Re: [jose] Draft describing encrypting JWK key representations, with JWE
Richard Barnes <rlb@ipv.sx> Fri, 15 March 2013 16:43 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53AEE21F86DE for <jose@ietfa.amsl.com>; Fri, 15 Mar 2013 09:43:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.435
X-Spam-Level:
X-Spam-Status: No, score=-0.435 tagged_above=-999 required=5 tests=[AWL=-0.010, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXwAyPjsb89C for <jose@ietfa.amsl.com>; Fri, 15 Mar 2013 09:43:17 -0700 (PDT)
Received: from mail-ob0-x22f.google.com (mail-ob0-x22f.google.com [IPv6:2607:f8b0:4003:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id EA97A21F8881 for <jose@ietf.org>; Fri, 15 Mar 2013 09:43:15 -0700 (PDT)
Received: by mail-ob0-f175.google.com with SMTP id uz6so3396510obc.20 for <jose@ietf.org>; Fri, 15 Mar 2013 09:43:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=GNyai0NY0ud8mJSWozwZJkyGPhLhn3SEduTa9Bs/FD8=; b=aIKvrKDbH8ebT1ZX6CtDBuBeKc0qQqVc90FcZZLAHxlT3qrawDZNrfNQcmg4SmNPW0 KmPD7xPapI52RxFqY8sQbKOYq0R9RLQ3tYUswEpIGMTLf199OPS4RT1/k8v3S0o3XyK2 0UnPW1tiAP33hfG6LVL6Uq3gRkvu7nEwXZLER4N7OQnWp1VAEtHqqYrx3Y7V5yJmWBDq gzpULkYGmbx0L5GNvaDTlUzGmKx6ja6R56uEE/FQ4VoP0Xo8otYJvf3QCTnFOQQ2Dmwm jT53ouqgjm1F+kEuz+Bn9Tg23pYu8LzDtZNwvWK0dLg6TigpyZEXZtfzMsIWh1o2gvAR sI3A==
MIME-Version: 1.0
X-Received: by 10.60.9.1 with SMTP id v1mr3097159oea.130.1363365794408; Fri, 15 Mar 2013 09:43:14 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Fri, 15 Mar 2013 09:43:14 -0700 (PDT)
X-Originating-IP: [128.89.254.149]
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367526568@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <mailman.4019.1363356696.3432.cfrg@irtf.org> <51433B12.1020703@gmail.com> <4E1F6AAD24975D4BA5B168042967394367526568@TK5EX14MBXC284.redmond.corp.microsoft.com>
Date: Fri, 15 Mar 2013 12:43:14 -0400
Message-ID: <CAL02cgQ8=yKwArwvR228Z=xi0N3U6yvoOHt6M-3EuCD_HYkyww@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8fb20318e0001104d7f95560"
X-Gm-Message-State: ALoCoQm33H2TDVPRYy0Q3rEhw2POloBoasK/4JgY/wQ0fbff5j0paqf3MLrIJm1DIyANx8g4GvWP
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Draft describing encrypting JWK key representations, with JWE
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2013 16:43:18 -0000
So, Mike, would you be OK with adding PBE to JWE / JWA, as a new key wrapping algorithm? --Richard On Fri, Mar 15, 2013 at 12:14 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > [Adding JOSE mailing list to the thread] > > For clarification, PBKDF2 is not the only algorithm that could be used to > wrap keys in this scheme. This draft *adds* PBKDF2 to the set of > algorithms already specified for use with encryption in the JSON Web > Algorithms (JWA) specification ( > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-08). In > particular, other algorithms such as AES Key Wrap and AES GCM are also > present there. > > I'll let others who are experts in PBKDF2 and password-based encryption > respond to Yaron's specific comment. > > -- Mike > > -----Original Message----- > From: Yaron Sheffer [mailto:yaronf.ietf@gmail.com] > Sent: Friday, March 15, 2013 8:16 AM > To: cfrg@irtf.org; Mike Jones > Subject: Re: Draft describing encrypting JWK key representations, with JWE > > Hi Mike, > > I'm probably missing something, but I'm worried about the security of this > scheme (though I do appreciate the usability/convenience of passwords). > > PBKDF2 is meant to make dictionary attacks on stored passwords harder, as > a second line defense, once the server has been breached. Using it to > encrypt data and then sending the data on the wire, makes the data > vulnerable to this same dictionary attack (in this case the effort comes to > the space of all possible passwords - say 1 million - times 1000). > Moreover, this also puts the password itself in danger. > > Thanks, > Yaron > > > > > ------------------------------ > > > > Message: 5 > > Date: Fri, 15 Mar 2013 14:10:32 +0000 > > From: Mike Jones <Michael.Jones@microsoft.com> > > To: "cfrg@irtf.org" <cfrg@irtf.org> > > Subject: [Cfrg] Draft describing encrypting JWK key representations > > with JWE > > Message-ID: > > > > <4E1F6AAD24975D4BA5B168042967394367522C60@TK5EX14MBXC284.redmond.corp. > > microsoft.com> > > > > Content-Type: text/plain; charset="us-ascii" > > > > http://tools.ietf.org/html/draft-miller-jose-jwe-protected-jwk-01 > > > > This also adds password-based encryption to the algorithm registry. > > > > -- Mike > > > > -------------- next part -------------- An HTML attachment was > > scrubbed... > > URL: > > <http://www.irtf.org/mail-archive/web/cfrg/attachments/20130315/02e36b > > 24/attachment.htm> > > > > ------------------------------ > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > http://www.irtf.org/mailman/listinfo/cfrg > > > > > > End of Cfrg Digest, Vol 95, Issue 3 > > *********************************** > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- Re: [jose] Draft describing encrypting JWK key re… Mike Jones
- Re: [jose] Draft describing encrypting JWK key re… Richard Barnes
- Re: [jose] Draft describing encrypting JWK key re… Mike Jones
- Re: [jose] Draft describing encrypting JWK key re… Richard Barnes
- Re: [jose] Draft describing encrypting JWK key re… Peck, Michael A
- Re: [jose] Draft describing encrypting JWK key re… Mike Jones
- Re: [jose] Draft describing encrypting JWK key re… Peck, Michael A
- Re: [jose] Draft describing encrypting JWK key re… Yaron Sheffer
- Re: [jose] Draft describing encrypting JWK key re… Yaron Sheffer
- Re: [jose] Draft describing encrypting JWK key re… Jim Schaad
- Re: [jose] Draft describing encrypting JWK key re… Matt Miller (mamille2)
- Re: [jose] Draft describing encrypting JWK key re… Yaron Sheffer
- Re: [jose] Draft describing encrypting JWK key re… Yaron Sheffer
- Re: [jose] Draft describing encrypting JWK key re… Ryan Sleevi
- Re: [jose] Draft describing encrypting JWK key re… Yaron Sheffer