Re: [jose] 192 bit AES keys
"Jim Schaad" <ietf@augustcellars.com> Fri, 19 July 2013 17:12 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A42CB11E8163 for <jose@ietfa.amsl.com>; Fri, 19 Jul 2013 10:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.607
X-Spam-Level:
X-Spam-Status: No, score=-3.607 tagged_above=-999 required=5 tests=[AWL=-0.009, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAVU7RdIXxSw for <jose@ietfa.amsl.com>; Fri, 19 Jul 2013 10:12:12 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) by ietfa.amsl.com (Postfix) with ESMTP id E6BE711E8189 for <jose@ietf.org>; Fri, 19 Jul 2013 10:12:11 -0700 (PDT)
Received: from Philemon (mail.augustcellars.com [50.34.17.238]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 372AA2CA3D; Fri, 19 Jul 2013 10:12:11 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Richard Barnes' <rlb@ipv.sx>, 'John Bradley' <ve7jtb@ve7jtb.com>
References: <4E1F6AAD24975D4BA5B16804296739436B6EC698@TK5EX14MBXC284.redmond.corp.microsoft.com> <5CC365A3-7A21-40B3-B5A1-044E4B82D221@ve7jtb.com> <CAL02cgQH5czkGRn2daZh71Jci5oKFBoOfTzOfmHVD-Tah0g-sw@mail.gmail.com>
In-Reply-To: <CAL02cgQH5czkGRn2daZh71Jci5oKFBoOfTzOfmHVD-Tah0g-sw@mail.gmail.com>
Date: Fri, 19 Jul 2013 10:11:08 -0700
Message-ID: <038401ce84a2$f670a970$e351fc50$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0385_01CE8468.4A1309F0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIfgk181M5vviS9HDl2ID68i5g8cgIZJIk+ApF2kPWYpOwkoA==
Content-Language: en-us
Cc: 'Mike Jones' <Michael.Jones@microsoft.com>, jose@ietf.org
Subject: Re: [jose] 192 bit AES keys
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2013 17:12:16 -0000
We need to keep key lengths in algorithm ids for the purpose of key derivation. Additionally there would need to be some way to signal the key length to the system when doing key generation i.e. you would need to change jose.SetCEKAlgorithm("AES128") to jose.SetCEKAlgoirthm("AES", 128) jim From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Richard Barnes Sent: Friday, July 19, 2013 9:47 AM To: John Bradley Cc: Mike Jones; jose@ietf.org Subject: Re: [jose] 192 bit AES keys Or we could just remove the key lengths from the algorithm IDs altogether ;) They really don't add any value. On Thu, Jul 18, 2013 at 6:17 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: I am OK with registering the 192 bit versions. Sent from my iPhone On Jul 18, 2013, at 5:17 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: Richard had previously requested that we register algorithm identifiers for AES using 192 bit keys. As he previously pointed out, "It seems like if we're going to support AES, then we should support AES. Every AES library I know of supports all three key lengths, so it's not like there's extra cost besides the registry entry." (I'll note that we already have algorithm identifiers for the "mid-size" HMAC and signature functions "HS384", "RS384", and "ES384".) I heard no objections at the time. I'm therefore thinking that we should register algorithm identifiers for these key sizes as well. Specifically, we would add: "A192KW", "ECDH-ES+A192KW", "A192GCMKW", "PBES2-HS256+A192KW", "A192CBC-HS384", and "A192GCM". Support for these algorithms would be optional. What do people think? -- Mike _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- [jose] 192 bit AES keys Mike Jones
- Re: [jose] 192 bit AES keys Matt Miller (mamille2)
- Re: [jose] 192 bit AES keys John Bradley
- Re: [jose] 192 bit AES keys Richard Barnes
- Re: [jose] 192 bit AES keys Jim Schaad
- Re: [jose] 192 bit AES keys Richard Barnes
- Re: [jose] 192 bit AES keys John Bradley
- Re: [jose] 192 bit AES keys Richard Barnes
- Re: [jose] 192 bit AES keys Jim Schaad
- Re: [jose] 192 bit AES keys Richard Barnes
- Re: [jose] 192 bit AES keys Mike Jones
- Re: [jose] 192 bit AES keys Richard Barnes