Hi all, I've created a new version of my I-D on adding public key authenticated encryption to JOSE to support JWT-based encrypted access tokens.
https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-02 Version -02 removes the discussion of creating a two-way interactive handshake protocol after discussion with Hannes. That's out of scope for this WG and distracts from the main benefits of the draft, which are summed up in these bullet points from the introduction: o The resulting message size is more compact as an additional layer of headers and base64url-encoding is avoided. A 500-byte payload when encrypted and authenticated with ECDH-1PU (with P-256 keys and "A256GCM" Content Encryption Method) results in a 1087-byte JWE in Compact Encoding. An equivalent nested signed-then- encrypted JOSE message using the same keys and encryption method is 1489 bytes (37% larger). o The same primitives are used for both confidentiality and authenticity, providing savings in code size for constrained environments. o The generic composition of signatures and public key encryption involves a number of subtle details that are essential to security [PKAE]. Providing a dedicated algorithm for public key authenticated encryption reduces complexity for users of JOSE libraries. o ECDH-1PU provides only authenticity and not the stronger security properties of non-repudiation or third-party verifiability. This can be an advantage in applications where privacy, anonymity, or plausible deniability are goals. I missed the IETF meeting unfortunately. I can put together a few slides if anybody wants me to run through it? -- Neil > Begin forwarded message: > > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-madden-jose-ecdh-1pu-02.txt > Date: 13 August 2019 at 09:56:45 BST > To: "Neil Madden" <neil.mad...@forgerock.com> > > > A new version of I-D, draft-madden-jose-ecdh-1pu-02.txt > has been successfully submitted by Neil Madden and posted to the > IETF repository. > > Name: draft-madden-jose-ecdh-1pu > Revision: 02 > Title: Public Key Authenticated Encryption for JOSE: ECDH-1PU > Document date: 2019-08-13 > Group: Individual Submission > Pages: 12 > URL: > https://www.ietf.org/internet-drafts/draft-madden-jose-ecdh-1pu-02.txt > Status: https://datatracker.ietf.org/doc/draft-madden-jose-ecdh-1pu/ > Htmlized: https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-madden-jose-ecdh-1pu > Diff: > https://www.ietf.org/rfcdiff?url2=draft-madden-jose-ecdh-1pu-02 > > Abstract: > This document describes the ECDH-1PU public key authenticated > encryption algorithm for JWE. The algorithm is similar to the > existing ECDH-ES encryption algorithm, but adds an additional ECDH > key agreement between static keys of the sender and recipient. This > additional step allows the recipient to be assured of sender > authenticity without requiring a nested signed-then-encrypted message > structure. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
