IETF Logo Mail Archive

[xmpp] key+data object encryption (regarding draft-miller-3923bis-01)

Matthew Miller <mamille2@cisco.com> Tue, 16 March 2010 16:16 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8A333A6BBA for <xmpp@core3.amsl.com>; Tue, 16 Mar 2010 09:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.523
X-Spam-Level:
X-Spam-Status: No, score=-6.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kzFH+CW-DNgx for <xmpp@core3.amsl.com>; Tue, 16 Mar 2010 09:16:11 -0700 (PDT)
Received: from gw1.webex.com (gw1.webex.com [64.68.122.208]) by core3.amsl.com (Postfix) with SMTP id DBBE23A6BB6 for <xmpp@ietf.org>; Tue, 16 Mar 2010 09:16:10 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw1.webex.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 16 Mar 2010 09:16:19 -0700
Received: from dhcp-64-101-72-214.cisco.com ([64.101.72.214]) by SRV-EXSC03.webex.local with Microsoft SMTPSVC(6.0.3790.3959); Tue, 16 Mar 2010 09:15:40 -0700
From: Matthew Miller <mamille2@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 16 Mar 2010 10:15:40 -0600
Message-Id: <734EAEEA-B1DD-4899-80CC-CE9C90DB9776@cisco.com>
To: XMPP <xmpp@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
X-OriginalArrivalTime: 16 Mar 2010 16:15:41.0017 (UTC) FILETIME=[EC29CC90:01CAC523]
Subject: [xmpp] key+data object encryption (regarding draft-miller-3923bis-01)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 16:16:11 -0000

One of the limitations with draft-miller-3923bis is the size of the stanza before encryption.  Using asymmetric keys, the practical size is limited to the key size.  One approach we can take to overcome this would be to encrypt the stanza using a block cipher, then encrypt the block cipher input with the recipient's asymmetric key:

<message xmlns="jabber:client" type="chat" to="romeo@montegue.net" from="juliet@capulet.net/balcony">
  <e2e xmlns="urn:ietf:params:xml:ns:xmpp-objec" stamp="2010-03-09T16:29:43.012Z">
    <key cipher="RSAES-PKCS1-v1.5">WQcrIQki6omXfrugOUl8BqA0W7ztgT8/k79p9dqpyGZQP9NoIEwp+uJE80xa4edZadJkbDQ60I7Y
l0muQ006Ib4mx9T7+hH4JGPYtNrDhlAUzTzR2IGR/5AfpkYews6aYNX5PpAP43f9qtztSmMqTi0q
9NfdoSw2/P2e+WUTc0DqfcWMPw6PIaIbfEgNnwm14SYYYkGdtuzRjUJu0lCBaX+HNccGN+CAKWG3
7Bh29DGndbqKGD25e9HP+0jzxgt0+GOf8WGWtHvFodNhxJ5/W542EWx9O/jyyeCfbb7C2M1EfEta
0a088Vi3ysvFzYsoROoqYDy7qvR3x76DiMFR4g==</key>
    <data cipher="AES-256-CBC-PKCS5-with-iv" hash="SHA-256">MFO2gCbTu8+sHE6QNDylDkeghYxdnXvp+zZ2HDUGBNAeRxuf5oLtOqpU5FjC6NSMw8jdVXpfLG41
p8MJDRdRahJ088YoCHzimHW9EwqQyJmZHZzVTRJFYZnwxtUZMqtifi9dalQ5u5nNWIqDXK434fnU
LcAmzPzcsI/OQcBPLeu2iCEoFEwkNML+ag0Q5zP6xHDfzqXt9r391igecNZN9koqdC3l3Jwx605W
UkcxNxe3zWw9Q6wl1GLn/tNiyQCkqaQNU893gp0MHVAaPyUem5TJGa+tZo6UM/MnooTs3L+qbHcs
k7hVkNYnE8eBLJS8</data>
  </e2e>
</message>

This makes <e2e/> a container of two parts: the <key/> containing the inputs for the block cipher (encrypted using PKI), and <data/> containing the pre-encrypted stanza (encrypted using a block cipher with inputs from <key/>).


Thoughts?

- m&m

v2.23.0 | Report a Bug | By Email