Re: [jose] Question on enc location
"Jim Schaad" <ietf@augustcellars.com> Tue, 23 July 2013 20:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC04811E810C for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 13:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p5+InN+xSCGw for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 13:49:13 -0700 (PDT)
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6772F11E8100 for <jose@ietf.org>; Tue, 23 Jul 2013 13:49:09 -0700 (PDT)
Received: from Philemon (winery.augustcellars.com [206.212.239.129]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id 9AC622CA26; Tue, 23 Jul 2013 13:49:08 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, 'Richard Barnes' <rlb@ipv.sx>
References: <05a101ce8733$d96415e0$8c2c41a0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B6FFED3@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgRFsoVOu4=opCark=iY6EXZ4kscR5Q3v2KpcZu4_ubQQw@mail.gmail.com> <05fd01ce879f$581712a0$084537e0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B702C5E@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B702C5E@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Tue, 23 Jul 2013 13:48:00 -0700
Message-ID: <065a01ce87e5$ee9a1920$cbce4b60$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_065B_01CE87AB.423C79A0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHQTpdhMabkoa5v2EltdYDF5I7dAAGP8XVaAsDOTjsA9gUfhAEhaTGymTvf/5A=
Content-Language: en-us
Cc: jose@ietf.org
Subject: Re: [jose] Question on enc location
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 20:49:20 -0000
But in this case I don't think that I need an encrypted key value because I am using direct. From: Mike Jones [mailto:Michael.Jones@microsoft.com] Sent: Tuesday, July 23, 2013 8:29 AM To: Jim Schaad; 'Richard Barnes' Cc: jose@ietf.org Subject: RE: [jose] Question on enc location For the first, no - it's missing the required "recipients" element. For the second, no - the "recipients" value is missing the required "encrypted_key" value. Answering Richard's comment - I expect that in most cases people will put elements such as "enc" that are common between all recipients in either the "protected" or "unprotected" top-level headers, but this isn't a requirement. In the worst case, should a sender use different "enc" values for different recipients, the result will be that the JWE will fail to decrypt for all the recipients in which the "enc" value is incorrect. -- Mike From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Tuesday, July 23, 2013 5:23 AM To: 'Richard Barnes'; Mike Jones Cc: jose@ietf.org Subject: RE: [jose] Question on enc location As a follow up. Is this legal? { Header: <alg:"direct", enc:"AES-GCM"}, IV: ., tag:., payload:. } Or is the line Recipients:[{}], Required? From: Richard Barnes [mailto:rlb@ipv.sx] Sent: Tuesday, July 23, 2013 5:04 AM To: Mike Jones Cc: Jim Schaad; jose@ietf.org Subject: Re: [jose] Question on enc location In which case, it seems like it should be in the top level header, to avoid having it repeated every time. In general, it seems like there are "content" parameters (e.g., enc, zip, cty) that should go at the top level, and "key" parameters that should be per-recipient (e.g., alg, epk, salt). It would be helpful to implementors to be clear about what goes where. On Monday, July 22, 2013, Mike Jones wrote: No - just that the "enc" field for all recipients be the same. From: jose-bounces@ietf.org <javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');> [mailto:jose-bounces@ietf.org <javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');> ] On Behalf Of Jim Schaad Sent: Monday, July 22, 2013 4:33 PM To: jose@ietf.org <javascript:_e(%7b%7d,%20'cvml',%20'jose@ietf.org');> Subject: [jose] Question on enc location Is there supposed to be a requirement in the JWE specification that the enc field be in the common protected (or unprotected) header and no in the individual recipient header information? Jim
- Re: [jose] Question on enc location Mike Jones
- [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Mike Jones
- Re: [jose] Question on enc location Richard Barnes
- Re: [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Richard Barnes
- Re: [jose] Question on enc location Mike Jones
- Re: [jose] Question on enc location Jim Schaad
- Re: [jose] Question on enc location Mike Jones