Re: [jose] Minutes
Mike Jones <Michael.Jones@microsoft.com> Mon, 25 March 2013 22:57 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAC121F868E for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:57:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmR8qEYzTCvS for <jose@ietfa.amsl.com>; Mon, 25 Mar 2013 15:57:15 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0209.outbound.protection.outlook.com [207.46.163.209]) by ietfa.amsl.com (Postfix) with ESMTP id 4213321F8606 for <jose@ietf.org>; Mon, 25 Mar 2013 15:57:15 -0700 (PDT)
Received: from BY2FFO11FD018.protection.gbl (10.173.161.200) by BL2FFO11HUB030.protection.gbl (10.173.161.54) with Microsoft SMTP Server (TLS) id 15.0.651.3; Mon, 25 Mar 2013 22:57:13 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD018.mail.protection.outlook.com (10.1.14.106) with Microsoft SMTP Server (TLS) id 15.0.651.3 via Frontend Transport; Mon, 25 Mar 2013 22:57:13 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0318.003; Mon, 25 Mar 2013 22:56:42 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>
Thread-Topic: [jose] Minutes
Thread-Index: Ac4nOU6Wtn5YToVESdmS7jlWKdSc2ABuH0gQACz5rQAAAVfCMA==
Date: Mon, 25 Mar 2013 22:56:41 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394367588B2D@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <010001ce2739$7eaae070$7c00a150$@augustcellars.com> <4E1F6AAD24975D4BA5B168042967394367586714@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAL02cgTzFJNpcWKVQKnESTY9Wtq1wO-1_6jjeZhzM9KgbYm0GA@mail.gmail.com>
In-Reply-To: <CAL02cgTzFJNpcWKVQKnESTY9Wtq1wO-1_6jjeZhzM9KgbYm0GA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394367588B2DTK5EX14MBXC283r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(199002)(189002)(24454001)(16406001)(5343635001)(79102001)(47976001)(20776003)(59766001)(47736001)(63696002)(76482001)(71186001)(55846006)(66066001)(65816001)(46102001)(33656001)(53806001)(5343655001)(50986001)(51856001)(56776001)(512954001)(44976002)(74502001)(31966008)(49866001)(74662001)(77982001)(54316002)(47446002)(15202345001)(4396001)(80022001)(56816002)(69226001)(16236675001)(54356001); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB030; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0796EBEDE1
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Minutes
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2013 22:57:18 -0000
"Impossible to separate wrapped key from encrypted data" (the title of issue #4) is a false statement. Nat pointed that out over a month ago in the issue tracker. If that remains the title of the issue, it should be closed on the merits of the issue.
If you want to change the title of this one to "Should the encrypted key element of a JWE no longer be included in the integrity check?" I'd have no problem with the issue, because then it would be making a neutral statement about a possible change. But right now, it's highly misleading, at best.
None of that was captured in the minutes, even though it was all discussed in Orlando.
-- Mike
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Monday, March 25, 2013 3:11 PM
To: Mike Jones
Cc: Jim Schaad; jose@ietf.org
Subject: Re: [jose] Minutes
It's not accurate to say that Issue #4 is not a problem. We did clarify in the meeting that the issue could use some re-statement, to clarify that the issue is the coverage of keys by the integrity check. So there's still an issue, namely whether the key needs to be covered by the integrity check.
On Sun, Mar 24, 2013 at 9:02 PM, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:
I don't believe that the minutes adequately capture the discussion on issue #4 (http://trac.tools.ietf.org/wg/jose/trac/ticket/4#<http://trac.tools.ietf.org/wg/jose/trac/ticket/4>). I would revise as follows:
Data tracker issue #4 (Impossible to separate wrapped key from encrypted data) - John Bradley's slides pointed out that it *is* possible to separate wrapped keys from encrypted data when needed by using the direct encryption mode and therefore asked for this issue to be closed, as it is based upon a false premise. Mike Jones also asked for this to be closed on this basis, and pointed out that Nat Sakimura had already described the problem with this issue in the issue tracker. Richard asked a question about the security analysis of including the wrapped key in the integrity calculation - Does the wrapped key need to be included in the integrity check or not? The question will be referred to CFRG but a request for possible attack modes being sent to the list is requested.
Given that the problem stated in issue #4 was demonstrated to not actually be a problem during the discussions, I would ask again that the chairs close this one, and update the minutes to reflect this.
Thank you,
-- Mike
From: jose-bounces@ietf.org<mailto:jose-bounces@ietf.org> [mailto:jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>] On Behalf Of Jim Schaad
Sent: Friday, March 22, 2013 1:12 PM
To: jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] Minutes
Preliminary minutes have been uploaded to the site. Please review and comment back to me if you have disagreements.
http://www.ietf.org/proceedings/86/minutes/minutes-86-jose
Note that the minutes have an action list at the bottom of them.
Jim
_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose
- [jose] Minutes Jim Schaad
- Re: [jose] Minutes Mike Jones
- [jose] Minutes Jim Schaad
- Re: [jose] Minutes prateek mishra
- Re: [jose] Minutes Richard Barnes
- Re: [jose] Minutes Mike Jones
- Re: [jose] Minutes Richard Barnes