IETF Logo Mail Archive

Re: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt

"Jim Schaad" <ietf@augustcellars.com> Thu, 25 April 2013 04:09 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3622921F8BE9 for <jose@ietfa.amsl.com>; Wed, 24 Apr 2013 21:09:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.98
X-Spam-Level:
X-Spam-Status: No, score=-2.98 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IgSKoN63NQ9P for <jose@ietfa.amsl.com>; Wed, 24 Apr 2013 21:09:00 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) by ietfa.amsl.com (Postfix) with ESMTP id B377521F8AD5 for <jose@ietf.org>; Wed, 24 Apr 2013 21:09:00 -0700 (PDT)
Received: from Philemon (unknown [207.239.114.206]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id B641738F19; Wed, 24 Apr 2013 21:08:51 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: Mike Jones <Michael.Jones@microsoft.com>
References: <20130424002901.19246.69134.idtracker@ietfa.amsl.com>
In-Reply-To: <20130424002901.19246.69134.idtracker@ietfa.amsl.com>
Date: Wed, 24 Apr 2013 21:07:19 -0700
Message-ID: <014201ce416a$82761a80$87624f80$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGMAkutZDO/mM1MbqdkRoeXZXifIZlqz8aA
Content-Language: en-us
Cc: jose@ietf.org
Subject: Re: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 04:09:01 -0000

Mike,

AES GCM MUST NOT be used when using the JWE JSON Serialization for
   multiple recipients, since this would result in the same
   Initialization Vector and Plaintext values being used for multiple
   GCM encryptions.

I doubt your co-authors would agree with this.
I doubt the working group with agree with this.
I know that at least one co-chair does not agree with this
I can predict that the AD and IESG along with the security directorate would
crucify me if I allowed this to stand in the document..

Jim



> -----Original Message-----
> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
> internet-drafts@ietf.org
> Sent: Tuesday, April 23, 2013 5:29 PM
> To: i-d-announce@ietf.org
> Cc: jose@ietf.org
> Subject: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>  This draft is a work item of the Javascript Object Signing and Encryption
> Working Group of the IETF.
> 
> 	Title           : JSON Web Encryption (JWE)
> 	Author(s)       : Michael B. Jones
>                           Eric Rescorla
>                           Joe Hildebrand
> 	Filename        : draft-ietf-jose-json-web-encryption-09.txt
> 	Pages           : 54
> 	Date            : 2013-04-23
> 
> Abstract:
>    JSON Web Encryption (JWE) is a means of representing encrypted
>    content using JavaScript Object Notation (JSON) data structures.
>    Cryptographic algorithms and identifiers for use with this
>    specification are described in the separate JSON Web Algorithms (JWA)
>    specification.  Related digital signature and MAC capabilities are
>    described in the separate JSON Web Signature (JWS) specification.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-encryption
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-09
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-encryption-09
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email