[jose] #29: Add an explicit "aad" field to JWE
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Thu, 27 June 2013 23:05 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E273021F9D9A for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 16:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.3
X-Spam-Level:
X-Spam-Status: No, score=-101.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6JdwnL1Bk5g for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 16:05:14 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 3748C21F9D0F for <jose@ietf.org>; Thu, 27 Jun 2013 16:05:13 -0700 (PDT)
Received: from localhost ([127.0.0.1]:34280 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UsLFQ-0002zp-HM; Fri, 28 Jun 2013 01:05:05 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Thu, 27 Jun 2013 23:05:03 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/jose/trac/ticket/29
Message-ID: <049.2f6c2e28d610320d40f8f4307cd0bf6b@trac.tools.ietf.org>
X-Trac-Ticket-ID: 29
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130627230514.3748C21F9D0F@ietfa.amsl.com>
Resent-Date: Thu, 27 Jun 2013 16:05:13 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #29: Add an explicit "aad" field to JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 23:05:15 -0000
#29: Add an explicit "aad" field to JWE
Let's start from the design principle that the crypto operations in JWE
should not be JWE-specific if they don't have to be. Right now, the only
way for an application to provide AAD to a JWE algorithm is in the
protected header. So it's impossible to use JOSE to implement any
protocol that uses AAD to protect non-JSON data. (Or if not impossible,
it's costly, since it will end up getting double-base64 encoded.)
Instead, JWE should have an explicit "aad" field that contains a
base64-encoded octet string that is input as Additional Authenticated Data
to the AEAD algorithm. If there is a protected header present then the
overall AAD is the concatenation of the header and the "aad" field.
In the compact format, this field is always empty.
OLD:
"""
Let the Additional Authenticated Data encryption parameter be the octets
of the ASCII representation of the Encoded JWE Header value.
"""
NEW:
"""
Let the Additional Authenticated Data encryption parameter be the octets
of the ASCII representation of the Encoded JWE Header value. If an "aad"
parameter is present, set the Additional Authenticated Data to the
concatenation of the Encoded JWE Header, a period ('.') character, and the
ASCII representation of the "aad" field value.
"""
--
-------------------------+-------------------------------------------------
Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web-
Type: defect | encryption@tools.ietf.org
Priority: major | Status: new
Component: json-web- | Milestone:
encryption | Version:
Severity: - | Keywords:
-------------------------+-------------------------------------------------
Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/29>
jose <http://tools.ietf.org/jose/>
- [jose] #29: Add an explicit "aad" field to JWE jose issue tracker
- Re: [jose] #29: Add an explicit "aad" field to JWE Mike Jones
- Re: [jose] #29: Add an explicit "aad" field to JWE jose issue tracker
- Re: [jose] #29: Add an explicit "aad" field to JWE jose issue tracker