Re: [OAUTH-WG] JWE with A128CBC-HS256

Mike Jones <Michael.Jones@microsoft.com> Tue, 01 April 2014 03:55 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CB661A0947; Mon, 31 Mar 2014 20:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.145
X-Spam-Level:
X-Spam-Status: No, score=-0.145 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FRT_ADOBE2=2.455, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-2qTtOeGLXa; Mon, 31 Mar 2014 20:54:54 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) by ietfa.amsl.com (Postfix) with ESMTP id A1D0A1A0927; Mon, 31 Mar 2014 20:54:53 -0700 (PDT)
Received: from DM2PR03CA002.namprd03.prod.outlook.com (10.141.52.150) by BLUPR03MB168.namprd03.prod.outlook.com (10.255.212.152) with Microsoft SMTP Server (TLS) id 15.0.908.10; Tue, 1 Apr 2014 03:54:49 +0000
Received: from BY2FFO11FD056.protection.gbl (2a01:111:f400:7c0c::184) by DM2PR03CA002.outlook.office365.com (2a01:111:e400:2414::22) with Microsoft SMTP Server (TLS) id 15.0.908.10 via Frontend Transport; Tue, 1 Apr 2014 03:54:49 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD056.mail.protection.outlook.com (10.1.15.193) with Microsoft SMTP Server (TLS) id 15.0.908.10 via Frontend Transport; Tue, 1 Apr 2014 03:54:48 +0000
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.193) by TK5EX14HUBC103.redmond.corp.microsoft.com (157.54.86.9) with Microsoft SMTP Server (TLS) id 14.3.181.7; Tue, 1 Apr 2014 03:54:26 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.232]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.193]) with mapi id 14.03.0174.002; Tue, 1 Apr 2014 03:54:26 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Antonio Sanso <asanso@adobe.com>
Thread-Topic: [OAUTH-WG] JWE with A128CBC-HS256
Thread-Index: AQHPSpCycCA73yYRfEu550luWR/WWpr2qvAAgAQY/YCAAWLyQA==
Date: Tue, 1 Apr 2014 03:54:25 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A12DC8C@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <E03A5014-EDCB-4E7C-A05B-F474D72D1D0E@adobe.com> <C7692FDB-FAB0-4937-8354-9B2881207D4F@ve7jtb.com> <9B0FC530-C3D7-4BA8-85FC-7457B7BEA194@adobe.com>
In-Reply-To: <9B0FC530-C3D7-4BA8-85FC-7457B7BEA194@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.73]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439A12DC8CTK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:131.107.125.37; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(100?= =?us-ascii?Q?09001)(438001)(377454003)(52604005)(189002)(199002)(24454002?= =?us-ascii?Q?)(50986001)(84326002)(92566001)(16796002)(47736001)(74662001?= =?us-ascii?Q?)(92726001)(74502001)(47446002)(77096001)(47976001)(85306002?= =?us-ascii?Q?)(79102001)(94946001)(59766001)(76786001)(2009001)(31966008)?= =?us-ascii?Q?(77982001)(71186001)(56816005)(86612001)(512954002)(81342001?= =?us-ascii?Q?)(19300405004)(63696002)(99396001)(83072002)(90146001)(85852?= =?us-ascii?Q?003)(20776003)(85806002)(49866001)(4396001)(56776001)(159754?= =?us-ascii?Q?45006)(54316002)(66066001)(65816001)(80976001)(86362001)(518?= =?us-ascii?Q?56001)(54356001)(46102001)(93516002)(74876001)(53806001)(931?= =?us-ascii?Q?36001)(2656002)(44976005)(74366001)(69226001)(97736001)(8181?= =?us-ascii?Q?6001)(95666003)(87266001)(81542001)(76482001)(55846006)(8002?= =?us-ascii?Q?2001)(95416001)(15202345003)(83322001)(19580405001)(81686001?= =?us-ascii?Q?)(94316002)(87936001)(19580395003)(33656001)(97186001)(16236?= =?us-ascii?Q?675002)(16297215004)(6806004)(98676001); DIR:OUT; SFP:1101; SCL?= =?us-ascii?Q?:1; SRVR:BLUPR03MB168; H:mail.microsoft.com; FPR:EC4A71B7.8DF05?= =?us-ascii?Q?69A.32FC3D4B.84DDD928.202F0; MLV:sfv; PTR:InfoDomainNonexisten?= =?us-ascii?Q?t; MX:1; A:1; LANG:en; ?=
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 016885DD9B
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qnqr2jzBAdoJz57ouvn0Nhi5evY
Cc: "oauth@ietf.org" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] JWE with A128CBC-HS256
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 03:55:00 -0000

This typo has been corrected in the JOSE -25 specs.  Thanks for bringing it to our attention.

                                                                -- Mike

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Antonio Sanso
Sent: Sunday, March 30, 2014 11:44 PM
To: John Bradley
Cc: oauth@ietf.org; jose@ietf.org
Subject: Re: [OAUTH-WG] JWE with A128CBC-HS256

thanks a lot John,

On Mar 28, 2014, at 5:09 PM, John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> wrote:


This reference may be useful to you. http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2

The part of the spec you need is  http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24#page-23

We originally used a KDF as you mention.  In order to simplify the alg and align with draft-mcgrew-aead-aes-cbc-hmac-sha2.

K is the concatenation of the AES key and teh HMAC Key.

question,  are the examples in the spec already updated to use the new mechanism?
There are some obsolete references in the JWE spec. E.g. in [2] says:


as described where this algorithm is

   defined in Sections 4.8<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#section-4.8> and 4.8.3<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#section-4.8.3> of JWA,

These sections seems to point to on old version of the spec (Section 4.8.3 doesn't even exist anymore in JWA)

regards

antonio

[2] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-B



John B.


On Mar 28, 2014, at 11:19 AM, Antonio Sanso <asanso@adobe.com<mailto:asanso@adobe.com>> wrote:


hi *,

in the JWT specification [0] there is an example of a JWE that use A128CBC-HS256 for content encrpyption.
Now I am not a cryptographer my self but IIUC the same CEK is used for encrypting with AES and authentication HMAC.

AFAIK is better to use two different keys for those 2 different primitives (this will not obviously apply to AES_GCM).

Unless I am missing something... :)

regards

antonio

[0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1
[1] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth