Re: [jose] #28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Thu, 27 June 2013 15:25 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BDD411E80E2 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 08:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100
X-Spam-Level:
X-Spam-Status: No, score=-100 tagged_above=-999 required=5 tests=[USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tahHIXiZZEQP for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 08:25:50 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 7C51F11E810A for <jose@ietf.org>; Thu, 27 Jun 2013 08:25:46 -0700 (PDT)
Received: from localhost ([127.0.0.1]:48756 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UsE4s-0004zy-Rv; Thu, 27 Jun 2013 17:25:42 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Thu, 27 Jun 2013 15:25:42 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/jose/trac/ticket/28#comment:1
Message-ID: <069.dc8e817f3443ca8137d8048db4905647@trac.tools.ietf.org>
References: <054.7c33f2d20d536f291cb1402eed2d1710@trac.tools.ietf.org>
X-Trac-Ticket-ID: 28
In-Reply-To: <054.7c33f2d20d536f291cb1402eed2d1710@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com
Resent-Message-Id: <20130627152549.7C51F11E810A@ietfa.amsl.com>
Resent-Date: Thu, 27 Jun 2013 08:25:46 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 15:25:51 -0000
#28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode Comment (by michael.jones@microsoft.com): Thanks for pointing out the NIST text. Rather than prohibiting the use of GCM, a less heavy-handed means of handling this issue would be to include text such as the following: "NIST SP 800-38D section 8.3 states 'The total number of invocations of the authenticated encryption function shall not exceed 2^32, including all IV lengths and all instances of the authenticated encryption function with the given key.' In accordance with this rule, AES GCM MUST NOT be used with the same direct encryption key more than 2^32 times." No we can’t guarantee that applications will always follow this requirement, but we can’t guarantee that many other requirements are followed either – such as the requirement to use a unique ephemeral key when doing key agreement. Just because incorrect uses are possible doesn’t mean that we shouldn’t enable correct uses. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- mpeck@mitre.org | algorithms@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: algorithms | Resolution: Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/28#comment:1> jose <http://tools.ietf.org/jose/>
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- [jose] #28: AES-GCM should not be allowed for con… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker