Re: [jose] #13: Enable AEAD key wrapping
Richard Barnes <rlb@ipv.sx> Thu, 04 April 2013 16:08 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B5321F8653 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[AWL=-1.276, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3m+oINzIAoXn for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:08:40 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5EC21F8634 for <jose@ietf.org>; Thu, 4 Apr 2013 09:08:40 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id uz6so2681903obc.22 for <jose@ietf.org>; Thu, 04 Apr 2013 09:08:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=FpPPcbcJIFLwJoRbOgaAQdLwCNJULYFRfc8Vn4jSh5A=; b=LX+0fT5RoS/QURENSk5Gi7bU//zxCA+1VNa3O+mFjs35RNF0/DvEqdPl3It79flDas YkWdZJU3jjmN1clVvisxQByo+hM9tTosyQhQxy9jnZnmtQUp7MvFv4fBmV/muo29kr13 2bZGCLOegClQgd2y4ThQS6JDh/XhD0pWBycvHIjXYeusskFBxxzD/xL5HE0jjsFhLrIZ OAGIWL0uI5cW3XQvk5nC3f+fe1gfdy0f7eySX5VhwHVFo2WHuPHg8v2vnRqFDkiUy7JD RxRlbYQ42uSST8J+N2siZnU9hdLhdbCoXw0kjmePTkAvAiatgDNEa8n6QeTjOA6aFB6u p/gg==
MIME-Version: 1.0
X-Received: by 10.60.85.35 with SMTP id e3mr4838067oez.117.1365091719796; Thu, 04 Apr 2013 09:08:39 -0700 (PDT)
Received: by 10.60.37.229 with HTTP; Thu, 4 Apr 2013 09:08:39 -0700 (PDT)
X-Originating-IP: [128.33.85.80]
In-Reply-To: <0B1E91BF-6F31-491B-960B-842096E88562@vigilsec.com>
References: <049.6bd4c5bdeedc5862a9b09a5b5d16aadf@trac.tools.ietf.org> <064.ce3bcb37d79ccc16fe24f8188caf1ce8@trac.tools.ietf.org> <0B1E91BF-6F31-491B-960B-842096E88562@vigilsec.com>
Date: Thu, 04 Apr 2013 12:08:39 -0400
Message-ID: <CAL02cgQoj0v7cN4PxkVUWpJYzzHarj031CTu3T1VPDnzVFNs9g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="089e0111be000bb99504d98b2f1d"
X-Gm-Message-State: ALoCoQk0mFdr/FsIi6VT6xuOMJ2lgl/f3qK3s02SU5Qe4dpcXnG2FvpIXyZlUkpxQKHa0L2HzlXk
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, Mike Jones <michael.jones@microsoft.com>, jose@ietf.org
Subject: Re: [jose] #13: Enable AEAD key wrapping
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 16:08:41 -0000
Hi Russ, There's no question of dropping support for AES-KW or AES-KWP. As you point out, the desire here is for algorithm agility. Currently, there's no way to support other AEAD algorithms besides those two. --Richard On Thu, Apr 4, 2013 at 10:03 AM, Russ Housley <housley@vigilsec.com> wrote: > Richard: > > We need to make sure that the solution is algorithm agile. No matter what > we pick, it will need to change in some number of years. > > Also, when I design a cryptographic security solution, I tend to use one > mode for data and another mode for keying material. This approach ensures > that a decrypt operation will never return plaintext keying material > outside the crypto boundary. So, I strongly support the use of AES-KW or > AES-KWP for key wrapping. > > Russ > > On Apr 3, 2013, at 11:30 PM, jose issue tracker wrote: > > > #13: Enable AEAD key wrapping > > > > > > Comment (by rlb@ipv.sx): > > > > As I understood the feedback from WebCrypto, the desire was for general > > AEAD algorithms to be usable in both (1) and (2). And as I expressed at > > IETF86, it would be architecturally simpler if we use the same key > > wrapping for all wrapped keys, whether attached to JWE or not. > > > > A proposed solution has been submitted as http://tools.ietf.org/html > > /draft-barnes-jose-key-wrapping > > > > -- > > > -------------------------+------------------------------------------------- > > Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- > > Type: defect | encryption@tools.ietf.org > > Priority: major | Status: new > > Component: json-web- | Milestone: > > encryption | Version: > > Severity: - | Resolution: > > Keywords: | > > > -------------------------+------------------------------------------------- > > > > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/13#comment:3 > > > > jose <http://tools.ietf.org/jose/> > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping Russ Housley
- Re: [jose] #13: Enable AEAD key wrapping Richard Barnes
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker
- Re: [jose] #13: Enable AEAD key wrapping jose issue tracker