IETF Logo Mail Archive

Re: [xmpp] key+data object encryption (regarding draft-miller-3923bis-01)

Matt Miller <mamille2@cisco.com> Wed, 31 March 2010 14:47 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21C773A6898 for <xmpp@core3.amsl.com>; Wed, 31 Mar 2010 07:47:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.069
X-Spam-Level:
X-Spam-Status: No, score=-1.069 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_34=0.6, J_CHICKENPOX_41=0.6, J_CHICKENPOX_71=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZUABfcG3w6E for <xmpp@core3.amsl.com>; Wed, 31 Mar 2010 07:47:40 -0700 (PDT)
Received: from gw2.webex.com (gw2.webex.com [64.68.122.209]) by core3.amsl.com (Postfix) with SMTP id 58E223A677C for <xmpp@ietf.org>; Wed, 31 Mar 2010 07:47:40 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw2.webex.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 31 Mar 2010 07:48:11 -0700
Received: from dhcp-64-101-72-231.cisco.com ([64.101.72.231]) by SRV-EXSC03.webex.local with Microsoft SMTPSVC(6.0.3790.3959); Wed, 31 Mar 2010 07:47:49 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1077)
From: Matt Miller <mamille2@cisco.com>
In-Reply-To: <952A4B1F81123B479292D4B5FDC00D8503BA5F79@SRV-EXSC03.webex.local>
Date: Wed, 31 Mar 2010 08:47:49 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <69FD2C6F-316E-44EE-8436-81E081A68CE8@cisco.com>
References: <734EAEEA-B1DD-4899-80CC-CE9C90DB9776@cisco.com> <952A4B1F81123B479292D4B5FDC00D8503BA5F61@SRV-EXSC03.webex.local> <678467D6-0F2B-4C2F-B8EA-4677728B90D1@cisco.com> <952A4B1F81123B479292D4B5FDC00D8503BA5F79@SRV-EXSC03.webex.local>
To: XMPP <xmpp@ietf.org>
X-Mailer: Apple Mail (2.1077)
X-OriginalArrivalTime: 31 Mar 2010 14:47:49.0893 (UTC) FILETIME=[22865B50:01CAD0E1]
Subject: Re: [xmpp] key+data object encryption (regarding draft-miller-3923bis-01)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2010 14:47:41 -0000

On Mar 17, 2010, at 14:00 , Ben Schumacher wrote:

> Have we considered using Encrypt-then-MAC, instead of the
> MAC-then-Encrypt for your message authentication? Both methods ought to
> provide a good assurance that the message hasn't been tampered with, but
> the Encrypt-then-MAC method can provide an added level of protection
> against software bugs in your decryption code [1].
> 
> Your message would them become something akin to:
> 
> N = current timestamp
> R = session cipher input (e.g. key + IV)
> S = stanza
> a = HMAC(N || UTF8-Encode(S), R)
> T = a || encrypt(R, N || UTF8-Encode(S))
> 
> Where || detonates concatenation.

This makes sense to me.  I'll look at updating the draft to incorporate this unless there's strong objections.

> 
> You'll want to specify a fixed size for N, or including some sizing
> information in the decoded bytes. You might also consider versioning in
> your format for the decoded bytes to handle future adjustments to the
> protocol. You could do this by adding a simple message header, with than
> includes a single byte for version (apologies for my hackneyed ABNF):
> 
> plaintext    = header-part / stanza-part
> 
> header-part  = tag / version / stamp-part
> tag          = "xmpp-objec"
> version      = 2*HEXDIG           ; network byte order (NBO) version
> stamp-part   = stamp-length / stamp-string
> stamp-length = 4*HEXDIG           ; NBO length of stamp-string
> stamp-string = *VCHAR             ; a known format is likely preferable
> (ISO-8601),
>                                    ; but knowing the length frees you
> from making an
>                                    ; assumption about precision
> 
> stanza-part  = stanza / stanza-end
> stanza       = *CHAR              ; UTF-8 encoded, naturally
> stanza-end   = NUL
> 
> This would all, of course, be encrypted. The ending NUL gives your XML
> parser an easily identifiable ending point to the stanza, but you could
> also include a length for the stanza in the format.
> 
> Let me know if any of that doesn't make sense.

I don't see a benefit of including versioning information here.  All of this is defined as the (encrypted and encoded) character content of a namespaced XML structure.  Wouldn't it be better to version this via the namespace instead?


- m&m

v2.23.0 | Report a Bug | By Email