Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multilevel Nested JWM #37

Open
troyronda opened this issue Jan 20, 2020 · 5 comments
Open

Multilevel Nested JWM #37

troyronda opened this issue Jan 20, 2020 · 5 comments

Comments

@troyronda
Copy link

troyronda commented Jan 20, 2020
edited
Loading

Does the scope of the JWM spec include optimizing the payload encryption for a multi-level nested JWM?

This topic was raised in the Aries community. The idea of a detached JWE mode can potentially help - discussed in Aries RFC 334.
@tplooker
Copy link
Member

Im open to considering this, however with that are we not modifying the JWE serialisation formats?

@troyronda
Copy link
Author

troyronda commented Jan 20, 2020
edited
Loading

@tplooker The "on the wire" serialization is changed (appended with detached payloads) but the serialization provided to the JWE library is unchanged. The mechanism was designed with JWS detached mode in mind. JWS defines detached mode where the payload can be removed. As stated in IETF RFC7515, this strategy has the following benefit:

Note that this method needs no support from JWS libraries, as
applications can use this method by modifying the inputs and outputs
of standard JWS libraries.

In the case of the proposed mechanism, no support is needed from the JWE libraries as the logic outside the library modifies the inputs and outputs (to detach payloads from multi-level nested JWEs).

@tplooker
Copy link
Member

@troyronda, ok so we would still need to define this? Much like say Linked Data proofs defines the use of a detached JWS?

A point of language I would consider a nested JWM the protection strategies (e.g JWS JWE) applied over a single attribute set. But in the case of forwarding messaging in DIDComm, there is an attribute set at each layer, so even though that looks like nesting, the final multi layer message I would not say is a single "Nested JWM", rather something else does that make sense?

@troyronda
Copy link
Author

@troyronda, ok so we would still need to define this? Much like say Linked Data proofs defines the use of a detached JWS?

I would think so, yes.

I would not say is a single "Nested JWM", rather something else does that make sense?

Sure. I understand the reasoning.

@kdenhartog kdenhartog mentioned this issue Apr 2, 2020
Open
@TelegramSam
Copy link
Contributor

The general idea here is the ability to pass through previously encrypted data. This avoids computation of re-encryption, but more significantly avoids the 33 percent bloat of repeated Base64 encodings. This has application in DIDComm forward messages, but is generally useful anytime you wish to encrypt a message that contains an already encrypted payload.

I'm not sure a detached JWE contains all the mechanisms necessary for our purposes: Part of the message needs to be passed through (be 'detached') and part of it still needs regular encryption. @troyronda any thoughts on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TelegramSam @troyronda @tplooker