[jose] #19: JWA needs to specify an IV for use with JWE AES Key Wrap
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Tue, 09 April 2013 19:45 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6974521F9915 for <jose@ietfa.amsl.com>; Tue, 9 Apr 2013 12:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k8sirlvAsQPP for <jose@ietfa.amsl.com>; Tue, 9 Apr 2013 12:45:12 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 9FC1B21F9913 for <jose@ietf.org>; Tue, 9 Apr 2013 12:45:11 -0700 (PDT)
Received: from localhost ([127.0.0.1]:60822 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UPeTc-0000CJ-Hx; Tue, 09 Apr 2013 21:45:08 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, watsonm@netflix.com
X-Trac-Project: jose
Date: Tue, 09 Apr 2013 19:45:08 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/19
Message-ID: <058.8ab7e9fb3e5c44c53a9f01ea0b317516@trac.tools.ietf.org>
X-Trac-Ticket-ID: 19
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-algorithms@tools.ietf.org, watsonm@netflix.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com
Resent-Message-Id: <20130409194511.9FC1B21F9913@ietfa.amsl.com>
Resent-Date: Tue, 09 Apr 2013 12:45:11 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: [jose] #19: JWA needs to specify an IV for use with JWE AES Key Wrap
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 19:45:12 -0000
#19: JWA needs to specify an IV for use with JWE AES Key Wrap Section 4.5 of JSON Web Algorithms specifies the use of AES Key Wrap with JWE with reference to RFC3394. The RFC does not require a particular Initial Value to be used, although it defined a "default Initial Value". Either: (a) The JWA specification needs to specify that the default Initial Value from RFC3394 must be used, or (b) The JWE specification needs to include an object member to specify the Initial Value that was used (note that is this distinct from the Initialization Vector used for the payload encryption). I suggest (a) and I am uncertain of the security properties of (b). -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- watsonm@netflix.com | algorithms@tools.ietf.org Type: defect | Status: new Priority: minor | Milestone: Component: json-web- | Version: algorithms | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/19> jose <http://tools.ietf.org/jose/>
- [jose] #19: JWA needs to specify an IV for use wi… jose issue tracker
- Re: [jose] #19: JWA needs to specify an IV for us… jose issue tracker
- Re: [jose] #19: JWA needs to specify an IV for us… Russ Housley
- Re: [jose] #19: JWA needs to specify an IV for us… jose issue tracker
- Re: [jose] #19: JWA needs to specify an IV for us… jose issue tracker
- Re: [jose] #19: JWA needs to specify an IV for us… Richard Barnes
- Re: [jose] #19: JWA needs to specify an IV for us… jose issue tracker