#8: Direct mode for key agreement needs security analysis JWE specifies a "direct encryption" method, in which the output of key agreement is used for content encryption instead of key wrapping. This scheme is not used in other IETF security protocols that use key agreement, e.g., CMS or IPsec. CMS uses the agreed key for wrapping. IPsec uses it to key the IKE SA, which covers further key agreement. The security considerations needs to justify why this scheme is secure, and any relevant constraints (e.g., lifetime of DH keys).
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: encryption | Keywords: Severity: Active WG | Document | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/8> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
