Re: [jose] [Editorial Errata Reported] RFC7517 (6907)

Wei-Jun Wang <weijun.wang@oracle.com> Mon, 04 April 2022 02:25 UTC

Return-Path: <weijun.wang@oracle.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7F3A1E07 for <jose@ietfa.amsl.com>; Sun, 3 Apr 2022 19:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=eMlKR6Tv; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=Ia46kwRo
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tn2_yeFbuR3R for <jose@ietfa.amsl.com>; Sun, 3 Apr 2022 19:25:45 -0700 (PDT)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B0DC3A1E02 for <jose@ietf.org>; Sun, 3 Apr 2022 19:25:45 -0700 (PDT)
Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 233CuxpF012946; Mon, 4 Apr 2022 02:25:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2021-07-09; bh=TCBgMx9tTf9kp6zkI+AyQL34430MAbtly/97vmKHqCI=; b=eMlKR6Tv9vwCvaZGtOMrCHt0CdV3/moRUX5qTL5nCYyYzVCXeiAm7otjH9awjNLYanaC bCMh/e2phtY7YBA/bA5ZZtAxoLU8K6HzgvrQW26rIJ44QNzUJZjTbt3/lHK53zU3UI8b T9fu55DLTenMjGxQT0cTi5eOxh9F/z2Ns2YJqTaA3W/w992mWZSNVFsnDAI9EipiADig yvhjY/HDaLsdOzaqdO2SGQGWVuh4gniXAsl2pjuGpxqbgOEVg5vulZ2V9RT3Qa/R7TLy Gk225A77/dDl9wq77fA0DTTt3NYFVaUbDAZ/YNZ3ga+fhNZOksgPHtBI7I69JizgFxTu bg==
Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com with ESMTP id 3f6f1t1v1f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 04 Apr 2022 02:25:37 +0000
Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.16.1.2/8.16.1.2) with SMTP id 23427W9f032118; Mon, 4 Apr 2022 02:25:36 GMT
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam07lp2044.outbound.protection.outlook.com [104.47.56.44]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com with ESMTP id 3f6cx20sut-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 04 Apr 2022 02:25:36 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BUzsys7g27YI59MdlX6T4yz1nR5AzhQwclGxbFh82fJRW2SQa2lUq+FJVSJz/EXiMHz8noo+DxKoAfcn4wCisZ5BKBwsAx4i9iW5jHSENH/V7dML3yvwqf6+GSQ0iyAQXm9TEr7K6fJKV2WspZ9MDiAXHEO7j/AwCitc1i7usLTWadXSJUPtUaj3g5lZ/5R6XGHZFKODocBmFs7VKCXi9MLAozTLe2upebQ/zXB+PRm4AbOWmQKNfIHC79+/03caoqd2HqGJd4qJUpwH5Kj6QAYrvMu/RMLvHetQYrmwxfZYfp8GYr3adINkx1bIksPxxIlu7vch+1S7mCpvxMye8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TCBgMx9tTf9kp6zkI+AyQL34430MAbtly/97vmKHqCI=; b=FU4eK2Ff4+iJm+m0xLILl7Q6ZsZkrXj4gkfLIuN7RibNbw4lyOK3geSn/nhTnfyKAoZ9gz7L/9fOW1gOTwcSQvAd/KcCKw9g5cE0Sc33FCN254hW0xuA8fR9gcH2zSiaYB7RVnX7WUXDmdEamqzKifqyoJ5L1rCBewlXCf+r2ZL5sPMICkKWM9C9wtcLfvsdocIWcePtuts3PUhq9LTI/72OKrsFoF0Ovi2+ypl4iNJAWmivtTTOfGNGV+GtQDYh2JuGxUvUVmFFS+BFXbdVv5S4wcHjy6dDA5ZXoIHq1uQ+33zidViluAwHgKlEKxKItCZJpsb82S6dhCPMeLgUWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TCBgMx9tTf9kp6zkI+AyQL34430MAbtly/97vmKHqCI=; b=Ia46kwRo6H3Ee5U6q3SjUhsqYox9hRkPk/JlkJl3cvQWGG4yRWMPac9FYQEEoCYFq+mMGnQwnKJp4FEeCVrb1lVKo16VpksPUzWc1YzphqNyVHpxUDcxsee6xacLsddQKqfqRDz4IZ4e0oSf8ijx5c4NNTzgJ8XrUFR2+nF6250=
Received: from BLAPR10MB5075.namprd10.prod.outlook.com (2603:10b6:208:322::19) by SA2PR10MB4459.namprd10.prod.outlook.com (2603:10b6:806:11f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Mon, 4 Apr 2022 02:25:34 +0000
