IETF Logo Mail Archive

[jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?

Karen O'Donoghue <odonoghue@isoc.org> Thu, 11 April 2013 23:58 UTC

Return-Path: <odonoghue@isoc.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72A7921F87C3 for <jose@ietfa.amsl.com>; Thu, 11 Apr 2013 16:58:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZ3XZwcuwZOL for <jose@ietfa.amsl.com>; Thu, 11 Apr 2013 16:58:53 -0700 (PDT)
Received: from smtp102.ord1c.emailsrvr.com (smtp102.ord1c.emailsrvr.com [108.166.43.102]) by ietfa.amsl.com (Postfix) with ESMTP id 4700321F86B2 for <jose@ietf.org>; Thu, 11 Apr 2013 16:58:53 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp5.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 13C751B00D2 for <jose@ietf.org>; Thu, 11 Apr 2013 19:58:53 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp5.relay.ord1c.emailsrvr.com (Authenticated sender: odonoghue-AT-isoc.org) with ESMTPSA id 6BC601B00B7 for <jose@ietf.org>; Thu, 11 Apr 2013 19:58:52 -0400 (EDT)
Message-ID: <51674E3D.7030004@isoc.org>
Date: Thu, 11 Apr 2013 19:58:53 -0400
From: Karen O'Donoghue <odonoghue@isoc.org>
Organization: ISOC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: jose@ietf.org
Content-Type: multipart/alternative; boundary="------------030901000209030709010909"
Subject: [jose] Feedback request on jose tracker issue#11: Should we use RFC 5116 and remove the JWE Integrity Value field?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: odonoghue@isoc.org
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2013 23:58:54 -0000

Issue #11 http://trac.tools.ietf.org/wg/jose/trac/ticket/11 
<http://trac.tools.ietf.org/wg/jose/trac/ticket/11> proposes 
restructuring the JWE representation to remove the JWE Integrity Value 
field and instead use the RFC 5116 (AEAD) binary serialization to 
represent the Ciphertext, Initialization Vector, and Integrity Value 
values.  If this proposal is adopted, JWEs would then have three fields 
-- the header, the encrypted key, and the RFC 5116 combination of the 
Ciphertext, Initialization Vector, and Integrity Value values.

This issue is also related to issue #3.  Note that the updated McGrew 
draft described there could be used whether or not we switched to using 
RFC 5116.

Which of these best describes your preferences on this issue?

1.  Continue having separate Ciphertext, Initialization Vector, and 
Integrity Value values in the JWE representation.

2.  Switch to using the RFC 5116 (AEAD) serialization to represent the 
combination of these three values.

3.  Another resolution (please specify in detail).

0.  I need more information to decide.

Your reply is requested by Friday, April 19^th or earlier.

v2.23.0 | Report a Bug | By Email