[OAUTH-WG] JWE with A128CBC-HS256
Antonio Sanso <asanso@adobe.com> Fri, 28 March 2014 14:19 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3143A1A065A; Fri, 28 Mar 2014 07:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z928WL3Kk2J8; Fri, 28 Mar 2014 07:19:20 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0239.outbound.protection.outlook.com [207.46.163.239]) by ietfa.amsl.com (Postfix) with ESMTP id B6D851A0651; Fri, 28 Mar 2014 07:19:20 -0700 (PDT)
Received: from CO1PR02MB206.namprd02.prod.outlook.com (10.242.165.144) by CO1PR02MB205.namprd02.prod.outlook.com (10.242.165.139) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 28 Mar 2014 14:19:17 +0000
Received: from CO1PR02MB206.namprd02.prod.outlook.com ([10.242.165.144]) by CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.116]) with mapi id 15.00.0898.005; Fri, 28 Mar 2014 14:19:16 +0000
From: Antonio Sanso <asanso@adobe.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JWE with A128CBC-HS256
Thread-Index: AQHPSpCycCA73yYRfEu550luWR/WWg==
Date: Fri, 28 Mar 2014 14:19:15 +0000
Message-ID: <E03A5014-EDCB-4E7C-A05B-F474D72D1D0E@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.147.117.11]
x-forefront-prvs: 01644DCF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(428001)(189002)(199002)(97186001)(92726001)(95416001)(76786001)(76796001)(74706001)(80976001)(97336001)(92566001)(74876001)(74502001)(47446002)(74662001)(83322001)(20776003)(19580395003)(31966008)(47976001)(94316002)(95666003)(15975445006)(81686001)(81816001)(49866001)(85306002)(87266001)(82746002)(66066001)(47736001)(50986001)(79102001)(85852003)(74366001)(65816001)(54356001)(76176001)(56816005)(83072002)(4396001)(90146001)(69226001)(93136001)(93516002)(86362001)(51856001)(98676001)(2656002)(83716003)(94946001)(80022001)(76482001)(56776001)(59766001)(81342001)(81542001)(33656001)(54316002)(87936001)(77982001)(15202345003)(53806001)(36756003)(46102001); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR02MB205; H:CO1PR02MB206.namprd02.prod.outlook.com; FPR:A348707A.9D342C9A.3273314C.C4E7D9F0.20110; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: adobe.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-ID: <7366396A11C3934392DAA7E1FB8FAC19@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/OO5OaRua-k3fT8OiqX6q2EkQbIs
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: [OAUTH-WG] JWE with A128CBC-HS256
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 14:19:23 -0000
hi *, in the JWT specification [0] there is an example of a JWE that use A128CBC-HS256 for content encrpyption. Now I am not a cryptographer my self but IIUC the same CEK is used for encrypting with AES and authentication HMAC. AFAIK is better to use two different keys for those 2 different primitives (this will not obviously apply to AES_GCM). Unless I am missing something... :) regards antonio [0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1 [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2
- [OAUTH-WG] JWE with A128CBC-HS256 Antonio Sanso
- Re: [OAUTH-WG] JWE with A128CBC-HS256 John Bradley
- Re: [OAUTH-WG] JWE with A128CBC-HS256 Antonio Sanso
- Re: [OAUTH-WG] JWE with A128CBC-HS256 John Bradley
- Re: [OAUTH-WG] JWE with A128CBC-HS256 Mike Jones