Re: [jose] #13: Enable AEAD key wrapping
Russ Housley <housley@vigilsec.com> Thu, 04 April 2013 14:03 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14DA721F8C45 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 07:03:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmrostlzCPAs for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 07:03:18 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 8661521F8738 for <jose@ietf.org>; Thu, 4 Apr 2013 07:03:18 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 202B4F2406E; Thu, 4 Apr 2013 10:03:42 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id rIH-CAg3i-h2; Thu, 4 Apr 2013 10:03:02 -0400 (EDT)
Received: from [192.168.2.100] (pool-173-79-232-68.washdc.fios.verizon.net [173.79.232.68]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id D5B93F2406D; Thu, 4 Apr 2013 10:03:37 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <064.ce3bcb37d79ccc16fe24f8188caf1ce8@trac.tools.ietf.org>
Date: Thu, 04 Apr 2013 10:03:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <0B1E91BF-6F31-491B-960B-842096E88562@vigilsec.com>
References: <049.6bd4c5bdeedc5862a9b09a5b5d16aadf@trac.tools.ietf.org> <064.ce3bcb37d79ccc16fe24f8188caf1ce8@trac.tools.ietf.org>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1085)
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, Mike Jones <michael.jones@microsoft.com>, jose@ietf.org
Subject: Re: [jose] #13: Enable AEAD key wrapping
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 14:03:19 -0000
Richard: We need to make sure that the solution is algorithm agile. No matter what we pick, it will need to change in some number of years. Also, when I design a cryptographic security solution, I tend to use one mode for data and another mode for keying material. This approach ensures that a decrypt operation will never return plaintext keying material outside the crypto boundary. So, I strongly support the use of AES-KW or AES-KWP for key wrapping. Russ On Apr 3, 2013, at 11:30 PM, jose issue tracker wrote: > #13: Enable AEAD key wrapping > > > Comment (by rlb@ipv.sx): > > As I understood the feedback from WebCrypto, the desire was for general > AEAD algorithms to be usable in both (1) and (2). And as I expressed at > IETF86, it would be architecturally simpler if we use the same key > wrapping for all wrapped keys, whether attached to JWE or not. > > A proposed solution has been submitted as http://tools.ietf.org/html > /draft-barnes-jose-key-wrapping > > -- > -------------------------+------------------------------------------------- > Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- > Type: defect | encryption@tools.ietf.org > Priority: major | Status: new > Component: json-web- | Milestone: > encryption | Version: > Severity: - | Resolution: > Keywords: | > -------------------------+------------------------------------------------- > > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/13#comment:3> > jose <http://tools.ietf.org/jose/>
- [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping Russ Housley
- Re: [jose] #13: Enable AEAD key wrapping Richard Barnes
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker