IETF Logo Mail Archive

Re: [jose] draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)

Mike Jones <Michael.Jones@microsoft.com> Fri, 13 June 2014 21:27 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 773641B2A61 for <jose@ietfa.amsl.com>; Fri, 13 Jun 2014 14:27:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VslKQnDha4um for <jose@ietfa.amsl.com>; Fri, 13 Jun 2014 14:27:43 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0142.outbound.protection.outlook.com [207.46.163.142]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BF251A0123 for <jose@ietf.org>; Fri, 13 Jun 2014 14:27:36 -0700 (PDT)
Received: from BY2PR03CA056.namprd03.prod.outlook.com (10.141.249.29) by BY2PR03MB332.namprd03.prod.outlook.com (10.141.139.23) with Microsoft SMTP Server (TLS) id 15.0.954.9; Fri, 13 Jun 2014 21:27:33 +0000
Received: from BY2FFO11FD019.protection.gbl (2a01:111:f400:7c0c::176) by BY2PR03CA056.outlook.office365.com (2a01:111:e400:2c5d::29) with Microsoft SMTP Server (TLS) id 15.0.959.24 via Frontend Transport; Fri, 13 Jun 2014 21:27:33 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD019.mail.protection.outlook.com (10.1.14.107) with Microsoft SMTP Server (TLS) id 15.0.959.15 via Frontend Transport; Fri, 13 Jun 2014 21:27:32 +0000
Received: from TK5EX14MBXC292.redmond.corp.microsoft.com ([169.254.1.173]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.03.0195.002; Fri, 13 Jun 2014 21:26:55 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "Shaun Cooley (shcooley)" <shcooley@cisco.com>
Thread-Topic: draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)
Thread-Index: Ac+HLQPQHFGpPT/1RtGEc32jMAGAIAAIIfaw
Date: Fri, 13 Jun 2014 21:26:54 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439AD6D7DD@TK5EX14MBXC292.redmond.corp.microsoft.com>
References: <187A7B1DA239514F9146FC78B19AADE322D48DD4@xmb-aln-x10.cisco.com>
In-Reply-To: <187A7B1DA239514F9146FC78B19AADE322D48DD4@xmb-aln-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: multipart/related; boundary="_004_4E1F6AAD24975D4BA5B16804296739439AD6D7DDTK5EX14MBXC292r_"; type="multipart/alternative"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(438001)(199002)(189002)(51914003)(407274004)(36304003)(377454003)(19300405004)(92726001)(4396001)(16236675004)(55846006)(92566001)(77982001)(17760045003)(76482001)(46102001)(66066001)(104016001)(31966008)(86612001)(74502001)(76176999)(15202345003)(20776003)(50986999)(54356999)(99936001)(66926002)(67866001)(74662001)(80022001)(512954002)(64706001)(83072002)(21056001)(83322001)(97736001)(44976005)(71186001)(6806004)(19580395003)(99396002)(19580405001)(84676001)(84326002)(69596002)(68736004)(26826002)(15975445006)(18206015023)(19625215002)(79102001)(85806002)(81542001)(2656002)(86362001)(85852003)(81342001)(87936001)(81156002)(33656002)(16866105001)(16866085005); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB332; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: BL:0; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0241D5F98C
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/siHCWmhwuHrPntTP63Pap1Vx4So
Cc: "jose@ietf.org" <jose@ietf.org>, "Matt Miller (mamille2)" <mamille2@cisco.com>
Subject: Re: [jose] draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jun 2014 21:27:46 -0000

(Adding the JOSE working group)

I believe you're right.  I'll plan to make this change in the next version of the spec.

Thanks for the careful read!

                                                            -- Mike

From: Shaun Cooley (shcooley) [mailto:shcooley@cisco.com]
Sent: Friday, June 13, 2014 10:34 AM
To: Mike Jones
Cc: Matt Miller (mamille2)
Subject: draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)

Michael -
 I am working on implementing a browser compatible JS implementation of JOSE, based on the work Matt Miller did for Node.JS.  While going through the spec, I noticed that PKCS #5 is called out for the AES-CBC ciphers.  Shouldn't this be PKCS #7?

PKCS #5 - RFC2898 section 6.2 specifies:
The padding string PS shall consist of 8 - (||M|| mod 8) octets all having value 8 - (||M|| mod 8).

PKCS #7 - RFC2315 section 10.3 note 2 specifies:
For such algorithms, the method shall be to pad the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input.

PKCS #7 allows for padding in block sizes of 2-255 bytes, whereas PKCS #5 is intended for block sizes of 8.  This means that PKCS #7 is a superset of #5, and given that AES is a block size of 16, it seems the spec should require PKCS #7.

Thoughts?

Shaun Cooley
DISTINGUISHED ENGINEER.ENGINEERING
Collaboration Technology Group
shcooley@cisco.com<mailto:shcooley@cisco.com>
Phone: +1 408 902 3344
Mobile: +1 310 293 2087

[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]
Cisco.com<http://www.cisco.com/>


This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html

v2.40.4 | Report a Bug | By Email | System Status