Re: [jose] JWE -06: Terminology - JWE IV and integrity value

Wed, 17 Oct 2012 01:39:33 -0700 

Yes, Mike, and the JWE spec does mention further down that the IV part
may be empty:


'''
5. Message Encryption

6.   Generate a random JWE Initialization Vector of the correct size
        for the block encryption algorithm (if required for the
        algorithm); otherwise, let the JWE Initialization Vector be the
        empty byte string.
'''

My original reaction was - if it's mentioned for JWE Encrypted Key, then
it should be mentioned for the other possibly empty parts as well.

I used this hint in the library development: It has a JOSE core that
validates the messages, and only then passes them on to the matching JWA
crypto handlers for decryption. Part of this initial validation includes
checking for empty parts. For example, it makes sure the header
Base64URL part is not empty. My strategy is to have as much of this
validation performed by the core and only what is truly algorithm
related have it validated by the handler. Having a clear definition of
which parts may be empty and which not helps that.

Cheers,

Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : [email protected]




-------- Original Message --------
Subject: Re: [jose] JWE -06: Terminology - JWE IV and integrity value
From: Mike Jones <[email protected]>
Date: Tue, October 16, 2012 5:13 pm
To: Vladimir Dzhuvinov / NimbusDS <[email protected]>,
"[email protected]" <[email protected]>


There's currently no actual case where the JWE Initialization Vector or
JWE Integrity Value can be empty, because an Initialization Vector is
used for all the defined "enc" algorithms - (CBC, GCM) and all of them
have an integrity value.

However, this could be true for future algorithms. Is that what you're
thinking?

 -- Mike

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Vladimir Dzhuvinov / NimbusDS
Sent: Tuesday, October 16, 2012 2:33 AM
To: [email protected]
Subject: [jose] JWE -06: Terminology - JWE IV and integrity value

Thank you guys for pushing the updates specs out.

Regarding JWE -06 section 2. Terminology:

It could be helpful to mention for "JWE Initialization Vector" and "JWE
Integrity Values" that these can also be empty, like said for "JWE
Encrypted Key".


Vladimir

--
Vladimir Dzhuvinov : www.NimbusDS.com : [email protected]
 


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to