[jose] #29: Add an explicit "aad" field to JWE
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Thu, 27 June 2013 23:05 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E273021F9D9A for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 16:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.3
X-Spam-Level:
X-Spam-Status: No, score=-101.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6JdwnL1Bk5g for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 16:05:14 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 3748C21F9D0F for <jose@ietf.org>; Thu, 27 Jun 2013 16:05:13 -0700 (PDT)
Received: from localhost ([127.0.0.1]:34280 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UsLFQ-0002zp-HM; Fri, 28 Jun 2013 01:05:05 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Thu, 27 Jun 2013 23:05:03 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/jose/trac/ticket/29
Message-ID: <049.2f6c2e28d610320d40f8f4307cd0bf6b@trac.tools.ietf.org>
X-Trac-Ticket-ID: 29
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130627230514.3748C21F9D0F@ietfa.amsl.com>
Resent-Date: Thu, 27 Jun 2013 16:05:13 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #29: Add an explicit "aad" field to JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 23:05:15 -0000
#29: Add an explicit "aad" field to JWE Let's start from the design principle that the crypto operations in JWE should not be JWE-specific if they don't have to be. Right now, the only way for an application to provide AAD to a JWE algorithm is in the protected header. So it's impossible to use JOSE to implement any protocol that uses AAD to protect non-JSON data. (Or if not impossible, it's costly, since it will end up getting double-base64 encoded.) Instead, JWE should have an explicit "aad" field that contains a base64-encoded octet string that is input as Additional Authenticated Data to the AEAD algorithm. If there is a protected header present then the overall AAD is the concatenation of the header and the "aad" field. In the compact format, this field is always empty. OLD: """ Let the Additional Authenticated Data encryption parameter be the octets of the ASCII representation of the Encoded JWE Header value. """ NEW: """ Let the Additional Authenticated Data encryption parameter be the octets of the ASCII representation of the Encoded JWE Header value. If an "aad" parameter is present, set the Additional Authenticated Data to the concatenation of the Encoded JWE Header, a period ('.') character, and the ASCII representation of the "aad" field value. """ -- -------------------------+------------------------------------------------- Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- Type: defect | encryption@tools.ietf.org Priority: major | Status: new Component: json-web- | Milestone: encryption | Version: Severity: - | Keywords: -------------------------+------------------------------------------------- Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/29> jose <http://tools.ietf.org/jose/>
- [jose] #29: Add an explicit "aad" field to JWE jose issue tracker
- Re: [jose] #29: Add an explicit "aad" field to JWE Mike Jones
- Re: [jose] #29: Add an explicit "aad" field to JWE jose issue tracker
- Re: [jose] #29: Add an explicit "aad" field to JWE jose issue tracker