Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

Russ Housley <housley@vigilsec.com> Fri, 19 April 2013 18:25 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E96A821F87D2 for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 11:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBbLsWC-Ybwd for <jose@ietfa.amsl.com>; Fri, 19 Apr 2013 11:25:12 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 71A7D21F8630 for <jose@ietf.org>; Fri, 19 Apr 2013 11:25:12 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id C2A29F24078; Fri, 19 Apr 2013 14:25:17 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id ghmr9hQikxJu; Fri, 19 Apr 2013 14:25:07 -0400 (EDT)
Received: from [192.168.2.100] (pool-173-79-232-68.washdc.fios.verizon.net [173.79.232.68]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 28DD2F2406E; Fri, 19 Apr 2013 14:25:17 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Fri, 19 Apr 2013 14:25:10 -0400
Message-Id: <44ED17C2-D855-4549-B098-96515D4AE954@vigilsec.com>
To: odonoghue@isoc.org, jose@ietf.org
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Apr 2013 18:25:13 -0000

2.  Switch to using the RFC 5116 (AEAD) serialization ...

And, when using a mode like CBC, simply prepend the IV to the ciphertext.

Russ

= = = = = = = = = 


Which of these best describes your preferences on this issue?
1.  Continue having separate Ciphertext, Initialization Vector, and
Integrity Value values in the JWE representation.
2.  Switch to using the RFC 5116 (AEAD) serialization to represent the
combination of these three values.
3.  Another resolution (please specify in detail).
0.  I need more information to decide.