Received: from BLAPR10MB5075.namprd10.prod.outlook.com ([fe80::48ca:891:2fb4:8d39]) by BLAPR10MB5075.namprd10.prod.outlook.com ([fe80::48ca:891:2fb4:8d39%5]) with mapi id 15.20.5123.031; Mon, 4 Apr 2022 02:25:34 +0000
From: Wei-Jun Wang <weijun.wang@oracle.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Chris Smiley <csmiley@amsl.com>, "Roman D. Danyliw" <rdd@cert.org>, Paul Wouters <paul.wouters@aiven.io>, "mbj@microsoft.com" <mbj@microsoft.com>, "jose@ietf.org" <jose@ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [jose] [Editorial Errata Reported] RFC7517 (6907)
Thread-Index: AQHYRE3Li1JRKMxxlEG01T6cppv3ZazbrX0AgAAqOACAAzY2zg==
Date: Mon, 04 Apr 2022 02:25:34 +0000
Message-ID: <D7881288-E03A-47F4-9577-3247A6AFD4C0@oracle.com>
References: <20220330154943.EDA954C1D2@rfcpa.amsl.com> <1E23504C-7692-4C8D-849F-C6E6E050161E@amsl.com> <A4C7DF4F-2977-46DB-8A5A-3D01C91D8079@tzi.org>
In-Reply-To: <A4C7DF4F-2977-46DB-8A5A-3D01C91D8079@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f002fde3-f123-4dc6-6eff-08da15e26643
x-ms-traffictypediagnostic: SA2PR10MB4459:EE_
x-microsoft-antispam-prvs: <SA2PR10MB4459A869CD0ADA5F3306E78D98E59@SA2PR10MB4459.namprd10.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WgAUVaVJeF7P+9m5DTAWlidxZCLTVSQTvR6chHvJUnqAVILTwIygHSu9AJ5dFo5JDqETUp/bTsbajYI/qKvSTJRibirWx57KwJ9ezUwhxM2IrhqzhWSkTaj1yOe+5kKcGsckg2FoYCE3/Ks7BzwBB1j27S6/WvNgdgguA/ACL5RKbQYQAofRJ5S0e7XiR7dqCeuliywgNuG8jCxkV6MLe6gOWIMdKVhIm9TfTfyXO6dYnYbBV1Xy+QUgleFyQ2rSrpUJmUKUU6eiwIOYp0s4LgU+dGSAPNGk5PYOHLHMeqgBwPrli0P+LRIrFmRRapk2VDUP6Q9mBTse1iVYHOCbPu2acOSt/pn+fQ7gX1R6E8wFmpzH7tZxjRpcJigD5H/eTsF5WK/CcnVp91DOSJRIMVgva2Z1wtPxw3W232lOce7MhtFaQWVmhP4KmT1BkPmJyzGIkIzHT0LTxUSzS2TPyDFHrjP+8+sWGcCemVSP9afi0U3AB7ghvApMn6W8C5I0sIwVMmjpPQkXO/eCfARo7YPFDnyzBhTksW+J9H3lvZfTCBAcJInhF3CquJc7NhDmxA5dGWs4I7eAJ3XhebZGiHm2AeNZiUytxM73SXY5CkSVRxeLYhlnhm/HKg5YjOLcEDwI4G+PH7vCB/f37lTEfuLdIKoMQ85Fp2l/ushYbLSR66Jq1TrNUsEys/3s2alnvgf4yqDOUsWvsIw+4bMgN1e6lyplZtrPHZtMADDJLMU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5075.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(186003)(26005)(83380400001)(66446008)(66476007)(6916009)(316002)(66556008)(54906003)(4326008)(8676002)(64756008)(66946007)(38070700005)(71200400001)(76116006)(36756003)(2616005)(2906002)(53546011)(5660300002)(33656002)(86362001)(508600001)(8936002)(6486002)(122000001)(4744005)(38100700002)(6506007)(6512007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SRY1zIgm9acn5g/rLJbTgoBBcM/trtv08s/q6YOe+/r3/QDdqhaz4qa7V2ng5PLvi4GZSk934BUdcPdYcQL0ac+C6vQBcue56Oc82Bx1YmwdCitylipBEuOME+BvmLVM2aiNAwyDMIvKZpQFQG/IqaqKFbMIeGjOUG4anOSFV2qHuuNOSxH7sk0Nc8nKWRNfB9xcT0pEVVMCnQllg0LIZ1nV5pXgz8hZbsDhVcZvoEqjEYFSmHF5uBJzgmaaqhN1ceTSPtiU0J6bZvxp8gkd0uAW2i2HhyOe4k8BhHIQImFlv9oTCQ0lCLQSoFddNZI6rViXsMMSzmx75nCn0cywhkWGC5kFL6gj77o3B1MM6RMBtvC+P9OohTtp0DmyRC1k3A3Ofsedjpsb1cSrOXKMQah98lY0ulbPc/+XvJoylaHSYCVzXYeBiESD3nlQCa+OYgZ3tVdOM5f7iyplBn0158xZN4t3Y8W/hjvDOVfh7FE++0e9nM1rO3ekiHxSI0oBPZlj0oCj55pf6ju1uYT51w9BgsOPHgcotjkmD9i32eeKO8z19hgAWiFp1FEDT7mBr7XA40/6iMUHdgk4kKMjI8P1ND8efDelCqpDLyufCiSC5D9zmBQKAt9uXr+TFTaE/TmfY+412UREPP5E/71Q2H226cjl1HFGN+2