Re: [jose] #13: Enable AEAD key wrapping

"jose issue tracker" <> Sat, 30 March 2013 21:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 96DEE21F860A for <>; Sat, 30 Mar 2013 14:50:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GC0Q+wppWF3U for <>; Sat, 30 Mar 2013 14:50:52 -0700 (PDT)
Received: from ( [IPv6:2a01:3f0:1:2::30]) by (Postfix) with ESMTP id B9AA621F85FC for <>; Sat, 30 Mar 2013 14:50:51 -0700 (PDT)
Received: from localhost ([]:45433 ident=www-data) by with esmtp (Exim 4.80) (envelope-from <>) id 1UM3fh-0000B4-RF; Sat, 30 Mar 2013 22:50:45 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
X-Trac-Project: jose
Date: Sat, 30 Mar 2013 21:50:45 -0000
Message-ID: <>
References: <>
X-Trac-Ticket-ID: 13
In-Reply-To: <>
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Resent-Message-Id: <>
Resent-Date: Sat, 30 Mar 2013 14:50:51 -0700
Subject: Re: [jose] #13: Enable AEAD key wrapping
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 30 Mar 2013 21:50:52 -0000

#13: Enable AEAD key wrapping

Comment (by

 It seems to me that the term "key wrapping" is being used for two
 different things in discussions with the JOSE working group:  (1)
 Encrypting the ephemeral symmetric key value used within a JWE and (2)
 encrypting a JWK or JWK Set containing symmetric and/or private key
 information and potentially other key attributes, enabling the encrypted
 JWK or JWK Set to be safely stored or transported.  It think it would
 clarify the discussions to clearly distinguish between these use cases,
 and to consider them separately.

 For instance, I don't think anyone is proposing using A128GCM or
 A128CBC+HS256 directly for (1), whereas they can already be used as part
 of (2) if the JWK is encrypted in a JWE, per draft-miller-jose-jwe-
 protected-jwk.  Given the opinions voiced at the IETF 86 CFRG meeting that
 it's fine to use approved authenticated encryption algorithms to encrypt
 keys (, I
 believe that there's nothing additional we need to do to enable using
 these algorithms for (2).

 Finally, I believe that this issue statement would be much more useful if
 accompanied by a concrete proposed solution to be considered by the
 working group.  As it is, it's not clear what specific specification
 changes are being requested or suggested.

 Reporter:   |       Owner:  draft-ietf-jose-json-web-
     Type:  defect       |
 Priority:  major        |      Status:  new
Component:  json-web-    |   Milestone:
  encryption             |     Version:
 Severity:  -            |  Resolution:
 Keywords:               |

Ticket URL: <>
jose <>