Re: [jose] #18: Address MAC key lifetime concerns
"jose issue tracker" <trac+jose@trac.tools.ietf.org> Fri, 05 April 2013 22:15 UTC
Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F41321F98F8 for <jose@ietfa.amsl.com>; Fri, 5 Apr 2013 15:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.574
X-Spam-Level:
X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hN6DQrOPQjKA for <jose@ietfa.amsl.com>; Fri, 5 Apr 2013 15:15:34 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id E94D821F98D0 for <jose@ietf.org>; Fri, 5 Apr 2013 15:15:26 -0700 (PDT)
Received: from localhost ([127.0.0.1]:58681 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UOEup-0007Nm-ID; Sat, 06 Apr 2013 00:15:23 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx
X-Trac-Project: jose
Date: Fri, 05 Apr 2013 22:15:23 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/18#comment:1
Message-ID: <064.cb00c32d0f9dcf421e1ee2141cb6ca21@trac.tools.ietf.org>
References: <049.d29eb38c96b761dee70b1317e2c051c7@trac.tools.ietf.org>
X-Trac-Ticket-ID: 18
In-Reply-To: <049.d29eb38c96b761dee70b1317e2c051c7@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-signature@tools.ietf.org, rlb@ipv.sx, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: mbj@microsoft.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com
Resent-Message-Id: <20130405221526.E94D821F98D0@ietfa.amsl.com>
Resent-Date: Fri, 05 Apr 2013 15:15:26 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #18: Address MAC key lifetime concerns
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 22:15:35 -0000
#18: Address MAC key lifetime concerns Comment (by rlb@ipv.sx): As I have argued before, it is my strong opinion that option (1) is the simpler thing to do. There is no great complexity: The key wrapping mechanism is already defined in JWE, so this would simply apply it to JWS as well. Writing the proper considerations for option (2) would be much harder, because you have to specify what an OOB protocol needs to do. (Easier to just write the protocol!) Option (2) would also fail to address a known security gap in the base protocol, which seems irresponsible. This protocol needs to be secure without having to rely on something external. -- -------------------------+------------------------------------------------- Reporter: rlb@ipv.sx | Owner: draft-ietf-jose-json-web- Type: defect | signature@tools.ietf.org Priority: major | Status: new Component: json-web- | Milestone: signature | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/18#comment:1> jose <http://tools.ietf.org/jose/>
- Re: [jose] #18: Address MAC key lifetime concerns jose issue tracker
- [jose] #18: Address MAC key lifetime concerns jose issue tracker
- Re: [jose] #18: Address MAC key lifetime concerns jose issue tracker
- Re: [jose] #18: Address MAC key lifetime concerns jose issue tracker
- Re: [jose] #18: Address MAC key lifetime concerns jose issue tracker