Re: [jose] #14: Support longer wrapped keys than OAEP allows
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Sat, 30 March 2013 22:13 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3968321F8633 for <jose@ietfa.amsl.com>; Sat, 30 Mar 2013 15:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ONMSrcPndlcV for <jose@ietfa.amsl.com>; Sat, 30 Mar 2013 15:13:48 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 6817421F862B for <jose@ietf.org>; Sat, 30 Mar 2013 15:13:48 -0700 (PDT)
Received: from localhost ([127.0.0.1]:46945 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UM41u-0002qN-I6; Sat, 30 Mar 2013 23:13:42 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Sat, 30 Mar 2013 22:13:42 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/14#comment:2
Message-ID: <064.d3c40af21353833721175bca5772180c@trac.tools.ietf.org>
References: <049.a881241698112408b4f26b7cfb4b9103@trac.tools.ietf.org>
X-Trac-Ticket-ID: 14
In-Reply-To: <049.a881241698112408b4f26b7cfb4b9103@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rlb@ipv.sx, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130330221348.6817421F862B@ietfa.amsl.com>
Resent-Date: Sat, 30 Mar 2013 15:13:48 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #14: Support longer wrapped keys than OAEP allows
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2013 22:13:49 -0000
#14: Support longer wrapped keys than OAEP allows Comment (by michael.jones@microsoft.com): As pointed out by James Manger in http://www.ietf.org/mail- archive/web/jose/current/msg01853.html, "Keys for all of the algorithms fit within OAEP with a 2048-bit RSA key. JWA already says RSA key sizes MUST be at least 2048 bits. This already looks sufficient." I agree with James that I know of no use case where this limit will be hit in practice. However it could be that Richard is thinking of encrypting JWKs, rather than wrapping keys, in which case we already have a solution in the form of draft-miller-jose-jwe-protected-jwk. Also, see my comments at http://trac.tools.ietf.org/wg/jose/trac/ticket/13#comment:2 on the desirability of distinguishing between (1) Encrypting the ephemeral symmetric key value used within a JWE and (2) encrypting a JWK or JWK Set containing symmetric and/or private key information and potentially other key attributes, enabling the encrypted JWK or JWK Set to be safely stored or transported. Finally, as Matt Miller wrote in http://www.ietf.org/mail- archive/web/jose/current/msg01863.html, "Personally, I don't think it's worth discussing this much further without a more complete counter- proposal on the table." I agree that a concrete set of proposed changes would be needed to make this actionable. -- -------------------------+------------------------------------------------- Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- Type: defect | encryption@tools.ietf.org Priority: major | Status: new Component: json-web- | Milestone: encryption | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/14#comment:2> jose <http://tools.ietf.org/jose/>
- [jose] #14: Support longer wrapped keys than OAEP… jose issue tracker
- Re: [jose] #14: Support longer wrapped keys than … jose issue tracker
- Re: [jose] #14: Support longer wrapped keys than … Manger, James H
- Re: [jose] #14: Support longer wrapped keys than … Jim Schaad
- Re: [jose] #14: Support longer wrapped keys than … Richard Barnes
- Re: [jose] #14: Support longer wrapped keys than … Manger, James H
- Re: [jose] #14: Support longer wrapped keys than … Mike Jones
- Re: [jose] #14: Support longer wrapped keys than … Richard Barnes
- Re: [jose] #14: Support longer wrapped keys than … Matt Miller (mamille2)
- Re: [jose] #14: Support longer wrapped keys than … Jim Schaad
- Re: [jose] #14: Support longer wrapped keys than … Mike Jones
- Re: [jose] #14: Support longer wrapped keys than … Axel Nennker
- Re: [jose] #14: Support longer wrapped keys than … Axel Nennker
- Re: [jose] #14: Support longer wrapped keys than … jose issue tracker
- Re: [jose] #14: Support longer wrapped keys than … jose issue tracker
- Re: [jose] #14: Support longer wrapped keys than … jose issue tracker