#19: JWA needs to specify an IV for use with JWE AES Key Wrap Section 4.5 of JSON Web Algorithms specifies the use of AES Key Wrap with JWE with reference to RFC3394. The RFC does not require a particular Initial Value to be used, although it defined a "default Initial Value".
Either: (a) The JWA specification needs to specify that the default Initial Value from RFC3394 must be used, or (b) The JWE specification needs to include an object member to specify the Initial Value that was used (note that is this distinct from the Initialization Vector used for the payload encryption). I suggest (a) and I am uncertain of the security properties of (b). -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: minor | Milestone: Component: json-web- | Version: algorithms | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/19> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
