Re: [jose] SPI proposal
Mike Jones <Michael.Jones@microsoft.com> Wed, 06 February 2013 22:27 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C803421F862A for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 14:27:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGnPUqc7OXGU for <jose@ietfa.amsl.com>; Wed, 6 Feb 2013 14:27:11 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.32]) by ietfa.amsl.com (Postfix) with ESMTP id 092BE21F8681 for <jose@ietf.org>; Wed, 6 Feb 2013 14:27:10 -0800 (PST)
Received: from BL2FFO11FD008.protection.gbl (10.173.161.204) by BL2FFO11HUB012.protection.gbl (10.173.161.118) with Microsoft SMTP Server (TLS) id 15.0.609.9; Wed, 6 Feb 2013 22:27:03 +0000
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.37) by BL2FFO11FD008.mail.protection.outlook.com (10.173.161.4) with Microsoft SMTP Server (TLS) id 15.0.609.9 via Frontend Transport; Wed, 6 Feb 2013 22:27:03 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.132]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0318.003; Wed, 6 Feb 2013 22:26:32 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Richard Barnes <rlb@ipv.sx>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] SPI proposal
Thread-Index: AQHOBLcNADQWCZtyXUK8CEAiSWhmY5htZqNg
Date: Wed, 06 Feb 2013 22:26:31 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943674186EF@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <CAL02cgSt7w5CrP+DXo7bz_+YsxKsVMoRbZLNWa6EHjnAyScWMg@mail.gmail.com>
In-Reply-To: <CAL02cgSt7w5CrP+DXo7bz_+YsxKsVMoRbZLNWa6EHjnAyScWMg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943674186EFTK5EX14MBXC284r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(199002)(189002)(51444002)(52604002)(51914002)(377454001)(74662001)(16406001)(5343655001)(47976001)(47736001)(54316002)(50986001)(80022001)(76482001)(56776001)(33656001)(55846006)(51856001)(63696002)(46102001)(44976002)(49866001)(79102001)(20776003)(54356001)(16236675001)(56816002)(47446002)(74502001)(15202345001)(4396001)(53806001)(5343635001)(65816001)(512954001)(31966008)(59766001)(66066001)(77982001); DIR:OUT; SFP:; SCL:1; SRVR:BL2FFO11HUB012; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 0749DC2CE6
Subject: Re: [jose] SPI proposal
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 22:27:13 -0000
Thanks for writing this up, Richard. I believe that captures the intent fairly well.
As we'd discussed off-list, I believe that it would be more consistent if, in the case were you are using a previously cached "spi" value, that the header contained "alg":"spi" and "spi":spi-value. That would maintain the invariant that implementations always use the "alg" value to determine what the rest of the structure is - albeit in this case, via an indirection.
Also, then we'd register "spi" like any other "alg" value. Other algorithms specify the use of particular header parameters. This one would be no exception. Registering it as an algorithm would also make it clear that it is up to implementations whether to support it or not.
I don't feel super-strongly about this, but I always try for consistency, where reasonable. I think that this is such a case.
Again, thanks for the write-up to help move this forward.
Cheers,
-- Mike
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes
Sent: Wednesday, February 06, 2013 2:12 PM
To: jose@ietf.org
Subject: [jose] SPI proposal
To move us toward closing Issue #9 [9], here is some proposed text for an SPI [1] field. To recall, SPI stands for "security parameters index", borrowing a term from IPsec. The idea is that in cases where the same crypto parameters are being used repeatedly, this would save the parties from having to re-send the same parameters.
The below text is designed for the JWE spec, but could be adapted for JWS (just keep header, ignore part about key/iv). Similar text is probably needed for the encryption/decryption/signing/verification sections.
Feedback welcome,
--Richard
-----BEGIN-----
Section 4.1.X. "spi" Header Parameter
The "spi" (Security Parameters Index) header parameter contains an opaque byte string that labels a set of security parameters. This index is designed to enable the use of smaller headers in cases where entities will be re-using the same security parameters for several messages.
Entities supporting the use of the "spi" parameter MUST maintain a table of cached security parameters. When an entity receives an object whose header contains both "spi" and "alg" values, then it MUST cache the following values from the JWE, indexed by the "spi" value:
-- Contents of the JWE header
-- Encrypted Key
-- Initialization Vector
If an object containing an "spi" parameter but no "alg" parameter, then it MUST NOT contain an Encrypted Key or Initialization Vector. That is, it will have the form "header.ciphertext.integrity_value". When a recipient receives such an object, it uses the "spi" value to retrieve cached header, key, and initialization vector and reconstructs a full JWE. This full JWE can then be further processed according to the normal JWE processing rules. If the recipient has no cached parameters for the "spi" value, the process MUST fail.
-----END-----
[9] http://tools.ietf.org/wg/jose/trac/ticket/9
- [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Mike Jones
- Re: [jose] SPI proposal Mike Jones
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Richard Barnes
- [jose] SPI - KID conflict -- Re: SPI proposal Hannes Tschofenig
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Richard Barnes
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Mike Jones
- Re: [jose] SPI - KID conflict -- Re: SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal Richard Barnes
- Re: [jose] SPI proposal Anthony Nadalin
- Re: [jose] SPI proposal Hannes Tschofenig
- Re: [jose] SPI proposal Brian Campbell
- Re: [jose] SPI proposal John Bradley