IETF Logo Mail Archive

Re: [jose] order of step for encryption. JWE section 5

Mike Jones <Michael.Jones@microsoft.com> Tue, 11 December 2012 01:35 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE2421F872C for <jose@ietfa.amsl.com>; Mon, 10 Dec 2012 17:35:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.235
X-Spam-Level:
X-Spam-Status: No, score=-3.235 tagged_above=-999 required=5 tests=[AWL=-0.636, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBRf56XMopIR for <jose@ietfa.amsl.com>; Mon, 10 Dec 2012 17:35:01 -0800 (PST)
Received: from NA01-BL2-obe.outbound.protection.outlook.com (na01-bl2-obe.ptr.protection.outlook.com [65.55.169.24]) by ietfa.amsl.com (Postfix) with ESMTP id CB91D21F872E for <jose@ietf.org>; Mon, 10 Dec 2012 17:34:55 -0800 (PST)
Received: from BL2FFO11FD003.protection.gbl (10.173.161.201) by BL2FFO11HUB006.protection.gbl (10.173.160.226) with Microsoft SMTP Server (TLS) id 15.0.578.12; Tue, 11 Dec 2012 01:34:53 +0000
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD003.mail.protection.outlook.com (10.173.160.103) with Microsoft SMTP Server (TLS) id 15.0.578.12 via Frontend Transport; Tue, 11 Dec 2012 01:34:53 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.240]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.02.0318.003; Tue, 11 Dec 2012 01:34:26 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Axel.Nennker@telekom.de" <Axel.Nennker@telekom.de>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: order of step for encryption. JWE section 5
Thread-Index: Ac1y1wQPutAF2XyLQPOP3bTnOMCRMwALGibgGQ76JcA=
Date: Tue, 11 Dec 2012 01:34:25 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366924CBC@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <CE8995AB5D178F44A2154F5C9A97CAF402517DB698C5@HE111541.emea1.cds.t-internal.com> <4E1F6AAD24975D4BA5B1680429673943667537AF@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667537AF@TK5EX14MBXC285.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.72]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(51914002)(377454001)(13464002)(43784002)(56816002)(74662001)(4396001)(31966008)(53806001)(46102001)(50986001)(33656001)(54356001)(54316002)(51856001)(74502001)(55846006)(47736001)(49866001)(47446002)(47976001)(44976002)(23726001)(47776002)(15202345001)(56776001)(5343655001)(76482001)(46406002)(77982001)(16406001)(59766001)(50466001); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB006; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 069255B8B8
Subject: Re: [jose] order of step for encryption. JWE section 5
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2012 01:35:02 -0000

Hi Axel,

I'm sure that you probably saw this already, but in the -06 version of the spec, this ordering was cleaned up, as you suggested.  Thanks for your detailed and useful input on the specs.

				-- Mike

-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Sunday, August 05, 2012 5:20 AM
To: Axel.Nennker@telekom.de; jose@ietf.org
Subject: Re: [jose] order of step for encryption. JWE section 5

Thanks for the careful read, Axel.  I'll work to make the write-up of the steps clearer, using your input.  In particular, I'll look for ways to better structure the steps.  (Unfortunately, the xml2rfc tool doesn't do a particularly good job of structuring lists with sub-lists.)

Answering your point 2c, a random CMK is not used in this case.  Instead, the agreed-upon key is used directly to perform the encryption.  I also plan to add a key agreement example in the next draft.  I expect that this will help make this case clearer.

				Thanks again,
				-- Mike
 
-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Axel.Nennker@telekom.de
Sent: Saturday, August 04, 2012 11:55 PM
To: jose@ietf.org
Subject: [jose] order of step for encryption. JWE section 5

Hi,

I have two issues with section 5 of
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05.html

1)
I would prefer it if the order of the steps 1 and 2 were reversed in section 5.

Currently we have:
Message Encryption


   The message encryption process is as follows.  The order of the steps
   is not significant in cases where there are no dependencies between
   the inputs and outputs of the steps.

   1.   When key agreement is employed, use the key agreement algorithm
        to compute the value of the agreed upon key.  When key agreement
        without key wrapping is employed, let the Content Master Key
        (CMK) be the agreed upon key.  When key agreement with key
        wrapping is employed, the agreed upon key will be used to wrap
        the CMK.

   2.   When key wrapping, key encryption, or key agreement with key
        wrapping are employed, generate a random Content Master Key
        (CMK).  See RFC 4086 [RFC4086] for considerations on generating
        random values.  The CMK MUST have a length equal to that of the
        larger of the required encryption and integrity keys.

Step 1 refers to the CMK that might be randomly created in step 2. I think it is better to have the CMK generation .

2) I find the text of the current step 1 confusing.
 2a) The first sentence is nearly a tautology
 2b) All sentences begin with When but the sentences two and three are alternative choices and the first is not.
 2c) Does "When key agreement without key wrapping is employed, let the Content Master Key
        (CMK) be the agreed upon key." make sense?
       What is the key agreement good for then?
       Should this read: "When key agreement without key wrapping is employed, let the agreed upon key be the CMK" ? There SHOULD be some randomness e.g. through the epk.

Could we structure these steps more? I) determine the CEK, generate random values like IVs and epks II) build the jweHeaderSegment (e.g.
put the IV there) III) build the jweKeySegment (e.g. key wrapping) IV) build the jweCryptoSegment V) build the jweIntegritySegment VI) base64url encode and concatenate the segments _______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose


_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.14.0 | Report a Bug | By Email