Re: [jose] JWE -06: Terminology - JWE IV and integrity value
"Vladimir Dzhuvinov / NimbusDS" <vladimir@nimbusds.com> Wed, 17 October 2012 08:39 UTC
Return-Path: <vladimir@nimbusds.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FA8C21F85EF for <jose@ietfa.amsl.com>; Wed, 17 Oct 2012 01:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.617
X-Spam-Level:
X-Spam-Status: No, score=-1.617 tagged_above=-999 required=5 tests=[AWL=0.982, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZvufLIrkbzR for <jose@ietfa.amsl.com>; Wed, 17 Oct 2012 01:39:28 -0700 (PDT)
Received: from n1plwbeout07-02.prod.ams1.secureserver.net (n1plsmtp07-02-02.prod.ams1.secureserver.net [188.121.52.107]) by ietfa.amsl.com (Postfix) with SMTP id D177121F853A for <jose@ietf.org>; Wed, 17 Oct 2012 01:39:27 -0700 (PDT)
Received: (qmail 13876 invoked from network); 17 Oct 2012 08:39:23 -0000
Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-02.prod.ams1.secureserver.net with SMTP; 17 Oct 2012 08:39:22 -0000
Received: (qmail 25482 invoked by uid 99); 17 Oct 2012 08:39:22 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Originating-IP: 79.100.137.102
User-Agent: Workspace Webmail 5.6.26
Message-Id: <20121017013921.cc40c4f3d92d2001859047cd8cabb9ab.e652796d65.wbe@email07.europe.secureserver.net>
From: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>
To: "jose@ietf.org" <jose@ietf.org>
Date: Wed, 17 Oct 2012 01:39:21 -0700
Mime-Version: 1.0
Subject: Re: [jose] JWE -06: Terminology - JWE IV and integrity value
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2012 08:39:29 -0000
Yes, Mike, and the JWE spec does mention further down that the IV part
may be empty:
'''
5. Message Encryption
6. Generate a random JWE Initialization Vector of the correct size
for the block encryption algorithm (if required for the
algorithm); otherwise, let the JWE Initialization Vector be the
empty byte string.
'''
My original reaction was - if it's mentioned for JWE Encrypted Key, then
it should be mentioned for the other possibly empty parts as well.
I used this hint in the library development: It has a JOSE core that
validates the messages, and only then passes them on to the matching JWA
crypto handlers for decryption. Part of this initial validation includes
checking for empty parts. For example, it makes sure the header
Base64URL part is not empty. My strategy is to have as much of this
validation performed by the core and only what is truly algorithm
related have it validated by the handler. Having a clear definition of
which parts may be empty and which not helps that.
Cheers,
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com
-------- Original Message --------
Subject: Re: [jose] JWE -06: Terminology - JWE IV and integrity value
From: Mike Jones <Michael.Jones@microsoft.com>
Date: Tue, October 16, 2012 5:13 pm
To: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>,
"jose@ietf.org" <jose@ietf.org>
There's currently no actual case where the JWE Initialization Vector or
JWE Integrity Value can be empty, because an Initialization Vector is
used for all the defined "enc" algorithms - (CBC, GCM) and all of them
have an integrity value.
However, this could be true for future algorithms. Is that what you're
thinking?
-- Mike
-----Original Message-----
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of
Vladimir Dzhuvinov / NimbusDS
Sent: Tuesday, October 16, 2012 2:33 AM
To: jose@ietf.org
Subject: [jose] JWE -06: Terminology - JWE IV and integrity value
Thank you guys for pushing the updates specs out.
Regarding JWE -06 section 2. Terminology:
It could be helpful to mention for "JWE Initialization Vector" and "JWE
Integrity Values" that these can also be empty, like said for "JWE
Encrypted Key".
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose
- [jose] JWE -06: Terminology - JWE IV and integrit… Vladimir Dzhuvinov / NimbusDS
- Re: [jose] JWE -06: Terminology - JWE IV and inte… Mike Jones
- Re: [jose] JWE -06: Terminology - JWE IV and inte… Vladimir Dzhuvinov / NimbusDS