Om18erjI0o02BHplzUSVr48JelCUh4I8pP6VtkZ03IjKny2I27JJ7mRJOwB3LryyTKZYUnkaiq9X7syWj9pqVnAv32+6N0/Kqf4VTQmkSiqoSDTrraV0J1Ht9UxBLy5QqU0lq0tH6RjIzhXoezr03yt57tCEy6h6zgk6/EsRlFqfZtoqyw8YsVN1qxsrWPTvQG4dWebcjaiwvLdlCMgI/laRhEMo0DmDylQWlmkYzrbk7peWMozEmtFvw1Uzn+bK70DOMPqzFOX4Ld4CpqtEDYOBwjrBm1KvRLnX4LwOroVhEpj2I7aGVxCFc/mpUIhTPbMDkfKeFEotFbD7If67bsaPTUkDPQwHUxG5MOoIxqByiRePo7qRJnf7B+uVnVA4E0raaOmKgtPhWEiGjSniYUdVaSdqZ6Cb/u66NOlFaGb3NyXYX9qNFljEZExXcFBMZK6Z6bokRzxkT683KJJRuRqbxWv2qwJBH3xtJptgLqCXt5uz6oKZ9MztWIEaByyqLfmL24pgPyZAQ9FAGildAD/jl9p+eCJZCb+njYRA66xmBxob+vwcMlDr9B/D0bbRxIvxwpABEpOTmegMNiI+Wqu+UJ2kyUWlDbEQnKuaUjEIp7qiUw8dnXWl5o6m5Mwby2zusIG3jW1WaONyVg4KqSnAuYOuyt8RU7MjQJ3ulC9Qp/pOzT2o+pIAcF5ixXb0oILLofEKCnnt0wAsaWYFnJoqi4AucyZbVva8txw+gnmswOMqU6hzAdNnd4hjDv0MiknlX6m/RO3qHlDDQwDCP3KoSkQu6QNf+/5pMKjDmGnr1t2y/Y2lvwHfHVDxb335Wj4zRWrrLS5VFMAKeI93BR7JzRABkLnJzUERHZM1s3RpOtZc+zJDKrSvViM7qaDf32rXxqcZszxiCb55ltBFe+j7DV3ktdyRhCi2lOgk91lf99NBmyK5+WK96IE07hZcwD3C0kMADJG+jVCtePwC0lhYw5LeduAL+9IDavimeUUxLxwjeBqhzMcyAeSb7DNSiu8bQ43Cu+7uBgThsQPsWG44JW9YX1fhcSZ4IMqOefqGAtGOGGQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5075.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f002fde3-f123-4dc6-6eff-08da15e26643
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2022 02:25:34.7896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: U8sUz5xULlTv0W4fnBGRSv5zHK9ks6ZDL0LhfmhFRDIg1d+AgaNGUK735WEKWe2SMwaedEg1UrqZeJfKpaFwuw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR10MB4459
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-04-03_08:2022-03-30, 2022-04-03 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 mlxlogscore=912 phishscore=0 spamscore=0 adultscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2204040010
X-Proofpoint-ORIG-GUID: 6jlhigCeWcCwoCLi43UK5-f6W0sYTN1k
X-Proofpoint-GUID: 6jlhigCeWcCwoCLi43UK5-f6W0sYTN1k
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/p2SPH36ioYxHz5DLuC9lOVPtifA>
Subject: Re: [jose] [Editorial Errata Reported] RFC7517 (6907)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 02:25:51 -0000

Sorry if my words are confusing. By AAD, I meant Additional Authenticated Data, which is defined as the BASE64 encoding of the JWE Protected Header.

The error does not propagate to anywhere else. I’ve confirmed that the AEAD calculation later does used the BASE64 encoded string. 

Thanks,
Weijun

> On Apr 1, 2022, at 21:23, Carsten Bormann <cabo@tzi.org> wrote:
> On 2. Apr 2022, at 00:51, Chris Smiley <csmiley@amsl.com> wrote:
>> 
>>> The array in the original text is the content of JWE Protected Header. The corrected text shows the content of the AAD parameter.
> 
> I don’t understand this note, but what I see is that the original example is missing out on the base64url step (starts with 123 34, which are the decimal ASCII codes for {“, i.e., the raw JSON), while the supplied corrected example does perform it (starts with 101 121, which is ey — the first characters of the base64-url string that can also be seen at the end of C.2).
> 
> I haven’t checked whether this error propagates further down.
> 
> Grüße, Carsten