Re: [woes] Proposed charter, post-Quebec edition

Sean Turner <turners@ieca.com> Fri, 05 August 2011 20:34 UTC

Return-Path: <turners@ieca.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB2321F8A7D for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 13:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.255
X-Spam-Level:
X-Spam-Status: No, score=-102.255 tagged_above=-999 required=5 tests=[AWL=0.343, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgXXeOGTHTG6 for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 13:34:16 -0700 (PDT)
Received: from nm14.access.bullet.mail.mud.yahoo.com (nm14.access.bullet.mail.mud.yahoo.com [66.94.237.215]) by ietfa.amsl.com (Postfix) with SMTP id EC41E21F8A7B for <woes@ietf.org>; Fri, 5 Aug 2011 13:34:15 -0700 (PDT)
Received: from [66.94.237.194] by nm14.access.bullet.mail.mud.yahoo.com with NNFMP; 05 Aug 2011 20:34:34 -0000
Received: from [98.139.221.61] by tm5.access.bullet.mail.mud.yahoo.com with NNFMP; 05 Aug 2011 20:34:34 -0000
Received: from [127.0.0.1] by smtp102.biz.mail.bf1.yahoo.com with NNFMP; 05 Aug 2011 20:34:34 -0000
X-Yahoo-Newman-Id: 129609.45354.bm@smtp102.biz.mail.bf1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: du7ubskVM1kt1XDDNsFaiI3HdMMHzoW1saegVGCchyDkWq1 rUDz8l_BkZ5shpUggrGhQsY11fM8Wl767e44GKm6zTRpLZkPEIaG3ZVlvQy6 9THnF9p6Cvged4j1p7yzVN4Fvz1WbJmlwX31etGsC133TYjsiOKYJzUOj7ac BMhmaa0vXI9VCjOo9dLXRwVFAFWa490ZUh9qtq104zAcstptELEG7.PpVxb5 XDxIEV8xHhoAilAHalYfwcmQ3cgBXGaqEkOuprvFYfp85tbTFq1lJE6kPT7y zKyYfIHz5D6RXsWLeS2aQNfruP7SGmKbVoUpc39FzFdP_U9ZA7M3O801R12h 6FKq1Zv1d5lhNvhFmtLaoox8RKwTF51D.K9DjhVHOlqsBos27xaO_YEY7b33 eyiMShatJgb_w9nvjDjp7OggjGYWPTA--
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
Received: from thunderfish.westell.com (turners@96.231.124.70 with plain) by smtp102.biz.mail.bf1.yahoo.com with SMTP; 05 Aug 2011 13:34:33 -0700 PDT
Message-ID: <4E3C53D8.3040308@ieca.com>
Date: Fri, 05 Aug 2011 16:34:32 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <6663f860-9de7-4960-8e7b-1c2d23142009@default> <4E3C3A35.70408@ieca.com> <CAMm+LwgVQP00pgKkwfgT9+dzbL9mw9Ws9=34N_3togA3kP9CUw@mail.gmail.com>
In-Reply-To: <CAMm+LwgVQP00pgKkwfgT9+dzbL9mw9Ws9=34N_3togA3kP9CUw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: woes@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [woes] Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 20:34:16 -0000

On 8/5/11 3:04 PM, Phillip Hallam-Baker wrote:
> Actually, I suspect that with AES in hand and having good MAC modes
> specified we might well want to use one of those in preference to the
> traditional HMAC.
>
>
>
> On Fri, Aug 5, 2011 at 2:45 PM, Sean Turner <turners@ieca.com
> <mailto:turners@ieca.com>> wrote:
>
>     On 8/4/11 4:41 PM, Hal Lockhart wrote:
>
>         +1
>
>             -----Original Message-----
>             From: Paul Hoffman [mailto:paul.hoffman@vpnc.org
>             <mailto:paul.hoffman@vpnc.org>]
>             Sent: Thursday, August 04, 2011 12:03 PM
>             To: Eric Rescorla
>             Cc: woes@ietf.org <mailto:woes@ietf.org>
>             Subject: Re: [woes] Proposed charter, post-Quebec edition
>
>
>
>             On Aug 4, 2011, at 8:52 AM, Eric Rescorla wrote:
>
>                 IMO, symmetric integrity protection is a useful
>                 primitive, and it's
>                 already part of the
>                 JWT spec. I think all that's required here in the
>                 charter is to
>                 wordsmith it to separate
>                 out symmetric from asymmetric integrity algorithms,
>
>
>             Current:
>             1) A Standards Track document specifying how to apply a
>             JSON-structured digital signature to data, including (but not
>             limited to) JSON data structures. "Digital signature" is
>             defined as a hash operation followed by a signature operation
>             using asymmetric keys.
>
>             It sounds like you would prefer something like:
>             1) A Standards Track document specifying how to apply
>             integrity protection to data, including (but not limited to)
>             JSON data structures. This integrity protection can be
>             achieved with both symmetric and asymmetric algorithms.
>
>             Is that right?
>
>
>     I'm liking what Paul B. suggested but tweaked ever so slightly:
>
>     1) A Standards Track document specifying how to ensure the integrity
>     and/or authenticity of data, including (but not limited to) JSON
>     data structures.  HMAC-based (RFC 2104) and Asymmetric cryptographic
>     algorithms both need to be supported.
>
>     I'd like to not just call out integrity - and we should just call
>     out the HMAC-based algs because that's what folks really want to use
>     (or have I gotten this wrong?).
>
>     Any violent objections to this?

Right after I sent this I remembered AES-CMAC.   Precise enough to say:

   MAC-based (e.g., HMAC-SHA256, AES-CMAC) and Asymmetric cryptographic
   algorithms both need to be supported.

spt