[jose] Support for Wrapped Keys?
"Matt Miller (mamille2)" <mamille2@cisco.com> Wed, 24 October 2012 21:13 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A070F21F8BB8 for <jose@ietfa.amsl.com>; Wed, 24 Oct 2012 14:13:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.667
X-Spam-Level:
X-Spam-Status: No, score=-10.667 tagged_above=-999 required=5 tests=[AWL=-0.068, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAM5d9zTzNYH for <jose@ietfa.amsl.com>; Wed, 24 Oct 2012 14:13:37 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id D7A8F21F8BBE for <jose@ietf.org>; Wed, 24 Oct 2012 14:13:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4392; q=dns/txt; s=iport; t=1351113217; x=1352322817; h=from:to:subject:date:message-id:mime-version; bh=F84goLlTFhjUUQ08v4uxXs7h9CDA37dKs7mxUhe2cwE=; b=Lq8E0tfC7FOIlRxqffsmcy8vhIEqh7PnmOp7FZlsGoTez+D+2tWRekaI rpWwWY+jHP5MDLA1uolJH6wX50DV3QRUWswlMKU6j+4bm1pOY8SXs9EIE dqSe4fUK4TCSWRodHq3eUVSCZ40fu4HXduYC5Pj1iJjyfzCFazTdt60Z+ Y=;
X-Files: smime.p7s : 2214
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjYFAE9ZiFCtJXG+/2dsb2JhbABEhU28MIEIgiABBBIBeAEqJjAnBBMIBhSHYptCgSugEZFtYQOOdIEglC2Ba4Jvghk
X-IronPort-AV: E=Sophos; i="4.80,642,1344211200"; d="p7s'?scan'208"; a="135046534"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-7.cisco.com with ESMTP; 24 Oct 2012 21:13:36 +0000
Received: from xhc-aln-x15.cisco.com (xhc-aln-x15.cisco.com [173.36.12.89]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id q9OLDauh024012 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <jose@ietf.org>; Wed, 24 Oct 2012 21:13:36 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.240]) by xhc-aln-x15.cisco.com ([173.36.12.89]) with mapi id 14.02.0318.001; Wed, 24 Oct 2012 16:13:35 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "<jose@ietf.org>" <jose@ietf.org>
Thread-Topic: Support for Wrapped Keys?
Thread-Index: AQHNsixtFQh89Wn5MUGS4dRC2YkxtQ==
Date: Wed, 24 Oct 2012 21:13:35 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED94115074062@xmb-aln-x11.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [64.101.72.62]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19302.000
x-tm-as-result: No--25.746600-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/signed; boundary="Apple-Mail=_EB5D5783-1CF0-4FFD-A319-1E40E92DA7EB"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Subject: [jose] Support for Wrapped Keys?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 21:13:37 -0000
This is a topic that has been discussed some off-list between myself, Mike Jones, John Bradley, and Nat Sakimura. For XMPP E2E, there is a need to disseminate a "session" master (symmetric) key between the sender and recipients as a wrapped key. To date, this is done in a very custom manner by encrypting the session key with the recipient's public key, and packaging as a partial (read: broken) JWE value. Ideally, I would like a nice way of handling wrapped keys in JWE. The more standardized alternatives I can see are: * Follow JWE, using the session key for both the content key and the content plaintext (feels very awkward) * Follow JWE, generating yet-another-CMK and using the session key as the content plaintext (feels very wasteful) Does anyone else think this is worth supporting? - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. PS: JSMS supports wrapped keys, as does CMS.
- [jose] Support for Wrapped Keys? Matt Miller (mamille2)
- Re: [jose] Support for Wrapped Keys? Mike Jones
- Re: [jose] Support for Wrapped Keys? Matt Miller (mamille2)
- Re: [jose] Support for Wrapped Keys? Mike Jones