Re: [KEYPROV] Recommended AES Key wrapping mechanism
Sean Turner <turners@ieca.com> Fri, 19 February 2010 14:08 UTC
Return-Path: <turners@ieca.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BDDFE3A8168 for <keyprov@core3.amsl.com>; Fri, 19 Feb 2010 06:08:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VdGIv2wYPTlA for <keyprov@core3.amsl.com>; Fri, 19 Feb 2010 06:08:20 -0800 (PST)
Received: from smtp111.biz.mail.re2.yahoo.com (smtp111.biz.mail.re2.yahoo.com [66.196.116.96]) by core3.amsl.com (Postfix) with SMTP id CB5A33A684C for <keyprov@ietf.org>; Fri, 19 Feb 2010 06:08:19 -0800 (PST)
Received: (qmail 35743 invoked from network); 19 Feb 2010 14:10:03 -0000
Received: from thunderfish.local (turners@71.191.2.38 with plain) by smtp111.biz.mail.re2.yahoo.com with SMTP; 19 Feb 2010 06:10:03 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: 0YyOv98VM1mtkJM81Pdx5XQN1oDMSsGAyjHCAFvydni0IHP6dbp0n86lnbZTunNUnxWK3jSOvOsCyvaKLynKrwZEYYcjIIngkUO46WsKoQ_My_0dBZbO6Kdpdb.1LplU37rn4AwFAnK.BXFZMcrXvh6cz1.FOz1B8EMKy29wyVAOa_knOCaVVkMVQMRA0w_BqdM._7MBZnIfqFatvXS24I3vOab5mY2UJ9DwQRo4w1v7kx_JJSCmVM4KT92YYNNvDu_Z4z4z3kmaWXeW1FFXUlRWDrvnHrDtJ_7t037n7FG4vGIeRYPhWVNPI39cUM_IVbkUNnqTmT2yGmx.WnQobTp.rnH603Op92NPUO9IPr3AN50cTYoa0z7Xok5Zf5GwLaebEoB3Bpf.ScFbT__lTjj5En1z1cq3GSN8ek.U4y6PoPAi_AVWD1QdOI2n8t8G.42FuHdhbIw-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4B7E9BB7.6050706@ieca.com>
Date: Fri, 19 Feb 2010 09:09:59 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Philip Hoyer <phoyer@actividentity.com>
References: <5BFE9E473DBFC24CA87F18F29B3F0AC406890504@sur-corp-ex-02.corp.ad.activcard.com>
In-Reply-To: <5BFE9E473DBFC24CA87F18F29B3F0AC406890504@sur-corp-ex-02.corp.ad.activcard.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, Russ Housley <housley@vigilsec.com>, KEYPROV <keyprov@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: [KEYPROV] Recommended AES Key wrapping mechanism
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 14:08:20 -0000
Philip, I think you misread RFC 5649. The last two sentences in Section 4 of RFC 5649 say: "The next two sections specify the wrapping and unwrapping processes, called the extended key wrapping process and the extended key unwrapping process, respectively. These names distinguish these processes from the ones specified in [AES-KW1] and [AES-KW2]." "These names" and "these processes" refer to the "extended key wrapping process" and the "extended key unwrapping process" that are defined in the sections that follow. Also AES-KW2, which is RFC 3394, is just the RFC for AES-KW1, which is the original NIST spec. (I just found these a second ago) The URIs for AES Key Wrap with Padding 128, 192, and 256 are specified here: http://www.w3.org/TR/2009/WD-xmlenc-core1-20090730/#sec-kw-aes-with-pad spt Philip Hoyer wrote: > Ladies and Gentlemen, > > > > In the keyprov specification we have made a recommendation to use > AES-Keywrap algorithms when transporting keys, whose value are not > multiple of 8 bytes. > > > > We referenced a draft from Russ Housley that has now become an RFC > (5649) (http://tools.ietf.org/html/rfc5649) to be precise. > > > > Now reading through the RFC there are two wrapping algorithms presented > AES-KW1 and AES-KW2 > > > > Also even if the spec dfines ASN.1 identifier like 'id-aes128-wrap-pad’ > it does not define any URI for the algorithm. > > > > Since we recommend this algorithm do we need to change the > recommendation text somehow to reference a specific wrapping algorithm > or do we need to define URIs for the keywrap algorithms? > > > > Philip > > > > ________________________________ > > > > Philip Hoyer > > > > Senior Architect - Office of CTO > > > > ActivIdentity (UK) > > 117 Waterloo Road > > London SE1 8UL > > > > Telephone: +44 (0) 20 7960 0220 > > Fax: +44 (0) 20 7902 1985 > > > > Private and confidential: This message and any attachments may contain > > privileged / confidential information. If you are not an intended recipient, > > you must not copy, distribute, discuss or take any action in reliance on it. > > If you have received this communication in error, please notify the sender > > and delete this message immediately. > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > KEYPROV mailing list > KEYPROV@ietf.org > https://www.ietf.org/mailman/listinfo/keyprov
- [KEYPROV] Recommended AES Key wrapping mechanism Philip Hoyer
- Re: [KEYPROV] Recommended AES Key wrapping mechan… Sean Turner
- Re: [KEYPROV] Recommended AES Key wrapping mechan… Philip Hoyer