IETF Logo Mail Archive

Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

Russ Housley <housley@vigilsec.com> Tue, 16 April 2013 17:46 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71D0021F9708 for <jose@ietfa.amsl.com>; Tue, 16 Apr 2013 10:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBIYrb7OLGH2 for <jose@ietfa.amsl.com>; Tue, 16 Apr 2013 10:46:29 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 76BCC21F96FA for <jose@ietf.org>; Tue, 16 Apr 2013 10:46:29 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id B789FF24077; Tue, 16 Apr 2013 13:46:49 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id YWpqfcOVh7fY; Tue, 16 Apr 2013 13:46:24 -0400 (EDT)
Received: from [192.168.2.100] (pool-173-79-232-68.washdc.fios.verizon.net [173.79.232.68]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 7E3F5F24070; Tue, 16 Apr 2013 13:46:48 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-44--867353032"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
Date: Tue, 16 Apr 2013 13:46:27 -0400
Message-Id: <56FE5AD2-5A94-4548-B9C1-48A27EE5EA5D@vigilsec.com>
References: <51674E3D.7030004@isoc.org> <71C65BBC-A7CB-4A5A-AE85-20650203F2FB@ve7jtb.com> <CAL02cgRtu6TkmkP3gBk6UYCBk9hnDA=tiqyaRgoCyx9z-O__OA@mail.gmail.com>
To: jose@ietf.org
X-Mailer: Apple Mail (2.1085)
Cc: John Bradley <ve7jtb@ve7jtb.com>
Subject: Re: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2013 17:46:30 -0000

Other protocols use ICV (Integrity Check Value) to avoid this confusion.

ICV also avoids the confusion with the many different interpretations of MAC.

Russ


On Apr 16, 2013, at 10:24 AM, Richard Barnes wrote:

> I'm confused.  This is not about the IV == Initialization Vector, it's about the JWE Integrity Value (inconveniently also "IV").  I don't think anyone has proposed merging in the initialization vector, both because that's not what RFC 5116 does and because it's a terrible idea :)
> 
> 
> On Mon, Apr 15, 2013 at 2:41 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
> 1 ish.
> 
> Representing the nonce/IV separately should not preclude using a crypto library generated nonce/IV , as may be done in some libraries implementing  draft-mcgrew-aead-aes-cbc-hmac-sha2.
> 
> So I am in favour of the current serialization while wanting to support the crypto from  draft-mcgrew-aead-aes-cbc-hmac-sha2 if not the particular serialization which is optimized for a different use-case.   The current draft-mcgrew-aead-aes-cbc-hmac-sha2 conflates crypto and serialization.  I am hoping we can resolve that so the crypto can be supported.
> 
> John B.
> 
> On 2013-04-11, at 8:58 PM, Karen O'Donoghue <odonoghue@isoc.org> wrote:
> 
>> Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 proposes restructuring the JWE representation to remove the JWE Integrity Value field and instead use the RFC 5116 (AEAD) binary serialization to represent the Ciphertext, Initialization Vector, and Integrity Value values.  If this proposal is adopted, JWEs would then have three fields – the header, the encrypted key, and the RFC 5116 combination of the Ciphertext, Initialization Vector, and Integrity Value values. 
>> This issue is also related to issue #3.  Note that the updated McGrew draft described there could be used whether or not we switched to using RFC 5116.
>>  
>> 
>> Which of these best describes your preferences on this issue?
>> 
>> 1.  Continue having separate Ciphertext, Initialization Vector, and Integrity Value values in the JWE representation.
>> 
>> 2.  Switch to using the RFC 5116 (AEAD) serialization to represent the combination of these three values.
>> 
>> 3.  Another resolution (please specify in detail).
>> 
>> 0.  I need more information to decide.
>> 
>>  
>> Your reply is requested by Friday, April 19th or earlier. 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> 
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email