Re: [jose] #14: Support longer wrapped keys than OAEP allows

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Sat, 30 March 2013 22:13 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3968321F8633 for <jose@ietfa.amsl.com>; Sat, 30 Mar 2013 15:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ONMSrcPndlcV for <jose@ietfa.amsl.com>; Sat, 30 Mar 2013 15:13:48 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 6817421F862B for <jose@ietf.org>; Sat, 30 Mar 2013 15:13:48 -0700 (PDT)
Received: from localhost ([127.0.0.1]:46945 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UM41u-0002qN-I6; Sat, 30 Mar 2013 23:13:42 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Sat, 30 Mar 2013 22:13:42 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/14#comment:2
Message-ID: <064.d3c40af21353833721175bca5772180c@trac.tools.ietf.org>
References: <049.a881241698112408b4f26b7cfb4b9103@trac.tools.ietf.org>
X-Trac-Ticket-ID: 14
In-Reply-To: <049.a881241698112408b4f26b7cfb4b9103@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130330221348.6817421F862B@ietfa.amsl.com>
Resent-Date: Sat, 30 Mar 2013 15:13:48 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #14: Support longer wrapped keys than OAEP allows
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2013 22:13:49 -0000

#14: Support longer wrapped keys than OAEP allows


Comment (by michael.jones@microsoft.com):

 As pointed out by James Manger in http://www.ietf.org/mail-
 archive/web/jose/current/msg01853.html, "Keys for all of the algorithms
 fit within OAEP with a 2048-bit RSA key. JWA already says RSA key sizes
 MUST be at least 2048 bits.

 This already looks sufficient."

 I agree with James that I know of no use case where this limit will be hit
 in practice.  However it could be that Richard is thinking of encrypting
 JWKs, rather than wrapping keys, in which case we already have a solution
 in the form of draft-miller-jose-jwe-protected-jwk.  Also, see my comments
 at http://trac.tools.ietf.org/wg/jose/trac/ticket/13#comment:2 on the
 desirability of distinguishing between (1) Encrypting the ephemeral
 symmetric key value used within a JWE and (2) encrypting a JWK or JWK Set
 containing symmetric and/or private key information and potentially other
 key attributes, enabling the encrypted JWK or JWK Set to be safely stored
 or transported.

 Finally, as Matt Miller wrote in http://www.ietf.org/mail-
 archive/web/jose/current/msg01863.html, "Personally, I don't think it's
 worth discussing this much further without a more complete counter-
 proposal on the table."  I agree that a concrete set of proposed changes
 would be needed to make this actionable.

-- 
-------------------------+-------------------------------------------------
 Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
     Type:  defect       |  encryption@tools.ietf.org
 Priority:  major        |      Status:  new
Component:  json-web-    |   Milestone:
  encryption             |     Version:
 Severity:  -            |  Resolution:
 Keywords:               |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/14#comment:2>
jose <http://tools.ietf.org/jose/>