IETF Logo Mail Archive

[jose] #23: Make crypto independent of binary encoding (base64)

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Tue, 11 June 2013 17:58 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF49C21F9865 for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 10:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vJpaLGnSwJ7 for <jose@ietfa.amsl.com>; Tue, 11 Jun 2013 10:58:29 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id BB68621F901F for <jose@ietf.org>; Tue, 11 Jun 2013 10:58:21 -0700 (PDT)
Received: from localhost ([127.0.0.1]:39594 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UmSpo-00012u-Gn; Tue, 11 Jun 2013 19:58:20 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-barnes-jose-use-cases@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Tue, 11 Jun 2013 17:58:20 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/23
Message-ID: <049.69ffc5ebf959c6eac7990651822fadf9@trac.tools.ietf.org>
X-Trac-Ticket-ID: 23
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-barnes-jose-use-cases@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: rlb@ipv.sx
Resent-Message-Id: <20130611175821.BB68621F901F@ietfa.amsl.com>
Resent-Date: Tue, 11 Jun 2013 10:58:21 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #23: Make crypto independent of binary encoding (base64)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 17:58:32 -0000

#23: Make crypto independent of binary encoding (base64)

 The cryptographic operations that JOSE performs should not depend on the
 transfer encoding used for binary components.  The operations should work
 directly on the encoded byte strings, not on the encoded form.

 This is already true for content, IV, ciphertext, encrypted key, and
 authentication tag.  The only thing that needs fixing is the protected
 header value.  That's a little tricky, since the protected header value is
 JSON, which doesn't have a standard encoding.  But it's not that onerous
 just to convert it to UTF-8 -- in fact, senders are already required to
 convert the protected header to UTF-8.

 So the only change is to require recipients to convert the protected
 header to UTF-8 before using it.   This can be accomplished with two minor
 changes:

 <http://tools.ietf.org/html/draft-ietf-jose-json-web-
 signature-11#section-5.2>
 OLD: "The resulting JWS Protected Header MUST be a completely valid JSON
 object conforming to RFC 4627 [RFC4627]."
 NEW: "The resulting JWS Protected Header MUST be a completely valid JSON
 object conforming to RFC 4627 [RFC4627].  If the JWE Protected Header is
 valid, convert it to the UTF-8 encoding.  Otherwise, reject the JWE."

 <http://tools.ietf.org/html/draft-ietf-jose-json-web-
 encryption-11#section-5.2>
 OLD: "The resulting JWE Protected Header MUST be a completely valid JSON
 object conforming to RFC 4627 [RFC4627]."
 NEW: "The resulting JWE Protected Header MUST be a completely valid JSON
 object conforming to RFC 4627 [RFC4627].  If the JWE Protected Header is
 valid, convert it to the UTF-8 encoding.  Otherwise, reject the JWE."

-- 
-------------------------------------+-------------------------------------
 Reporter:  rlb@ipv.sx               |      Owner:  draft-barnes-jose-use-
     Type:  defect                   |  cases@tools.ietf.org
 Priority:  major                    |     Status:  new
Component:  draft-barnes-jose-use-   |  Milestone:
  cases                              |    Version:
 Severity:  -                        |   Keywords:
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/23>
jose <http://tools.ietf.org/jose/>

v2.23.0 | Report a Bug | By Email