Re: [jose] Question on enc location
Mike Jones <Michael.Jones@microsoft.com> Tue, 23 July 2013 21:33 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65CF511E8149 for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 14:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.431
X-Spam-Level:
X-Spam-Status: No, score=-3.431 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2A2WixG+frm for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 14:33:32 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0253.outbound.messaging.microsoft.com [213.199.154.253]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5AE11E82F4 for <jose@ietf.org>; Tue, 23 Jul 2013 14:33:30 -0700 (PDT)
Received: from mail13-db9-R.bigfish.com (10.174.16.236) by DB9EHSOBE023.bigfish.com (10.174.14.86) with Microsoft SMTP Server id 14.1.225.22; Tue, 23 Jul 2013 21:33:28 +0000
Received: from mail13-db9 (localhost [127.0.0.1]) by mail13-db9-R.bigfish.com (Postfix) with ESMTP id CB25D4019C; Tue, 23 Jul 2013 21:33:28 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -21
X-BigFish: VS-21(zz98dI9371Ic85fhzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h1de098h1033IL17326ah8275dh18c673h1de097h1de096h8275bhdda1eiz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail13-db9: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail13-db9 (localhost.localdomain [127.0.0.1]) by mail13-db9 (MessageSwitch) id 1374615206602976_9791; Tue, 23 Jul 2013 21:33:26 +0000 (UTC)
Received: from DB9EHSMHS019.bigfish.com (unknown [10.174.16.250]) by mail13-db9.bigfish.com (Postfix) with ESMTP id 835CD2A0041; Tue, 23 Jul 2013 21:33:26 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by DB9EHSMHS019.bigfish.com (10.174.14.29) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 23 Jul 2013 21:33:25 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0136.001; Tue, 23 Jul 2013 21:33:18 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Richard Barnes' <rlb@ipv.sx>
Thread-Topic: [jose] Question on enc location
Thread-Index: Ac6HM7oJ9KwXoeAcSzSJtgQcSJVj8gABB71gABkzjYAAAKv1gAAGTAVgAAtY+AAAAVuI0A==
Date: Tue, 23 Jul 2013 21:33:17 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B7044A2@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <05a101ce8733$d96415e0$8c2c41a0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B6FFED3@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgRFsoVOu4=opCark=iY6EXZ4kscR5Q3v2KpcZu4_ubQQw@mail.gmail.com> <05fd01ce879f$581712a0$084537e0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B702C5E@TK5EX14MBXC284.redmond.corp.microsoft.com> <065a01ce87e5$ee9a1920$cbce4b60$@augustcellars.com>
In-Reply-To: <065a01ce87e5$ee9a1920$cbce4b60$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.74]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B7044A2TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Question on enc location
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 21:33:39 -0000
For the second, you're right - you don't need encrypted_key. I'll plan to be clear on that (and the other fields that are omitted for some algorithms) for the JSON Serializations. I believe you still need "recipients" - for consistency reasons, even if the array elements contain an empty object. -- Mike From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Tuesday, July 23, 2013 1:48 PM To: Mike Jones; 'Richard Barnes' Cc: jose@ietf.org Subject: RE: [jose] Question on enc location But in this case I don't think that I need an encrypted key value because I am using direct. From: Mike Jones [mailto:Michael.Jones@microsoft.com] Sent: Tuesday, July 23, 2013 8:29 AM To: Jim Schaad; 'Richard Barnes' Cc: jose@ietf.org<mailto:jose@ietf.org> Subject: RE: [jose] Question on enc location For the first, no - it's missing the required "recipients" element. For the second, no - the "recipients" value is missing the required "encrypted_key" value. Answering Richard's comment - I expect that in most cases people will put elements such as "enc" that are common between all recipients in either the "protected" or "unprotected" top-level headers, but this isn't a requirement. In the worst case, should a sender use different "enc" values for different recipients, the result will be that the JWE will fail to decrypt for all the recipients in which the "enc" value is incorrect. -- Mike From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Tuesday, July 23, 2013 5:23 AM To: 'Richard Barnes'; Mike Jones Cc: jose@ietf.org<mailto:jose@ietf.org> Subject: RE: [jose] Question on enc location As a follow up. Is this legal? { Header: <alg:"direct", enc:"AES-GCM"}, IV: ..., tag:..., payload:... } Or is the line Recipients:[{}], Required? From: Richard Barnes [mailto:rlb@ipv.sx] Sent: Tuesday, July 23, 2013 5:04 AM To: Mike Jones Cc: Jim Schaad; jose@ietf.org<mailto:jose@ietf.org> Subject: Re: [jose] Question on enc location In which case, it seems like it should be in the top level header, to avoid having it repeated every time. In general, it seems like there are "content" parameters (e.g., enc, zip, cty) that should go at the top level, and "key" parameters that should be per-recipient (e.g., alg, epk, salt). It would be helpful to implementors to be clear about what goes where. On Monday, July 22, 2013, Mike Jones wrote: No - just that the "enc" field for all recipients be the same. From: jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');> [mailto:jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');>] On Behalf Of Jim Schaad Sent: Monday, July 22, 2013 4:33 PM To: jose@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose@ietf.org');> Subject: [jose] Question on enc location Is there supposed to be a requirement in the JWE specification that the enc field be in the common protected (or unprotected) header and no in the individual recipient header information? Jim
- Re: [jose] Question on enc location Mike Jones
- [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Mike Jones
- Re: [jose] Question on enc location Richard Barnes
- Re: [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Richard Barnes
- Re: [jose] Question on enc location Mike Jones
- Re: [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Mike Jones