Greg based on your analysis I have closed this issue. Clearly it wasn’t going to make it into 16.40 given that features are done at this point.
From: Greg Zaverucha (AllSeen JIRA) [mailto:[email protected]] Sent: Thursday, March 24, 2016 4:40 PM To: Lioy, Marcello <[email protected]> Subject: [JIRA] Comment: (ASACORE-1715) Private key protection support for using passphrase not applicable for ECDHE_ECDSA mechanism. [cid:jira-generated-image-avatar-74b7b5b5-5679-46bf-b523-9518771e339c] Greg Zaverucha<https://jira.allseenalliance.org/secure/ViewProfile.jspa?name=gregz> commented on {3} Re: Private key protection support for using passphrase not applicable for ECDHE_ECDSA mechanism.<https://jira.allseenalliance.org/browse/ASACORE-1715> After discussing with Kevin Kane<https://jira.allseenalliance.org/secure/ViewProfile.jspa?name=kkane> we decided this feature is not worth adding. In Security 2.0 world everything is kept in the keystore, so there’s not as much of an issue. The only real use case for the app to supply credentials are Security 1.0 interactions using ECDSA. Also, this mechanism is difficult to use in a way that provides strong security, since the passphrase must have high entropy, there is little security when the typical user-chose passphrase is used. If you don't use a user-chosen secret, you have two private key protection problems. A workaround for apps that need additional protections is to implement them in the app. [Add Comment]<https://jira.allseenalliance.org/browse/ASACORE-1715#add-comment> Add Comment<https://jira.allseenalliance.org/browse/ASACORE-1715#add-comment> Core SW<https://jira.allseenalliance.org/browse/ASACORE> / [New Feature] <https://jira.allseenalliance.org/browse/ASACORE-1715> ASACORE-1715<https://jira.allseenalliance.org/browse/ASACORE-1715> Private key protection support for using passphrase not applicable for ECDHE_ECDSA mechanism.<https://jira.allseenalliance.org/browse/ASACORE-1715> Typically, private keys are protected by passphrase. In AllJoyn for RSA mechanism, the library would take the password protected key and the password and would decrypt the private key. The mechanism was supported because AllJoyn used OpenSSL to do so. This mechanism is no longer supported by the library for ECDHE_ECDSA. This means that the user will h... This message was sent by Atlassian JIRA (v6.4.11#64026-sha1:78f6ec4) [Atlassian logo]
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
