IETF Logo Mail Archive

Re: [jose] Platform Support for JWA Crypto Algorithms

"Matt Miller (mamille2)" <mamille2@cisco.com> Wed, 31 October 2012 14:41 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8530C21F8810 for <jose@ietfa.amsl.com>; Wed, 31 Oct 2012 07:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QoRXeEnMqxN for <jose@ietfa.amsl.com>; Wed, 31 Oct 2012 07:41:56 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 8058F21F8847 for <jose@ietf.org>; Wed, 31 Oct 2012 07:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4732; q=dns/txt; s=iport; t=1351694503; x=1352904103; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=5NLmvu9jMsbMcncYNk+SM1cgz+l13zSRfXDpqjT+UZE=; b=Ax/e+j6ves7R3hoEai+0DPzOFfAxxEH5KByNf+5vfDpAFCpcUniqm7lz S3iIM5sWPIVUr18n+l+e+k3ijpE40OczSbsG5aC0tfAHWvt4zkfJGKTqC 7efXisEgVTKEMItLmRmiWgkjlUhTjfNw3O3OncxR6xu+b9GKhFKE10PDJ k=;
X-Files: smime.p7s : 2214
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAHc4kVCtJXHA/2dsb2JhbABEw2yBCIIeAQEBAwESAWYFCwIBCA4UDhYCHxElAgQOBQgGFIdSAwkGC5wUljQNiVAEixFngxmCQWEDjnaBIYQKjQaDJoFrgm+CGQ
X-IronPort-AV: E=Sophos; i="4.80,687,1344211200"; d="p7s'?scan'208"; a="137352383"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-8.cisco.com with ESMTP; 31 Oct 2012 14:41:32 +0000
Received: from xhc-rcd-x13.cisco.com (xhc-rcd-x13.cisco.com [173.37.183.87]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id q9VEfXg2024672 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 31 Oct 2012 14:41:33 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.240]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.02.0318.001; Wed, 31 Oct 2012 09:41:32 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Axel Nennker <ignisvulpis@gmail.com>
Thread-Topic: [jose] Platform Support for JWA Crypto Algorithms
Thread-Index: Ac21npPqwtcuERVxRaibRdRS35KObwANGVoQAAd5tsAACDLiIAAO0JKAAApuFWAAFhIhgAAnTZCAAAznJAA=
Date: Wed, 31 Oct 2012 14:41:31 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED941150776FF@xmb-aln-x11.cisco.com>
References: <4E1F6AAD24975D4BA5B168042967394366880D09@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55@HE111541.emea1.cds.t-internal.com> <4E1F6AAD24975D4BA5B16804296739436688123A@TK5EX14MBXC285.redmond.corp.microsoft.com> <CE8995AB5D178F44A2154F5C9A97CAF40252199B9114@HE111541.emea1.cds.t-internal.com> <BF7E36B9C495A6468E8EC573603ED94115076832@xmb-aln-x11.cisco.com> <4E1F6AAD24975D4BA5B16804296739436688296F@TK5EX14MBXC285.redmond.corp.microsoft.com> <BF7E36B9C495A6468E8EC573603ED94115076A6F@xmb-aln-x11.cisco.com> <CAHcDwFyk9DvC18NKzdtb4p0yQW6j4HYbm+KJmkphU965bcVdnw@mail.gmail.com>
In-Reply-To: <CAHcDwFyk9DvC18NKzdtb4p0yQW6j4HYbm+KJmkphU965bcVdnw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [64.101.72.62]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19324.001
x-tm-as-result: No--33.907300-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; boundary="Apple-Mail=_5A6EC4C8-D3DD-4898-ABF1-568A607466BB"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Cc: Mike Jones <Michael.Jones@microsoft.com>, "<public-webcrypto@w3.org>" <public-webcrypto@w3.org>, "<jose@ietf.org>" <jose@ietf.org>, "<Axel.Nennker@telekom.de>" <Axel.Nennker@telekom.de>
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2012 14:41:57 -0000

On Oct 31, 2012, at 2:32 AM, Axel Nennker <ignisvulpis@gmail.com> wrote:

> I think that https://tools.ietf.org/html/rfc2898 (
> https://en.wikipedia.org/wiki/PBKDF2) is a better choice than the
> concat-kdf from NIST.
> PBKDF2 does not care whether the password consists of printable characters
> or whether it is a randomly generated byte strink like our CMK.
> There is no need to base64url the key/cmk.
> 
> In the wikipedia article is a list of implementations which sounds much
> better than our current rows in our crypto-algs compat-table.

I only suggested base64 encoding the key as a way to get past the perceptions around the word "password".  While RFC 2898 does say:

   Throughout this document, a password is considered to be an octet
   string of arbitrary length whose interpretation as a text string is
   unspecified. In the interest of interoperability, however, it is
   recommended that applications follow some common text encoding rules.
   ASCII and UTF-8 [27] are two possibilities. (ASCII is a subset of
   UTF-8.)

All of the implementations I've used or looked at have interpreted "password" to simply be an octet string (as per the rest of RFC 2898).


- m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

v2.23.0 | Report a Bug | By Email