IETF Logo Mail Archive

Re: [jose] Minutes

Richard Barnes <rlb@ipv.sx> Tue, 26 March 2013 17:42 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 309D721F8C4C for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 10:42:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.177
X-Spam-Level:
X-Spam-Status: No, score=-1.177 tagged_above=-999 required=5 tests=[AWL=-0.752, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwgfpkNH7AZK for <jose@ietfa.amsl.com>; Tue, 26 Mar 2013 10:42:23 -0700 (PDT)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 53B7F21F8B7E for <jose@ietf.org>; Tue, 26 Mar 2013 10:42:23 -0700 (PDT)
Received: by mail-ob0-f174.google.com with SMTP id 16so7328237obc.5 for <jose@ietf.org>; Tue, 26 Mar 2013 10:42:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=ygeko0k3KLgkD8DI7BRcC+Il3Fmv00naRE2N+SCPLvw=; b=iIPi8KgD68/u8YPCbwIp4bMkiwBGL0Nx55fNN0I1Nxe/tDYz6nA2vqFuW5gY5SjaUK rL1Q2onitKretiRzeEbf7X4AIqbKd4GRm9kLRpEkMHd7vv2DF3Gml2Iz4fZtNb7QmW/t n9ksfZtlAAyJIwvCetfYqZJ3CRkgeUp5rWT0J1+DNKF646iHgnfhVSZPVpvC3v/4zMxu cKJNf1v3c5n/MDpWSWo8orch+iyAy5A2Y1jLjhSnB20jZgIC705+F8m7jNlwOtbJ0Frj 5b7ITzvHiDUOv6EZP8DkMTuQCw8Nb+G57vYjOCTZ8AkKUBlEKXSh+yQqntxgMzKw9Zu9 cWEA==
MIME-Version: 1.0
X-Received: by 10.60.170.140 with SMTP id am12mr13522316oec.125.1364319742583; Tue, 26 Mar 2013 10:42:22 -0700 (PDT)
Received: by 10.60.172.146 with HTTP; Tue, 26 Mar 2013 10:42:22 -0700 (PDT)
X-Originating-IP: [192.1.255.184]
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367588B2D@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <010001ce2739$7eaae070$7c00a150$@augustcellars.com> <4E1F6AAD24975D4BA5B168042967394367586714@TK5EX14MBXC283.redmond.corp.microsoft.com> <CAL02cgTzFJNpcWKVQKnESTY9Wtq1wO-1_6jjeZhzM9KgbYm0GA@mail.gmail.com> <4E1F6AAD24975D4BA5B168042967394367588B2D@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Tue, 26 Mar 2013 13:42:22 -0400
Message-ID: <CAL02cgT-rCkyazfW12L+etUiX2x2VEtWCORsG=6ve8zHyHZuuw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="bcaec54b48129df4a604d8d771d6"
X-Gm-Message-State: ALoCoQnbS5JWbv+920dZXu0x02He4uX3DetlCduqlBlpzEDaq7GQKfDw0zo0ha9k2YujcgziE3pP
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Minutes
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 17:42:24 -0000

Fixed title of issue in tracker.

On Mon, Mar 25, 2013 at 6:56 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  “Impossible to separate wrapped key from encrypted data” (the title of
> issue #4) is a false statement.  Nat pointed that out over a month ago in
> the issue tracker.  If that remains the title of the issue, it should be
> closed on the merits of the issue.****
>
> ** **
>
> If you want to change the title of this one to “Should the encrypted key
> element of a JWE no longer be included in the integrity check?” I’d have no
> problem with the issue, because then it would be making a neutral statement
> about a possible change.  But right now, it’s highly misleading, at best.*
> ***
>
> ** **
>
> None of that was captured in the minutes, even though it was all discussed
> in Orlando.****
>
> ** **
>
>                                                             -- Mike****
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Monday, March 25, 2013 3:11 PM
> *To:* Mike Jones
> *Cc:* Jim Schaad; jose@ietf.org
> *Subject:* Re: [jose] Minutes****
>
> ** **
>
> It's not accurate to say that Issue #4 is not a problem.  We did clarify
> in the meeting that the issue could use some re-statement, to clarify that
> the issue is the coverage of keys by the integrity check.  So there's still
> an issue, namely whether the key needs to be covered by the integrity check.
> ****
>
> ** **
>
> ** **
>
> On Sun, Mar 24, 2013 at 9:02 PM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:****
>
> I don’t believe that the minutes adequately capture the discussion on
> issue #4 (http://trac.tools.ietf.org/wg/jose/trac/ticket/4#<http://trac.tools.ietf.org/wg/jose/trac/ticket/4>).
> I would revise as follows:****
>
>  ****
>
> Data tracker issue #4 (Impossible to separate wrapped key from encrypted
> data) – John Bradley’s slides pointed out that it **is** possible to
> separate wrapped keys from encrypted data when needed by using the direct
> encryption mode and therefore asked for this issue to be closed, as it is
> based upon a false premise.  Mike Jones also asked for this to be closed on
> this basis, and pointed out that Nat Sakimura had already described the
> problem with this issue in the issue tracker.  Richard asked a question
> about the security analysis of including the wrapped key in the integrity
> calculation - Does the wrapped key need to be included in the integrity
> check or not?  The question will be referred to CFRG but a request for
> possible attack modes being sent to the list is requested.****
>
>  ****
>
> Given that the problem stated in issue #4 was demonstrated to not actually
> be a problem during the discussions, I would ask again that the chairs
> close this one, and update the minutes to reflect this.****
>
>  ****
>
>                                                             Thank you,****
>
>                                                             -- Mike****
>
>  ****
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Jim Schaad
> *Sent:* Friday, March 22, 2013 1:12 PM
> *To:* jose@ietf.org
> *Subject:* [jose] Minutes****
>
>  ****
>
> Preliminary minutes have been uploaded to the site.  Please review and
> comment back to me if you have disagreements.****
>
>  ****
>
> http://www.ietf.org/proceedings/86/minutes/minutes-86-jose****
>
>  ****
>
> Note that the minutes have an action list at the bottom of them.****
>
>  ****
>
> Jim****
>
>  ****
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose****
>
> ** **
>

v2.23.0 | Report a Bug | By Email