request on jose tracker issue… Russ Housley
- Re: [jose] Feedback request on jose tracker issue… charles.marais@orange.com
- Re: [jose] Feedback request on jose tracker issue… John Bradley
- Re: [jose] Feedback request on jose tracker issue… Manger, James H
- Re: [jose] Feedback request on jose tracker issue… Javier Rojas Blum
- Re: [jose] Feedback request on jose tracker issue… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Feedback request on jose tracker issue… Peck, Michael A
- Re: [jose] Feedback request on jose tracker issue… Russ Housley
- Re: [jose] Feedback request on jose tracker issue… Richard Barnes
- Re: [jose] Feedback request on jose tracker issue… Salvatore D'Agostino