Re: [jose] order of step for encryption. JWE section 5
"Jim Schaad" <ietf@augustcellars.com> Tue, 07 August 2012 19:02 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D4D021F87AD for <jose@ietfa.amsl.com>; Tue, 7 Aug 2012 12:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.568
X-Spam-Level:
X-Spam-Status: No, score=-3.568 tagged_above=-999 required=5 tests=[AWL=0.031, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Co0kwTa-zg1x for <jose@ietfa.amsl.com>; Tue, 7 Aug 2012 12:02:09 -0700 (PDT)
Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfa.amsl.com (Postfix) with ESMTP id 622D221F8718 for <jose@ietf.org>; Tue, 7 Aug 2012 12:02:03 -0700 (PDT)
Received: from Tobias (mail.augustcellars.com [50.34.17.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id A50A82CA02; Tue, 7 Aug 2012 12:02:03 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Mike Jones' <Michael.Jones@microsoft.com>, jose@ietf.org
References: <CE8995AB5D178F44A2154F5C9A97CAF402517DB698C5@HE111541.emea1.cds.t-internal.com> <4E1F6AAD24975D4BA5B1680429673943667537AF@TK5EX14MBXC285.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943667537AF@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Tue, 07 Aug 2012 12:00:36 -0700
Message-ID: <015001cd74ce$ee7a7460$cb6f5d20$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFW1jkqEaitbq4SUyx/cc/gK2wxEQDGdL+pmDW9XXA=
Content-Language: en-us
Subject: Re: [jose] order of step for encryption. JWE section 5
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 19:02:10 -0000
Mike, What is you issue of dealing with lists inside of lists for xml2rfc - is it just a question of how things are formatted? If so then this is an issue that can be left to the RFC Editor. Such formatting should be improved in general over the next few months as the new version of xml2rfc processing starts to get fully tested and rolled out. If the problem is something else, I would be interested in hearing what it is. > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Mike Jones > Sent: Sunday, August 05, 2012 5:20 AM > To: Axel.Nennker@telekom.de; jose@ietf.org > Subject: Re: [jose] order of step for encryption. JWE section 5 > > Thanks for the careful read, Axel. I'll work to make the write-up of the steps > clearer, using your input. In particular, I'll look for ways to better structure > the steps. (Unfortunately, the xml2rfc tool doesn't do a particularly good job > of structuring lists with sub-lists.) > > Answering your point 2c, a random CMK is not used in this case. Instead, the > agreed-upon key is used directly to perform the encryption. I also plan to > add a key agreement example in the next draft. I expect that this will help > make this case clearer. > > Thanks again, > -- Mike > > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Axel.Nennker@telekom.de > Sent: Saturday, August 04, 2012 11:55 PM > To: jose@ietf.org > Subject: [jose] order of step for encryption. JWE section 5 > > Hi, > > I have two issues with section 5 of > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05.html > > 1) > I would prefer it if the order of the steps 1 and 2 were reversed in section 5. > > Currently we have: > Message Encryption > > > The message encryption process is as follows. The order of the steps > is not significant in cases where there are no dependencies between > the inputs and outputs of the steps. > > 1. When key agreement is employed, use the key agreement algorithm > to compute the value of the agreed upon key. When key agreement > without key wrapping is employed, let the Content Master Key > (CMK) be the agreed upon key. When key agreement with key > wrapping is employed, the agreed upon key will be used to wrap > the CMK. > > 2. When key wrapping, key encryption, or key agreement with key > wrapping are employed, generate a random Content Master Key > (CMK). See RFC 4086 [RFC4086] for considerations on generating > random values. The CMK MUST have a length equal to that of the > larger of the required encryption and integrity keys. > > Step 1 refers to the CMK that might be randomly created in step 2. I think it is > better to have the CMK generation . > > 2) I find the text of the current step 1 confusing. > 2a) The first sentence is nearly a tautology > 2b) All sentences begin with When but the sentences two and three are > alternative choices and the first is not. > 2c) Does "When key agreement without key wrapping is employed, let the > Content Master Key > (CMK) be the agreed upon key." make sense? > What is the key agreement good for then? > Should this read: "When key agreement without key wrapping is > employed, let the agreed upon key be the CMK" ? There SHOULD be some > randomness e.g. through the epk. > > Could we structure these steps more? I) determine the CEK, generate > random values like IVs and epks II) build the jweHeaderSegment (e.g. > put the IV there) III) build the jweKeySegment (e.g. key wrapping) IV) build > the jweCryptoSegment V) build the jweIntegritySegment VI) base64url > encode and concatenate the segments > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] order of step for encryption. JWE section 5 Axel.Nennker
- Re: [jose] order of step for encryption. JWE sect… Mike Jones
- Re: [jose] order of step for encryption. JWE sect… Axel.Nennker
- Re: [jose] order of step for encryption. JWE sect… Jim Schaad
- Re: [jose] order of step for encryption. JWE sect… Mike Jones
- Re: [jose] order of step for encryption. JWE sect… Mike Jones