Re: [jose] Field Matrix
Richard Barnes <rlb@ipv.sx> Thu, 27 June 2013 22:25 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7868311E8118 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 15:25:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.976
X-Spam-Level:
X-Spam-Status: No, score=-3.976 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZmkv2ARyOZ4 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 15:25:45 -0700 (PDT)
Received: from mail-oa0-f53.google.com (mail-oa0-f53.google.com [209.85.219.53]) by ietfa.amsl.com (Postfix) with ESMTP id EFC7C11E8116 for <jose@ietf.org>; Thu, 27 Jun 2013 15:25:44 -0700 (PDT)
Received: by mail-oa0-f53.google.com with SMTP id k14so1566196oag.12 for <jose@ietf.org>; Thu, 27 Jun 2013 15:25:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=dVkJesszGIccZBhf9yiJrZCFyFkFAENQ6rCPmJWVTDE=; b=ppw//6i4cmer1n9z6cVxzmsBpkgToMIHRjnFrcQ4p5MzEjH/wywTvvCTqiN0b8QrD/ O/FlXY+k6xd9UvXZDBgBNGTdQSQDu+hYry13s8J4wZQdRY8Vc0vpi89m1Yy1owEnCQsj nIGBlO/+6dSDeS//9GGSliHKw5Eba2ce+shHvWIRde48J9r7fcAM0sPuaHfSWtiD30Bt vzeW9SK0/zzyAv5bFk4k+LLzntIFsBsL4hX0lWobtmYtub8rvp6idEBbpnnkJNDI/l96 Q73/9GjMywf/mKp4HNnSMdZaeolOF3f1uDOGF9nBXIcNaqySGrWMRtvYNucq9VEaGB+9 A5Rw==
MIME-Version: 1.0
X-Received: by 10.182.105.99 with SMTP id gl3mr5148154obb.94.1372371944524; Thu, 27 Jun 2013 15:25:44 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Thu, 27 Jun 2013 15:25:44 -0700 (PDT)
X-Originating-IP: [192.1.51.93]
In-Reply-To: <8B4C063947CD794BB6FF90C78BAE9B321F064434@IMCMBX04.MITRE.ORG>
References: <053f01ce6de7$8ed108e0$ac731aa0$@augustcellars.com> <CAL02cgTVfWU_Ly1txm_k6s+omX8ZzUHTbp58HK03_EZ0qg_7cA@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436787AC69@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAL02cgTu=LMdH5VEdCsUAs0Ro3qeu_4MZ6viY5QF7axpQmYkZQ@mail.gmail.com> <8B4C063947CD794BB6FF90C78BAE9B321F064434@IMCMBX04.MITRE.ORG>
Date: Thu, 27 Jun 2013 18:25:44 -0400
Message-ID: <CAL02cgTASNKkc_fOzj2+CF0O0S1YSkBta+57TiRqKsJiROGc_Q@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: "Peck, Michael A" <mpeck@mitre.org>
Content-Type: multipart/alternative; boundary="e89a8ff2545c40dfd404e02a3e88"
X-Gm-Message-State: ALoCoQngHrv18BTCABL9iMpUsKFvVWEbE8KCW8vnckSUSYjAW4oNw5hOS9Dd/lvroyuVCHKM2ye4
Cc: Mike Jones <Michael.Jones@microsoft.com>, Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Field Matrix
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 22:25:54 -0000
Compress(plaintext) and Plaintext have the same information content. So the attacker hasn't revealed anything. Still not a security risk. --Richard On Thu, Jun 27, 2013 at 11:43 AM, Peck, Michael A <mpeck@mitre.org> wrote: > “zip” indicates whether the authenticated encryption is applied to > Plaintext vs Compress(Plaintext).**** > > ** ** > > By stripping “zip” an attacker could make the message appear to > successfully decrypt to Compress(Plaintext) rather than Plaintext?**** > > ** ** > > I suppose whether that could lead to something bad would be implementation > dependent, but anything that can lead to ambiguity about the contents of > the original plaintext doesn’t seem like a good idea.**** > > ** ** > > Mike**** > > ** ** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf > Of *Richard Barnes > *Sent:* Thursday, June 20, 2013 6:01 PM > *To:* Mike Jones > *Cc:* Jim Schaad; jose@ietf.org > > *Subject:* Re: [jose] Field Matrix**** > > ** ** > > There was no such decision. Quoting directly from the minutes:**** > > """**** > > ** Crit Text**** > > ** ** > > Two questions were raised for dealing with the cirt field. Does the crit > field need to be signed and do the members listed in the crit field need to > be signed.**** > > ** ** > > There was no consensus in the group at this time as we adjourned for the > day**** > > """**** > > ** ** > > In order for the attack you describe to be an actual security risk, it > would need to be the case that the parameters in "crit" were > security-critical, as opposed to things that would simply cause incorrect > processing. One can certainly imagine parameters that would fall in the > latter bin; my current favorite example is a "part" parameter that would > allow fragmentation / reassembly. Because such parameters exist, it's > possible to use "crit" safely without integrity protection.**** > > ** ** > > Can we at least agree that integrity protecting "zip" is unnecessary? The > only thing that stripping / changing "zip" causes is a processing failure, > not a security compromise.**** > > ** ** > > --Richard**** > > ** ** > > ** ** > > On Thu, Jun 20, 2013 at 5:01 PM, Mike Jones <Michael.Jones@microsoft.com> > wrote:**** > > There was a working group decision at the Denver meeting that “crit” must > be integrity protected. The reason for this is straightforward.**** > > **** > > If not integrity protected, an attacker could strip the “crit” field, > defeating the semantic requirement that implementations must reject the > input if a “crit” value is used that is not understood. Thus, the spec > requires that this field be integrity protected whenever used.**** > > **** > > -- Mike*** > * > > **** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf > Of *Richard Barnes > *Sent:* Thursday, June 20, 2013 1:52 PM > *To:* Jim Schaad > *Cc:* jose@ietf.org > *Subject:* Re: [jose] Field Matrix**** > > **** > > You can eliminate the "protection required" field, because there aren't > any of those. **** > > **** > > Or there shouldn't be: The only security case we have is algorithm > dependent ("alg" must be protected if "alg" == "PS256", "PS512"). The only > fields for which the specs currently require integrity protection are "zip" > and "crit". Neither of these have the property that changing them would > cause a security violation, except in some application-dependent sense. So > the choice of integrity protection should be left to applications, not > fixed in the spec.**** > > **** > > --Richard**** > > **** > > On Thu, Jun 20, 2013 at 2:54 PM, Jim Schaad <ietf@augustcellars.com> > wrote:**** > > <no hat>**** > > **** > > Having just started looking at a design implementation, I am now more than > ever interested in seeing this matrix of fields. At the present time I > think the following columns are probably of interest:**** > > **** > > Name, must understand, use required, common vs specific, protection > required**** > > **** > > I was just looking at the alg and enc fields for JWE and realized that one > was specific – so it should be one location – and one was common – so it > should be in a different location. And then I needed to start thinking > about where it goes in terms of compacted vs one recipient vs two > recipients.**** > > **** > > Do you have an idea of when this matrix might show up?**** > > **** > > Jim**** > > **** > > **** > > ** ** >
- [jose] Field Matrix Jim Schaad
- Re: [jose] Field Matrix Richard Barnes
- Re: [jose] Field Matrix Mike Jones
- Re: [jose] Field Matrix Richard Barnes
- Re: [jose] Field Matrix Peck, Michael A
- Re: [jose] Field Matrix Richard Barnes