Re: [jose] #4: Impossible to separate wrapped key from encrypted data
Mike Jones <Michael.Jones@microsoft.com> Tue, 26 February 2013 01:09 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D3321E80B6 for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 17:09:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level:
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mz9vXB46Nu8G for <jose@ietfa.amsl.com>; Mon, 25 Feb 2013 17:09:33 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.27]) by ietfa.amsl.com (Postfix) with ESMTP id 60D5C21F959E for <jose@ietf.org>; Mon, 25 Feb 2013 17:09:33 -0800 (PST)
Received: from BY2FFO11FD020.protection.gbl (10.1.15.202) by BY2FFO11HUB019.protection.gbl (10.1.14.178) with Microsoft SMTP Server (TLS) id 15.0.620.12; Tue, 26 Feb 2013 01:09:31 +0000
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD020.mail.protection.outlook.com (10.1.14.137) with Microsoft SMTP Server (TLS) id 15.0.620.12 via Frontend Transport; Tue, 26 Feb 2013 01:09:31 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.96]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0318.003; Tue, 26 Feb 2013 01:09:13 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, jose issue tracker <trac+jose@trac.tools.ietf.org>
Thread-Topic: [jose] #4: Impossible to separate wrapped key from encrypted data
Thread-Index: AQHN9dLv50DqsHqexUC9/urUPqFErJiLLoYAgAAmJQCAADqnMA==
Date: Tue, 26 Feb 2013 01:09:13 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943674A71C8@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org> <069.35ef4482936d3eebeb4279ca3a1ad678@trac.tools.ietf.org> <CAL02cgSbcvKEq0hOvF8DfdAL_Xy_AHjxXX7cFWwUHJoahaDNaQ@mail.gmail.com>
In-Reply-To: <CAL02cgSbcvKEq0hOvF8DfdAL_Xy_AHjxXX7cFWwUHJoahaDNaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943674A71C8TK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(189002)(24454001)(377454001)(74502001)(5343635001)(20776003)(31966008)(51856001)(76482001)(65816001)(66066001)(47446002)(54316002)(55846006)(47976001)(512954001)(46102001)(47736001)(50986001)(49866001)(15202345001)(74662001)(80022001)(16406001)(4396001)(33656001)(56776001)(63696002)(53806001)(44976002)(5343655001)(79102001)(16236675001)(77982001)(56816002)(54356001)(59766001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB019; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 07697999E6
Cc: "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, Nat Sakimura <sakimura@gmail.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #4: Impossible to separate wrapped key from encrypted data
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2013 01:09:35 -0000
Actually, I think Matt's draft-miller-jose-jwe-protected-jwk, written in response to our new proposed charter item (8), exactly addresses how the key is transmitted for separable keys.
-- Mike
From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: Monday, February 25, 2013 1:36 PM
To: jose issue tracker
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; Nat Sakimura; jose@ietf.org
Subject: Re: [jose] #4: Impossible to separate wrapped key from encrypted data
That still doesn't address how the key is transmitted.
A solution for encryption requires (1) a way to encrypt a JWE under a given key, and (2) a way to transmit wrapped keys. You are proposing a solution to (1), with some mechanism for (2).
JWE already solves (1) and (2), just not in a way that the keys are separable. Because the keys are included under the JWE integrity check, the JWE integrity check value will be different for each wrapped key.
Your answer already concedes that there is no benefit to including the key under the JWE integrity check. We should just make it that way with JWE in general and the issue will be resolved.
On Mon, Feb 25, 2013 at 2:19 PM, jose issue tracker <trac+jose@trac.tools.ietf.org<mailto:trac+jose@trac.tools.ietf.org>> wrote:
#4: Impossible to separate wrapped key from encrypted data
Comment (by sakimura@gmail.com<mailto:sakimura@gmail.com>):
4.6 Dierct Encryption with a Shared Symmetric Key of JWA seems to be
addressing the needs in this ticket.
--
-------------------------+-------------------------------------------------
Reporter: | Owner: draft-ietf-jose-json-web-
rbarnes@bbn.com<mailto:rbarnes@bbn.com> | encryption@tools.ietf.org<mailto:encryption@tools.ietf.org>
Type: defect | Status: new
Priority: major | Milestone:
Component: json-web- | Version:
encryption | Resolution:
Severity: Active WG |
Document |
Keywords: |
-------------------------+-------------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:1>
jose <http://tools.ietf.org/jose/>
_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose
- [jose] #4: Impossible to separate wrapped key fro… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Impossible to separate wrapped key… Mike Jones
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker