Re: [jose] Use of AES-HMAC algorithm - Consensus Request
John Bradley <ve7jtb@ve7jtb.com> Fri, 05 April 2013 01:55 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11EA121F9678 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 18:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.96
X-Spam-Level:
X-Spam-Status: No, score=-0.96 tagged_above=-999 required=5 tests=[AWL=-1.019, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRJTMHb8o4+O for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 18:55:19 -0700 (PDT)
Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 593A921F9677 for <jose@ietf.org>; Thu, 4 Apr 2013 18:55:18 -0700 (PDT)
Received: by mail-qc0-f171.google.com with SMTP id q2so488692qch.16 for <jose@ietf.org>; Thu, 04 Apr 2013 18:55:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=LJsKxtyh53TTHoLUMEcsi1NuyN5Y0HMTtDkgDZ0PjHI=; b=TtO/woSX9bKvNWIHWSOmtaJxn4cvVDFoKSwydq+cJP7aYlumyGKiGks7BT9usaBx4Q AKGt4Zo3id3KlgiKZv1mF5eQ/p8K/BT0rcilfZQIKriqCsccM0XOnRg1j5zaazob60SU vgzmrm5MvFq8FQJAvfH9LDd3WPQ2o0wju2r+IzpZeS2S6b9QUO4lgj9VvnlpysarHzJY L3XedtCBm9GbqL3lYmCzdQBrj1gUUesSnWywyNOSY9gB5qo92V/i9OyUXy3e+mZ1Y8fU XP4eLf4cLAm6pCfQUH0yY4P1HgOJekOkfBayNqP/WArrqrYSMXeubFln1KjOQS5/B+CI buDg==
X-Received: by 10.229.155.201 with SMTP id t9mr2590444qcw.155.1365126918451; Thu, 04 Apr 2013 18:55:18 -0700 (PDT)
Received: from [192.168.1.213] (190-20-54-248.baf.movistar.cl. [190.20.54.248]) by mx.google.com with ESMTPS id eb7sm12782320qab.11.2013.04.04.18.55.10 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 04 Apr 2013 18:55:17 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_8E3F2A1D-5A13-4DB7-B40E-F825E9274F6C"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <017a01ce318f$482d8470$d8888d50$@augustcellars.com>
Date: Thu, 04 Apr 2013 21:53:39 -0400
Message-Id: <D6C567DE-4150-476F-A57F-1E5704B8DEF4@ve7jtb.com>
References: <017a01ce318f$482d8470$d8888d50$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1503)
X-Gm-Message-State: ALoCoQlYUCT0oMXry11kqKDA2bzz8yPNBkeGKpNrtRsXxF774tNZdku+V7g3IcRn4g0TDfyzFEuK
Cc: jose@ietf.org
Subject: Re: [jose] Use of AES-HMAC algorithm - Consensus Request
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 01:55:20 -0000
I support the change. On 2013-04-04, at 7:51 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: > <chair> > > At the request of the editors, this is a formal consensus call on the first > item in the list below. If there are objects to use a single long key > rather than a KDF function for the AES-CBC/HMAC algorithm please speak up > now. To date nobody has said that I was wrong to assume the consensus on > that item. > > Call ends in one week. > > Jim > > >> -----Original Message----- >> From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of > Jim >> Schaad >> Sent: Wednesday, March 27, 2013 3:21 PM >> To: jose@ietf.org >> Subject: [jose] Use of AES-HMAC algorithm >> >> <chair> >> After spending time looking at and thinking about how to resolve this > issue >> since I was unable to do so at the last F2F meeting. I have come up with > the >> following set of issues that might need to be addressed as part of > resolving >> this issue. >> >> 1. Do we change from using KDC to having a double size key for the >> algorithm? I think that there is probably a consensus that this should be > done. >> >> 2. Should IVs be prepended to the encrypted body as part of the encoding >> steps? If so then this change should be universal. >> >> Doing so would eliminate one field from all of the encoding formats which >> should be considered a plus. >> Doing so would force code writers to understand how large the IV is for > all >> algorithms as the IV would no longer be a separate item. >> >> 3. Should Authentication Tags be appended to the encrypted body as part of >> the encoding steps? >> >> Doing so would eliminate one field from all of the encoding formats which >> should be considered a plus. >> Doing so would force code writers to understand how large the IV is for > all >> algorithms as the IV would no longer be a separate item. >> Doing so would force a re-organization for the multiple recipient case as >> either all recipient specific data would need to be excluded from the >> authentication step or all of the recipient data would need to be included > for >> by all recipients. >> Changing how the recipient info is process is going to give a performance >> benefit for sending encrypted items for multiple recipients. >> The current strategy of a single IV and key pair with AES-GCM and > different >> authentication data needs to have CFRG look at it. I am worried that it > might >> be a serious security flaw. >> >> 4. Should we reference the McGrew draft and provide text on how things are >> changed or should we "copy" the draft into our text? >> >> 5. If we allow for the use of AES-GCM or AES-HMAC for doing key wrapping, >> does this change how we think about any of the above questions? >> >> Allowing for AES-GCM for key wrapping has a benefit for hardware > situations >> as only the encrypt and not the decrypt functions need to be placed in >> hardware. However allowing for this key wrapping give a problem as there > is >> no way to encode the three fields into the encrypted value unless with use >> either a JSON structure in this location or we do use the single appended >> binary output stream. The first approach leads to an expansion of the > field by >> double base64 encoding which is highly undesirable. >> >> Jim >> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Jim Schaad
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Mike Jones
- Re: [jose] Use of AES-HMAC algorithm - Consensus … John Bradley
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Russ Housley
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Peck, Michael A
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Matt Miller (mamille2)
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Nat Sakimura
- Re: [jose] Use of AES-HMAC algorithm - Consensus … Edmund Jay
- Re: [jose] Use of AES-HMAC algorithm - Consensus … John Bradley