[jose] #28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Thu, 27 June 2013 15:28 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB2A21F9DB2 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 08:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100
X-Spam-Level:
X-Spam-Status: No, score=-100 tagged_above=-999 required=5 tests=[USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7aZYCXWQSzx4 for <jose@ietfa.amsl.com>; Thu, 27 Jun 2013 08:28:48 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id A9FD921F9E31 for <jose@ietf.org>; Thu, 27 Jun 2013 08:13:18 -0700 (PDT)
Received: from localhost ([127.0.0.1]:47715 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UsDsm-0000Gg-Ih; Thu, 27 Jun 2013 17:13:12 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, mpeck@mitre.org
X-Trac-Project: jose
Date: Thu, 27 Jun 2013 15:13:12 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://tools.ietf.org/wg/jose/trac/ticket/28
Message-ID: <054.7c33f2d20d536f291cb1402eed2d1710@trac.tools.ietf.org>
X-Trac-Ticket-ID: 28
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, mpeck@mitre.org, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com
Resent-Message-Id: <20130627151321.A9FD921F9E31@ietfa.amsl.com>
Resent-Date: Thu, 27 Jun 2013 08:13:18 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 15:28:49 -0000
#28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode Section 4.9 of draft-ietf-jose-json-web-algorithms should prohibit use of the A128GCM and A256GCM "enc" content encryption algorithms in combination with the Direct Encryption key management mode (when the value of "alg" is "dir"). NIST SP 800-38D section 8.3 states "The total number of invocations of the authenticated encryption function shall not exceed 2^32 , including all IV lengths and all instances of the authenticated encryption function with the given key." There is no way to guarantee compliance with this using the Direct Encryption mode. All of the other modes are OK because they generate or derive a fresh CEK for each message. Existing RFCs using GCM include requirements for "automated key management", for example RFC 4106 Section 2 and RFC 5084. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- mpeck@mitre.org | algorithms@tools.ietf.org Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: algorithms | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://tools.ietf.org/wg/jose/trac/ticket/28> jose <http://tools.ietf.org/jose/>
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- [jose] #28: AES-GCM should not be allowed for con… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker
- Re: [jose] #28: AES-GCM should not be allowed for… jose issue tracker