IETF Logo Mail Archive

Re: [jose] Question on enc location

Mike Jones <Michael.Jones@microsoft.com> Tue, 23 July 2013 15:29 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 140CD11E8293 for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 08:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.098
X-Spam-Level:
X-Spam-Status: No, score=-4.098 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dN9cH5D8YMkM for <jose@ietfa.amsl.com>; Tue, 23 Jul 2013 08:29:13 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe004.messaging.microsoft.com [216.32.181.184]) by ietfa.amsl.com (Postfix) with ESMTP id 31B9D11E812E for <jose@ietf.org>; Tue, 23 Jul 2013 08:29:12 -0700 (PDT)
Received: from mail213-ch1-R.bigfish.com (10.43.68.233) by CH1EHSOBE013.bigfish.com (10.43.70.63) with Microsoft SMTP Server id 14.1.225.22; Tue, 23 Jul 2013 15:29:11 +0000
Received: from mail213-ch1 (localhost [127.0.0.1]) by mail213-ch1-R.bigfish.com (Postfix) with ESMTP id 530833000F7; Tue, 23 Jul 2013 15:29:11 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -21
X-BigFish: VS-21(zz98dI9371Ic85fhzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h1de098h1033IL17326ah18c673h1de097h1de096h8275bh8275dhdda1eiz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail213-ch1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail213-ch1 (localhost.localdomain [127.0.0.1]) by mail213-ch1 (MessageSwitch) id 1374593348624082_4740; Tue, 23 Jul 2013 15:29:08 +0000 (UTC)
Received: from CH1EHSMHS034.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.246]) by mail213-ch1.bigfish.com (Postfix) with ESMTP id 89F864004B; Tue, 23 Jul 2013 15:29:08 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by CH1EHSMHS034.bigfish.com (10.43.70.34) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 23 Jul 2013 15:29:07 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.03.0136.001; Tue, 23 Jul 2013 15:29:05 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Richard Barnes' <rlb@ipv.sx>
Thread-Topic: [jose] Question on enc location
Thread-Index: Ac6HM7oJ9KwXoeAcSzSJtgQcSJVj8gABB71gABkzjYAAAKv1gAAGTAVg
Date: Tue, 23 Jul 2013 15:29:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B702C5E@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <05a101ce8733$d96415e0$8c2c41a0$@augustcellars.com> <4E1F6AAD24975D4BA5B16804296739436B6FFED3@TK5EX14MBXC284.redmond.corp.microsoft.com> <CAL02cgRFsoVOu4=opCark=iY6EXZ4kscR5Q3v2KpcZu4_ubQQw@mail.gmail.com> <05fd01ce879f$581712a0$084537e0$@augustcellars.com>
In-Reply-To: <05fd01ce879f$581712a0$084537e0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.73]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B702C5ETK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Question on enc location
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 15:29:41 -0000

For the first, no - it's missing the required "recipients" element.

For the second, no - the "recipients" value is missing the required "encrypted_key" value.

Answering Richard's comment - I expect that in most cases people will put elements such as "enc" that are common between all recipients in either the "protected" or "unprotected" top-level headers, but this isn't a requirement.  In the worst case, should a sender use different "enc" values for different recipients, the result will be that the JWE will fail to decrypt for all the recipients in which the "enc" value is incorrect.

                                                            -- Mike

From: Jim Schaad [mailto:ietf@augustcellars.com]
Sent: Tuesday, July 23, 2013 5:23 AM
To: 'Richard Barnes'; Mike Jones
Cc: jose@ietf.org
Subject: RE: [jose] Question on enc location

As a follow up.   Is this legal?

{
  Header: <alg:"direct", enc:"AES-GCM"},
  IV: ..., tag:..., payload:...
}

Or is the line

Recipients:[{}],

Required?

From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: Tuesday, July 23, 2013 5:04 AM
To: Mike Jones
Cc: Jim Schaad; jose@ietf.org<mailto:jose@ietf.org>
Subject: Re: [jose] Question on enc location

In which case, it seems like it should be in the top level header, to avoid having it repeated every time.

In general, it seems like there are "content" parameters (e.g., enc, zip, cty) that should go at the top level, and "key" parameters that should be per-recipient (e.g., alg, epk, salt).  It would be helpful to implementors to be clear about what goes where.



On Monday, July 22, 2013, Mike Jones wrote:
No - just that the "enc" field for all recipients be the same.

From: jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');> [mailto:jose-bounces@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose-bounces@ietf.org');>] On Behalf Of Jim Schaad
Sent: Monday, July 22, 2013 4:33 PM
To: jose@ietf.org<javascript:_e(%7b%7d,%20'cvml',%20'jose@ietf.org');>
Subject: [jose] Question on enc location

Is there supposed to be a requirement in the JWE specification that the enc field be in the common protected (or unprotected) header and no in the individual recipient header information?

Jim

v2.23.0 | Report a Bug | By Email