Re: [jose] AES+CBC algorithm
Richard Barnes <rlb@ipv.sx> Mon, 08 July 2013 17:23 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7260021F9D7C for <jose@ietfa.amsl.com>; Mon, 8 Jul 2013 10:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cEZgCKrTujlI for <jose@ietfa.amsl.com>; Mon, 8 Jul 2013 10:23:21 -0700 (PDT)
Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by ietfa.amsl.com (Postfix) with ESMTP id 5DED121F9D87 for <jose@ietf.org>; Mon, 8 Jul 2013 10:23:19 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id o6so6742469oag.27 for <jose@ietf.org>; Mon, 08 Jul 2013 10:23:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=bwNyDyX3eNeYljWMWfvjIY0QjMBmmnZoeDakRqO7xgc=; b=aYwOLlqfKWIfTnD/RuaPEXNwWCh/iv1dWL6LTEUKAgrPxpfMANvTbIxRV0nBVK3s1W EiuUpqHCJLqqzu0IrR52RceIvuFKyC5M6xD1Y87cYm+YyKUXJW1GXgxEJfzYukIWCeex WMfhXTFM4Ojw4wRfNX2OCGCMTB+jLJYzL5DRXZ0OznevGyEdcNPYbK25e34kI92lM8Z8 C1PfQYwsJb40vK2icRw61VFnPHEIf1hQrEExCQouxkGOuwN4UhbX2skTnHtvzosLuR4/ QA/aIU6XmKEqtgGVtapOA4hH9u4P+LPxBoc1rwY01pblaNO8qGWGunayJmiRCwDFRfYe gqZA==
MIME-Version: 1.0
X-Received: by 10.182.142.104 with SMTP id rv8mr16285833obb.3.1373304198715; Mon, 08 Jul 2013 10:23:18 -0700 (PDT)
Received: by 10.60.26.135 with HTTP; Mon, 8 Jul 2013 10:23:18 -0700 (PDT)
X-Originating-IP: [192.1.51.93]
In-Reply-To: <dd149afe7ad5a367a2ca7653ab7d0249.squirrel@webmail.dreamhost.com>
References: <008b01ce79c6$f5b30a00$e1191e00$@augustcellars.com> <dd149afe7ad5a367a2ca7653ab7d0249.squirrel@webmail.dreamhost.com>
Date: Mon, 08 Jul 2013 13:23:18 -0400
Message-ID: <CAL02cgQpJ=ZCdj-UFDMV_Mbu7Lt2FFYZx7AVN_ArxukJdeANTQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: ryan-ietf@sleevi.com
Content-Type: multipart/alternative; boundary="001a11c2eaaeeee92004e1034cfc"
X-Gm-Message-State: ALoCoQmdGjM74e4MctfgcnylN3POExRt+ldaRswpz+oRJlTGAEHE0+/7ek8QxrsCnKnoh0Zy5YEg
Cc: Jim Schaad <ietf@augustcellars.com>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] AES+CBC algorithm
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 17:23:32 -0000
Interpolating the rest of the thread, I think what is meant here is the " A128CBC-HS256" algorithm in JWA, which synthesizes an authenticated encryption algorithm out of AES-CBC and HMAC: < http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-11#section-4.8.3 > The CMS parallel that Russ raised is actually RFC 6476, which adapts the TLS A&E scheme to CMS: <http://tools.ietf.org/html/rfc6476> The obvious counter-argument to including this in WebCrypto is that the whole point of the algorithm is that it's easy to polyfill. In fact, an application could implement it today using the existing AES-CBC and HMAC functions. The only trouble would be getting the wrapped key out with wrapKey, since the key for the overall operation would be the concatenation of the two individual keys. --Richard On Fri, Jul 5, 2013 at 10:02 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote: > On Fri, July 5, 2013 2:31 pm, Jim Schaad wrote: > > Are we going to lobby to get this algorithm adopted as an algorithm by > the > > WebCrypto group? > > > > > > > > Jim > > > > > > > > _______________________________________________ > > jose mailing list > > jose@ietf.org > > https://www.ietf.org/mailman/listinfo/jose > > > > Can you explain what you mean, Jim? > > AES-CBC has been listed in the Web Cryptography API since the FPWD. > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- Re: [jose] AES+CBC algorithm Richard Barnes
- [jose] AES+CBC algorithm Jim Schaad
- Re: [jose] AES+CBC algorithm Mike Jones
- Re: [jose] AES+CBC algorithm Jim Schaad
- Re: [jose] AES+CBC algorithm Martin Thomson
- Re: [jose] AES+CBC algorithm Jim Schaad
- Re: [jose] AES+CBC algorithm Jim Schaad
- Re: [jose] AES+CBC algorithm Russ Housley
- Re: [jose] AES+CBC algorithm Ryan Sleevi