IETF Logo Mail Archive

Re: [jose] #13: Enable AEAD key wrapping

Richard Barnes <rlb@ipv.sx> Thu, 04 April 2013 16:08 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B5321F8653 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[AWL=-1.276, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3m+oINzIAoXn for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 09:08:40 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5EC21F8634 for <jose@ietf.org>; Thu, 4 Apr 2013 09:08:40 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id uz6so2681903obc.22 for <jose@ietf.org>; Thu, 04 Apr 2013 09:08:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=FpPPcbcJIFLwJoRbOgaAQdLwCNJULYFRfc8Vn4jSh5A=; b=LX+0fT5RoS/QURENSk5Gi7bU//zxCA+1VNa3O+mFjs35RNF0/DvEqdPl3It79flDas YkWdZJU3jjmN1clVvisxQByo+hM9tTosyQhQxy9jnZnmtQUp7MvFv4fBmV/muo29kr13 2bZGCLOegClQgd2y4ThQS6JDh/XhD0pWBycvHIjXYeusskFBxxzD/xL5HE0jjsFhLrIZ OAGIWL0uI5cW3XQvk5nC3f+fe1gfdy0f7eySX5VhwHVFo2WHuPHg8v2vnRqFDkiUy7JD RxRlbYQ42uSST8J+N2siZnU9hdLhdbCoXw0kjmePTkAvAiatgDNEa8n6QeTjOA6aFB6u p/gg==
MIME-Version: 1.0
X-Received: by 10.60.85.35 with SMTP id e3mr4838067oez.117.1365091719796; Thu, 04 Apr 2013 09:08:39 -0700 (PDT)
Received: by 10.60.37.229 with HTTP; Thu, 4 Apr 2013 09:08:39 -0700 (PDT)
X-Originating-IP: [128.33.85.80]
In-Reply-To: <0B1E91BF-6F31-491B-960B-842096E88562@vigilsec.com>
References: <049.6bd4c5bdeedc5862a9b09a5b5d16aadf@trac.tools.ietf.org> <064.ce3bcb37d79ccc16fe24f8188caf1ce8@trac.tools.ietf.org> <0B1E91BF-6F31-491B-960B-842096E88562@vigilsec.com>
Date: Thu, 04 Apr 2013 12:08:39 -0400
Message-ID: <CAL02cgQoj0v7cN4PxkVUWpJYzzHarj031CTu3T1VPDnzVFNs9g@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="089e0111be000bb99504d98b2f1d"
X-Gm-Message-State: ALoCoQk0mFdr/FsIi6VT6xuOMJ2lgl/f3qK3s02SU5Qe4dpcXnG2FvpIXyZlUkpxQKHa0L2HzlXk
Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org, Mike Jones <michael.jones@microsoft.com>, jose@ietf.org
Subject: Re: [jose] #13: Enable AEAD key wrapping
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 16:08:41 -0000

Hi Russ,

There's no question of dropping support for AES-KW or AES-KWP.

As you point out, the desire here is for algorithm agility.  Currently,
there's no way to support other AEAD algorithms besides those two.

--Richard



On Thu, Apr 4, 2013 at 10:03 AM, Russ Housley <housley@vigilsec.com> wrote:

> Richard:
>
> We need to make sure that the solution is algorithm agile.  No matter what
> we pick, it will need to change in some number of years.
>
> Also, when I design a cryptographic security solution, I tend to use one
> mode for data and another mode for keying material. This approach ensures
> that a decrypt operation will never return plaintext keying material
> outside the crypto boundary.  So, I strongly support the use of AES-KW or
> AES-KWP for key wrapping.
>
> Russ
>
> On Apr 3, 2013, at 11:30 PM, jose issue tracker wrote:
>
> > #13: Enable AEAD key wrapping
> >
> >
> > Comment (by rlb@ipv.sx):
> >
> > As I understood the feedback from WebCrypto, the desire was for general
> > AEAD algorithms to be usable in both (1) and (2).  And as I expressed at
> > IETF86, it would be architecturally simpler if we use the same key
> > wrapping for all wrapped keys, whether attached to JWE or not.
> >
> > A proposed solution has been submitted as http://tools.ietf.org/html
> > /draft-barnes-jose-key-wrapping
> >
> > --
> >
> -------------------------+-------------------------------------------------
> > Reporter:  rlb@ipv.sx   |       Owner:  draft-ietf-jose-json-web-
> >     Type:  defect       |  encryption@tools.ietf.org
> > Priority:  major        |      Status:  new
> > Component:  json-web-    |   Milestone:
> >  encryption             |     Version:
> > Severity:  -            |  Resolution:
> > Keywords:               |
> >
> -------------------------+-------------------------------------------------
> >
> > Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/13#comment:3
> >
> > jose <http://tools.ietf.org/jose/>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email