Re: [jose] #4: Impossible to separate wrapped key from encrypted data
Richard Barnes <rlb@ipv.sx> Tue, 26 February 2013 19:16 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF4B21F870E for <jose@ietfa.amsl.com>; Tue, 26 Feb 2013 11:16:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BdOFApCANFT for <jose@ietfa.amsl.com>; Tue, 26 Feb 2013 11:16:05 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9C44221F872E for <jose@ietf.org>; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id h1so6028860oag.17 for <jose@ietf.org>; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=QgZHThomeCZEZ76Q9biDRn8nZg52ZgmvkF1homJkup0=; b=F3cQQuHUCM5aCkI3CEz+R0qcs5sD1OJMN9ByaAiGYFsquAUWPSxSv8As3XjKDQeNid ECtGYifOB2YYdiHUMpb7RI3azM8s1rKoQjnCObZMvQ9trTWCU0nByiMaCRPuda4uPzBz cs9jF3Zox143Rf2l+a5GpgqxM0UQwDTyMSounE7h+hscZXHYvjIg06f01tA+uXG6Tw3x hhwwBk6vRM07+zCs1BDXibNHMkYyGG0N57XDuP+IYFxdsRJeXXyEquTjIgPFXBRpm/P4 dT//DhCSFQPPWxAyXt4f4acwST1HCPqyWGXdBjVUPttpCoXSfkfrZT4eIt0qplP6BQ3K Vz/w==
MIME-Version: 1.0
X-Received: by 10.60.22.69 with SMTP id b5mr2698989oef.38.1361906160072; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Tue, 26 Feb 2013 11:15:59 -0800 (PST)
X-Originating-IP: [192.1.255.180]
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943674A71C8@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org> <069.35ef4482936d3eebeb4279ca3a1ad678@trac.tools.ietf.org> <CAL02cgSbcvKEq0hOvF8DfdAL_Xy_AHjxXX7cFWwUHJoahaDNaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943674A71C8@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Tue, 26 Feb 2013 14:15:59 -0500
Message-ID: <CAL02cgT_MPQP=rtGYNhz1osebwBEpDYiUnCG_y4AcsxKNq02yw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8fb1f2b6e39af004d6a57ce7"
X-Gm-Message-State: ALoCoQkm5wHmlu/E+et19cKCRxWk9/d2OpM8tLG+FeIY2g3tnJgbZhWmTe+XW9BOJJutQc37YD5f
Cc: "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, jose issue tracker <trac+jose@trac.tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>, Nat Sakimura <sakimura@gmail.com>
Subject: Re: [jose] #4: Impossible to separate wrapped key from encrypted data
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2013 19:16:06 -0000
So the proposal is to have two different ways of transmitting protected keys, one for JWE and one separate? Why? On Mon, Feb 25, 2013 at 8:09 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > Actually, I think Matt’s draft-miller-jose-jwe-protected-jwk, written in > response to our new proposed charter item (8), exactly addresses how the > key is transmitted for separable keys.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* Richard Barnes [mailto:rlb@ipv.sx] > *Sent:* Monday, February 25, 2013 1:36 PM > *To:* jose issue tracker > *Cc:* draft-ietf-jose-json-web-encryption@tools.ietf.org; Nat Sakimura; > jose@ietf.org > *Subject:* Re: [jose] #4: Impossible to separate wrapped key from > encrypted data**** > > ** ** > > That still doesn't address how the key is transmitted.**** > > ** ** > > A solution for encryption requires (1) a way to encrypt a JWE under a > given key, and (2) a way to transmit wrapped keys. You are proposing a > solution to (1), with some mechanism for (2).**** > > ** ** > > JWE already solves (1) and (2), just not in a way that the keys are > separable. Because the keys are included under the JWE integrity check, the > JWE integrity check value will be different for each wrapped key.**** > > ** ** > > Your answer already concedes that there is no benefit to including the key > under the JWE integrity check. We should just make it that way with JWE in > general and the issue will be resolved.**** > > ** ** > > **** > > ** ** > > ** ** > > On Mon, Feb 25, 2013 at 2:19 PM, jose issue tracker < > trac+jose@trac.tools.ietf.org> wrote:**** > > #4: Impossible to separate wrapped key from encrypted data > > > Comment (by sakimura@gmail.com): > > 4.6 Dierct Encryption with a Shared Symmetric Key of JWA seems to be > addressing the needs in this ticket. > > -- > -------------------------+------------------------------------------------- > Reporter: | Owner: draft-ietf-jose-json-web- > rbarnes@bbn.com | encryption@tools.ietf.org > Type: defect | Status: new > Priority: major | Milestone: > Component: json-web- | Version: > encryption | Resolution: > Severity: Active WG | > Document | > Keywords: | > -------------------------+------------------------------------------------- > > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:1> > jose <http://tools.ietf.org/jose/> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
- [jose] #4: Impossible to separate wrapped key fro… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… jose issue tracker
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Impossible to separate wrapped key… Mike Jones
- Re: [jose] #4: Impossible to separate wrapped key… Richard Barnes
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker
- Re: [jose] #4: Remove wrapped keys from integrity… jose issue tracker