I agree that this would be useful, but the other factor that's critical is 
ability to implement when your developer platform doesn't have native support.  
As demonstrated in the appendices, it's trivial to implement Concat with only 
SHA-256 and SHA-512.  So direct platform support for Concat is actually a 
non-issue for interoperability, as anyone can build it themselves with a few 
string concat operations and a single hash.

If other KDFs aren't built-in to all platforms, the key criteria for 
considering them is that the primitives needed to build them must be (just as 
they already are for Concat).

                                                                           -- 
Mike

From: [email protected] [mailto:[email protected]] On Behalf Of Axel 
Nennker
Sent: Wednesday, October 31, 2012 2:16 PM
To: Wan-Teh Chang
Cc: Mike Jones; [email protected]; Ryan Sleevi; [email protected]; 
[email protected]
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms

I think we need a table with the same platform as in Mike's table that started 
this discussion with KDFs that actually have implementations.
Specification in RFCs or blessing by NIST does not count. Implementations rule.
Usage

Param Name

Param Val

Description

.NET

Windows native

OS X

iOS

Java JCA

BouncyCastle

Android

PHP

PHPSecLib

Python

M2Crypto

PyCrypto

Ruby

OpenSSL

node.js

NSS


JWE

kdf

CS256

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS384

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS512

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO



Axel

2012/10/31 Wan-Teh Chang <[email protected]<mailto:[email protected]>>
On Mon, Oct 29, 2012 at 4:23 PM, Ryan Sleevi 
<[email protected]<mailto:[email protected]>> wrote:
>
> However, as an NSS developer, I do not see your presented argument as a
> reason not to use Concat-KDF, and Concat-KDF would be more preferable, as a
> NIST-blessed KDF, since NSS cares especially for NIST-blessed algorithms.

I think HKDF (hash-based key derivation function) is also worth considering.
It is specified in RFC 5869 and is also blessed by NIST in SP 800-56C.

Wan-Teh
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to