Re: [jose] #4: Impossible to separate wrapped key from encrypted data

Richard Barnes <rlb@ipv.sx> Tue, 26 February 2013 19:16 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADF4B21F870E for <jose@ietfa.amsl.com>; Tue, 26 Feb 2013 11:16:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BdOFApCANFT for <jose@ietfa.amsl.com>; Tue, 26 Feb 2013 11:16:05 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9C44221F872E for <jose@ietf.org>; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id h1so6028860oag.17 for <jose@ietf.org>; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=QgZHThomeCZEZ76Q9biDRn8nZg52ZgmvkF1homJkup0=; b=F3cQQuHUCM5aCkI3CEz+R0qcs5sD1OJMN9ByaAiGYFsquAUWPSxSv8As3XjKDQeNid ECtGYifOB2YYdiHUMpb7RI3azM8s1rKoQjnCObZMvQ9trTWCU0nByiMaCRPuda4uPzBz cs9jF3Zox143Rf2l+a5GpgqxM0UQwDTyMSounE7h+hscZXHYvjIg06f01tA+uXG6Tw3x hhwwBk6vRM07+zCs1BDXibNHMkYyGG0N57XDuP+IYFxdsRJeXXyEquTjIgPFXBRpm/P4 dT//DhCSFQPPWxAyXt4f4acwST1HCPqyWGXdBjVUPttpCoXSfkfrZT4eIt0qplP6BQ3K Vz/w==
MIME-Version: 1.0
X-Received: by 10.60.22.69 with SMTP id b5mr2698989oef.38.1361906160072; Tue, 26 Feb 2013 11:16:00 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Tue, 26 Feb 2013 11:15:59 -0800 (PST)
X-Originating-IP: [192.1.255.180]
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943674A71C8@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <054.24cd2b074db2dc2bbbcb828a8456fbe9@trac.tools.ietf.org> <069.35ef4482936d3eebeb4279ca3a1ad678@trac.tools.ietf.org> <CAL02cgSbcvKEq0hOvF8DfdAL_Xy_AHjxXX7cFWwUHJoahaDNaQ@mail.gmail.com> <4E1F6AAD24975D4BA5B1680429673943674A71C8@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Tue, 26 Feb 2013 14:15:59 -0500
Message-ID: <CAL02cgT_MPQP=rtGYNhz1osebwBEpDYiUnCG_y4AcsxKNq02yw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary=e89a8fb1f2b6e39af004d6a57ce7
X-Gm-Message-State: ALoCoQkm5wHmlu/E+et19cKCRxWk9/d2OpM8tLG+FeIY2g3tnJgbZhWmTe+XW9BOJJutQc37YD5f
Cc: "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, jose issue tracker <trac+jose@trac.tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>, Nat Sakimura <sakimura@gmail.com>
Subject: Re: [jose] #4: Impossible to separate wrapped key from encrypted data
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2013 19:16:06 -0000

So the proposal is to have two different ways of transmitting protected
keys, one for JWE and one separate?  Why?



On Mon, Feb 25, 2013 at 8:09 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  Actually, I think Matt’s draft-miller-jose-jwe-protected-jwk, written in
> response to our new proposed charter item (8), exactly addresses how the
> key is transmitted for separable keys.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* Richard Barnes [mailto:rlb@ipv.sx]
> *Sent:* Monday, February 25, 2013 1:36 PM
> *To:* jose issue tracker
> *Cc:* draft-ietf-jose-json-web-encryption@tools.ietf.org; Nat Sakimura;
> jose@ietf.org
> *Subject:* Re: [jose] #4: Impossible to separate wrapped key from
> encrypted data****
>
> ** **
>
> That still doesn't address how the key is transmitted.****
>
> ** **
>
> A solution for encryption requires (1) a way to encrypt a JWE under a
> given key, and (2) a way to transmit wrapped keys.  You are proposing a
> solution to (1), with some mechanism for (2).****
>
> ** **
>
> JWE already solves (1) and (2), just not in a way that the keys are
> separable. Because the keys are included under the JWE integrity check, the
> JWE integrity check value will be different for each wrapped key.****
>
> ** **
>
> Your answer already concedes that there is no benefit to including the key
> under the JWE integrity check.  We should just make it that way with JWE in
> general and the issue will be resolved.****
>
> ** **
>
>  ****
>
> ** **
>
> ** **
>
> On Mon, Feb 25, 2013 at 2:19 PM, jose issue tracker <
> trac+jose@trac.tools.ietf.org> wrote:****
>
> #4: Impossible to separate wrapped key from encrypted data
>
>
> Comment (by sakimura@gmail.com):
>
>  4.6 Dierct Encryption with a Shared Symmetric Key of JWA seems to be
>  addressing the needs in this ticket.
>
> --
> -------------------------+-------------------------------------------------
>  Reporter:               |       Owner:  draft-ietf-jose-json-web-
>   rbarnes@bbn.com        |  encryption@tools.ietf.org
>      Type:  defect       |      Status:  new
>  Priority:  major        |   Milestone:
> Component:  json-web-    |     Version:
>   encryption             |  Resolution:
>  Severity:  Active WG    |
>   Document               |
>  Keywords:               |
> -------------------------+-------------------------------------------------
>
> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4#comment:1>
> jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
> ** **
>