[jose] 192 bit AES keys

Mike Jones <Michael.Jones@microsoft.com> Thu, 18 July 2013 21:18 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D7CAA21F9E47 for <jose@ietfa.amsl.com>; Thu, 18 Jul 2013 14:18:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.236
X-Spam-Status: No, score=-3.236 tagged_above=-999 required=5 tests=[AWL=-0.638, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id m0-L8pD-BDJ7 for <jose@ietfa.amsl.com>; Thu, 18 Jul 2013 14:17:59 -0700 (PDT)
Received: from db8outboundpool.messaging.microsoft.com (mail-db8lp0186.outbound.messaging.microsoft.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3151811E8209 for <jose@ietf.org>; Thu, 18 Jul 2013 14:17:57 -0700 (PDT)
Received: from mail192-db8-R.bigfish.com ( by DB8EHSOBE014.bigfish.com ( with Microsoft SMTP Server id; Thu, 18 Jul 2013 21:17:55 +0000
Received: from mail192-db8 (localhost []) by mail192-db8-R.bigfish.com (Postfix) with ESMTP id 0611DC02F4 for <jose@ietf.org>; Thu, 18 Jul 2013 21:17:55 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: 0
X-BigFish: VS0(zzc85fhzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h17326ah18c673h1de097h1de096h8275bh8275dhz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dc1h1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail192-db8: domain of microsoft.com designates as permitted sender) client-ip=; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail192-db8 (localhost.localdomain []) by mail192-db8 (MessageSwitch) id 1374182250985186_13068; Thu, 18 Jul 2013 21:17:30 +0000 (UTC)
Received: from DB8EHSMHS001.bigfish.com (unknown []) by mail192-db8.bigfish.com (Postfix) with ESMTP id ECB1D400047 for <jose@ietf.org>; Thu, 18 Jul 2013 21:17:30 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com ( by DB8EHSMHS001.bigfish.com ( with Microsoft SMTP Server (TLS) id; Thu, 18 Jul 2013 21:17:29 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([]) with mapi id 14.03.0136.001; Thu, 18 Jul 2013 21:17:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: 192 bit AES keys
Thread-Index: Ac6D/C12cBeywWJlQkC7ZUVSucIBIQ==
Date: Thu, 18 Jul 2013 21:17:16 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B6EC698@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B6EC698TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [jose] 192 bit AES keys
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2013 21:18:06 -0000

Richard had previously requested that we register algorithm identifiers for AES using 192 bit keys.  As he previously pointed out, "It seems like if we're going to support AES, then we should support AES.  Every AES library I know of supports all three key lengths, so it's not like there's extra cost besides the registry entry."  (I'll note that we already have algorithm identifiers for the "mid-size" HMAC and signature functions "HS384", "RS384", and "ES384".)

I heard no objections at the time.  I'm therefore thinking that we should register algorithm identifiers for these key sizes as well.  Specifically, we would add:
"A192KW", "ECDH-ES+A192KW", "A192GCMKW", "PBES2-HS256+A192KW", "A192CBC-HS384", and "A192GCM".  Support for these algorithms would be optional.

What do people think?

                                                            -- Mike