[jose] #8: Direct mode for key agreement needs security analysis

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Fri, 18 January 2013 23:24 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F305E21F8698 for <jose@ietfa.amsl.com>; Fri, 18 Jan 2013 15:24:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id RaQkWZ50-u7I for <jose@ietfa.amsl.com>; Fri, 18 Jan 2013 15:24:08 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 63C6821F872C for <jose@ietf.org>; Fri, 18 Jan 2013 15:24:08 -0800 (PST)
Received: from localhost ([]:39136 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1TwLI3-000142-Tj; Sat, 19 Jan 2013 00:24:03 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rbarnes@bbn.com
X-Trac-Project: jose
Date: Fri, 18 Jan 2013 23:24:03 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/8
Message-ID: <054.96c0b71d4934f695a54309d767dbf877@trac.tools.ietf.org>
X-Trac-Ticket-ID: 8
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, rbarnes@bbn.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130118232408.63C6821F872C@ietfa.amsl.com>
Resent-Date: Fri, 18 Jan 2013 15:24:08 -0800
Resent-From: trac+jose@trac.tools.ietf.org
X-Mailman-Approved-At: Fri, 18 Jan 2013 15:43:29 -0800
Cc: jose@ietf.org
Subject: [jose] #8: Direct mode for key agreement needs security analysis
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2013 23:24:09 -0000

#8: Direct mode for key agreement needs security analysis

 JWE specifies a "direct encryption" method, in which the output of key
 agreement is used for content encryption instead of key wrapping.  This
 scheme is not used in other IETF security protocols that use key
 agreement, e.g., CMS or IPsec.  CMS uses the agreed key for wrapping.
 IPsec uses it to key the IKE SA, which covers further key agreement.  The
 security considerations needs to justify why this scheme is secure, and
 any relevant constraints (e.g., lifetime of DH keys).

 Reporter:               |      Owner:  draft-ietf-jose-json-web-
  rbarnes@bbn.com        |  encryption@tools.ietf.org
     Type:  defect       |     Status:  new
 Priority:  major        |  Milestone:
Component:  json-web-    |    Version:
  encryption             |   Keywords:
 Severity:  Active WG    |
  Document               |

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/8>
jose <http://tools.ietf.org/jose/>