IETF Logo Mail Archive

Re: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt

Russ Housley <housley@vigilsec.com> Thu, 25 April 2013 17:30 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1F9921F961D for <jose@ietfa.amsl.com>; Thu, 25 Apr 2013 10:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dkf9Zmfm-u1q for <jose@ietfa.amsl.com>; Thu, 25 Apr 2013 10:30:49 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 64B7421F9457 for <jose@ietf.org>; Thu, 25 Apr 2013 10:30:47 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 13243F2407F; Thu, 25 Apr 2013 13:30:47 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id a6T5eaKL94rt; Thu, 25 Apr 2013 13:30:17 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-241-221-210.washdc.fios.verizon.net [96.241.221.210]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 36C0DF24082; Thu, 25 Apr 2013 13:30:44 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <014201ce416a$82761a80$87624f80$@augustcellars.com>
Date: Thu, 25 Apr 2013 13:30:36 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B9EADFAC-382A-40C3-937C-C07E77777273@vigilsec.com>
References: <20130424002901.19246.69134.idtracker@ietfa.amsl.com> <014201ce416a$82761a80$87624f80$@augustcellars.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1085)
Cc: jose@ietf.org
Subject: Re: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 17:31:20 -0000

Mike:

Like Jim, I cannot support this statement: AES GCM MUST NOT be used when using the JWE JSON Serialization for multiple recipients

All recipients ought to be performing decryption and integrity checking with the same GCM key.  The manner in which they obtain that key may be different (key transport: decrypt the GCM key with the recipient's private key, key agreement: agreement of a pairwise KEK and then unwrapping the GCM key with the KEK, pre-shared KEK: unwrapping the GCM key with the already known KEK, etc).

Russ


On Apr 25, 2013, at 12:07 AM, Jim Schaad wrote:

> Mike,
> 
> AES GCM MUST NOT be used when using the JWE JSON Serialization for
>   multiple recipients, since this would result in the same
>   Initialization Vector and Plaintext values being used for multiple
>   GCM encryptions.
> 
> I doubt your co-authors would agree with this.
> I doubt the working group with agree with this.
> I know that at least one co-chair does not agree with this
> I can predict that the AD and IESG along with the security directorate would
> crucify me if I allowed this to stand in the document..
> 
> Jim
> 
> 
> 
>> -----Original Message-----
>> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
>> internet-drafts@ietf.org
>> Sent: Tuesday, April 23, 2013 5:29 PM
>> To: i-d-announce@ietf.org
>> Cc: jose@ietf.org
>> Subject: [jose] I-D Action: draft-ietf-jose-json-web-encryption-09.txt
>> 
>> 
>> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>> This draft is a work item of the Javascript Object Signing and Encryption
>> Working Group of the IETF.
>> 
>> 	Title           : JSON Web Encryption (JWE)
>> 	Author(s)       : Michael B. Jones
>>                          Eric Rescorla
>>                          Joe Hildebrand
>> 	Filename        : draft-ietf-jose-json-web-encryption-09.txt
>> 	Pages           : 54
>> 	Date            : 2013-04-23
>> 
>> Abstract:
>>   JSON Web Encryption (JWE) is a means of representing encrypted
>>   content using JavaScript Object Notation (JSON) data structures.
>>   Cryptographic algorithms and identifiers for use with this
>>   specification are described in the separate JSON Web Algorithms (JWA)
>>   specification.  Related digital signature and MAC capabilities are
>>   described in the separate JSON Web Signature (JWS) specification.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-encryption
>> 
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-09
>> 
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-ietf-jose-json-web-encryption-09
>> 
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email