Re: [jose] #4: Impossible to separate wrapped key from encrypted data

Richard Barnes <rlb@ipv.sx> Mon, 25 February 2013 21:36 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9B3C21E80DB for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 13:36:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[AWL=0.491, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1dzw5HLZ7Xv for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 13:36:35 -0800 (PST)
Received: from mail-oa0-f48.google.com (mail-oa0-f48.google.com [209.85.219.48]) by ietfa.amsl.com (Postfix) with ESMTP id 1B39621E80DA for <jose@ietf.org>; Mon, 25 Feb 2013 13:36:35 -0800 (PST)
Received: by mail-oa0-f48.google.com with SMTP id j1so3857043oag.35 for <jose@ietf.org>; Mon, 25 Feb 2013 13:36:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=GC/91hAJXoT/EpMiZI7vFr5cV0+bHMCpFSkScEBWIy0=; b=U8qEIcMVH2zA4X5J4TsrAJ6wjDqSOsIaMEquEkpk8DvKt4nUO4/P2DLs+Hu3L5ESL2 6Dvj5IRxhKfQTcz4RM5qhH8iF2LyshXRBRm+OadFxIdM83Tdx7HAednjBb9VDGhmxbIS T0vtiXgffxiP5vx30ihEdmA0dP9GKC8dW+1fhdS/uIIgSeZsB27d8/KHOSl7Dgx5MXZA DqEC7fDAf28bPrhwFo6mrduf6yPDVBA1BWAtTJO9eLKSOSBWd+GnObd1xweDGw+ut7ek wFzTlcPG1auXL+5G6ZaAIRJoy7EVAv3R/4p0wuEW2NQt0MdP+ROswvbjVFMw6xD8GQtY g4Ug==
MIME-Version: 1.0
X-Received: by 10.182.72.5 with SMTP id z5mr9232881obu.24.1361828184190; Mon, 25 Feb 2013 13:36:24 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Mon, 25 Feb 2013 13:36:24 -0800 (PST)
X-Originating-IP: [128.89.253.236]
In-Reply-To: <069.35ef4482936d3eebeb4279ca3a1ad678@trac.tools.ietf.org>
References: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org> <069.35ef4482936d3eebeb4279ca3a1ad678@trac.tools.ietf.org>
Date: Mon, 25 Feb 2013 16:36:24 -0500
Message-ID: <CAL02cgSbcvKEq0hOvF8DfdAL_Xy_AHjxXX7cFWwUHJoahaDNaQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: jose issue tracker <trac+jose@trac.tools.ietf.org>
Content-Type: multipart/alternative; boundary=f46d044785332a0aa804d693551c
X-Gm-Message-State: ALoCoQnk085KwksAZJTKvd+1zrS0SLuLUvqAHCmTdb+0FT4s78R6Fh/ElCfdFbdYttYyZYfE/2VV
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, Nat Sakimura <sakimura@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #4: Impossible to separate wrapped key from encrypted data
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 21:36:36 -0000

That still doesn't address how the key is transmitted.

A solution for encryption requires (1) a way to encrypt a JWE under a given
key, and (2) a way to transmit wrapped keys.  You are proposing a solution
to (1), with some mechanism for (2).

JWE already solves (1) and (2), just not in a way that the keys are
separable. Because the keys are included under the JWE integrity check, the
JWE integrity check value will be different for each wrapped key.

Your answer already concedes that there is no benefit to including the key
under the JWE integrity check.  We should just make it that way with JWE in
general and the issue will be resolved.





On Mon, Feb 25, 2013 at 2:19 PM, jose issue tracker <
trac+jose@trac.tools.ietf.org> wrote:

> #4: Impossible to separate wrapped key from encrypted data
>
>
> Comment (by sakimura@gmail.com):
>
>  4.6 Dierct Encryption with a Shared Symmetric Key of JWA seems to be
>  addressing the needs in this ticket.
>
> --
> -------------------------+-------------------------------------------------
>  Reporter:               |       Owner:  draft-ietf-jose-json-web-
>   rbarnes@bbn.com        |  encryption@tools.ietf.org
>      Type:  defect       |      Status:  new
>  Priority:  major        |   Milestone:
> Component:  json-web-    |     Version:
>   encryption             |  Resolution:
>  Severity:  Active WG    |
>   Document               |
>  Keywords:               |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:1>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>