Re: [jose] Use of AES-HMAC algorithm
Dick Hardt <dick.hardt@gmail.com> Wed, 27 March 2013 22:28 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A5F21F8FCD for <jose@ietfa.amsl.com>; Wed, 27 Mar 2013 15:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.308
X-Spam-Level:
X-Spam-Status: No, score=-3.308 tagged_above=-999 required=5 tests=[AWL=0.291, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yD-NQBGdTabC for <jose@ietfa.amsl.com>; Wed, 27 Mar 2013 15:28:10 -0700 (PDT)
Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com [209.85.220.43]) by ietfa.amsl.com (Postfix) with ESMTP id E5E0221F8FC6 for <jose@ietf.org>; Wed, 27 Mar 2013 15:28:09 -0700 (PDT)
Received: by mail-pa0-f43.google.com with SMTP id hz11so1201600pad.16 for <jose@ietf.org>; Wed, 27 Mar 2013 15:28:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=MQVVxw7L2cpFKJ9JzU+G8ZkvY9o69JJbQuF3Mqv04HI=; b=kkF1QeK8lprgMvIVyc48ZfVnDcw1rq851KWJsLa6aCj4sQCRQLWbIlr6lA06kfEgSk 11dC6t1m0EGt2tepyEkNz2A8i7M7/XU9h8OqhHl3yOWOQVfDl3uCAtDOag/XR6ZyV8dt wwd+2EO6HmsWl48/9SarS8trtWyev9Xc6Ug6B6gtzc4ae4Jumzz0Efl99GfCzJn9OfGT SK/LMIV3q/7kM1HZvkoGOkwET07X5XB5OC+rXfGbkRZo8mWmG/AC/wY+8dm5SyHpc+eA 7HdZ3s3idf0ab/pakfijS609gNGwXQnckBvhh/onUXZ4xRk9sbeOkCi7MZn+wZcIS/Vm Ue6A==
X-Received: by 10.68.7.106 with SMTP id i10mr1988730pba.43.1364423289499; Wed, 27 Mar 2013 15:28:09 -0700 (PDT)
Received: from [10.0.0.89] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id ef3sm24890584pad.20.2013.03.27.15.28.05 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 Mar 2013 15:28:06 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <006801ce2b39$52595700$f70c0500$@augustcellars.com>
Date: Wed, 27 Mar 2013 15:28:04 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <FD83C5E1-E8E5-4123-9562-4C82E7E38460@gmail.com>
References: <006801ce2b39$52595700$f70c0500$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1503)
Cc: jose@ietf.org
Subject: Re: [jose] Use of AES-HMAC algorithm
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 22:28:10 -0000
Hi Jim Not being at the meeting, I don't have the background to understand what the issue was in order to interpret your email. Having implementations that use AES-HMAC, I want to understand. Any pointers so that I can understand would be greatly appreciated. -- Dick On Mar 27, 2013, at 3:20 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: > <chair> > After spending time looking at and thinking about how to resolve this issue > since I was unable to do so at the last F2F meeting. I have come up with > the following set of issues that might need to be addressed as part of > resolving this issue. > > 1. Do we change from using KDC to having a double size key for the > algorithm? I think that there is probably a consensus that this should be > done. > > 2. Should IVs be prepended to the encrypted body as part of the encoding > steps? If so then this change should be universal. > > Doing so would eliminate one field from all of the encoding formats which > should be considered a plus. > Doing so would force code writers to understand how large the IV is for all > algorithms as the IV would no longer be a separate item. > > 3. Should Authentication Tags be appended to the encrypted body as part of > the encoding steps? > > Doing so would eliminate one field from all of the encoding formats which > should be considered a plus. > Doing so would force code writers to understand how large the IV is for all > algorithms as the IV would no longer be a separate item. > Doing so would force a re-organization for the multiple recipient case as > either all recipient specific data would need to be excluded from the > authentication step or all of the recipient data would need to be included > for by all recipients. > Changing how the recipient info is process is going to give a performance > benefit for sending encrypted items for multiple recipients. > The current strategy of a single IV and key pair with AES-GCM and different > authentication data needs to have CFRG look at it. I am worried that it > might be a serious security flaw. > > 4. Should we reference the McGrew draft and provide text on how things are > changed or should we "copy" the draft into our text? > > 5. If we allow for the use of AES-GCM or AES-HMAC for doing key wrapping, > does this change how we think about any of the above questions? > > Allowing for AES-GCM for key wrapping has a benefit for hardware situations > as only the encrypt and not the decrypt functions need to be placed in > hardware. However allowing for this key wrapping give a problem as there is > no way to encode the three fields into the encrypted value unless with use > either a JSON structure in this location or we do use the single appended > binary output stream. The first approach leads to an expansion of the field > by double base64 encoding which is highly undesirable. > > Jim > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] Use of AES-HMAC algorithm Jim Schaad
- Re: [jose] Use of AES-HMAC algorithm Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm Mike Jones
- Re: [jose] Use of AES-HMAC algorithm Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm Mike Jones
- Re: [jose] Use of AES-HMAC algorithm Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm Manger, James H
- Re: [jose] Use of AES-HMAC algorithm Dick Hardt
- Re: [jose] Use of AES-HMAC algorithm Manger, James H
- Re: [jose] Use of AES-HMAC algorithm Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Use of AES-HMAC algorithm Jim Schaad