[jose] #18: Address MAC key lifetime concerns

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Fri, 05 April 2013 22:10 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 34F6921F98CB for <jose@ietfa.amsl.com>; Fri, 5 Apr 2013 15:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.572
X-Spam-Status: No, score=-102.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Fbv+rmgif13P for <jose@ietfa.amsl.com>; Fri, 5 Apr 2013 15:10:46 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 27CFD21F987C for <jose@ietf.org>; Fri, 5 Apr 2013 15:10:40 -0700 (PDT)
Received: from localhost ([]:58511 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UOEq6-0005LS-LV; Sat, 06 Apr 2013 00:10:30 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "jose issue tracker" <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Fri, 05 Apr 2013 22:10:30 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/18
Message-ID: <049.d29eb38c96b761dee70b1317e2c051c7@trac.tools.ietf.org>
X-Trac-Ticket-ID: 18
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130405221042.27CFD21F987C@ietfa.amsl.com>
Resent-Date: Fri, 5 Apr 2013 15:10:40 -0700 (PDT)
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #18: Address MAC key lifetime concerns
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 22:10:48 -0000

#18: Address MAC key lifetime concerns

 The point was raised on CFRG that it is beneficial to have short-lived MAC

 The current JWS specification works against this objective by relying on
 out-of-band mechanisms for provisioning MAC keys.  If there were a
 mechanism for providing short-lived keys wrapped under a long-lived key,
 as there is in JWE, this would not be an issue.

 The working group needs to do one of two things:
 1. Add wrapped keys to JWS
 2. Add security considerations to JWS REQUIRING that an application
 protocol ensure that key lifetimes are controlled.

 In the past, the group has resolved not to do (1) (see ISSUE-2), but it
 also has not done (2).  To resolve this issue, one of the two options
 above needs to be implemented.

 Reporter:  rlb@ipv.sx   |      Owner:  draft-ietf-jose-json-web-
     Type:  defect       |  signature@tools.ietf.org
 Priority:  major        |     Status:  new
Component:  json-web-    |  Milestone:
  signature              |    Version:
 Severity:  -            |   Keywords:

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/18>
jose <http://tools.ietf.org/jose/>