We need to keep key lengths in algorithm ids for the purpose of key
derivation. Additionally there would need to be some way to signal the key
length to the system when doing key generation
i.e. you would need to change
jose.SetCEKAlgorithm("AES128") to
jose.SetCEKAlgoirthm("AES", 128)
jim
From: [email protected] [mailto:[email protected]] On Behalf Of
Richard Barnes
Sent: Friday, July 19, 2013 9:47 AM
To: John Bradley
Cc: Mike Jones; [email protected]
Subject: Re: [jose] 192 bit AES keys
Or we could just remove the key lengths from the algorithm IDs altogether ;)
They really don't add any value.
On Thu, Jul 18, 2013 at 6:17 PM, John Bradley <[email protected]> wrote:
I am OK with registering the 192 bit versions.
Sent from my iPhone
On Jul 18, 2013, at 5:17 PM, Mike Jones <[email protected]> wrote:
Richard had previously requested that we register algorithm identifiers for
AES using 192 bit keys. As he previously pointed out, "It seems like if
we're going to support AES, then we should support AES. Every AES library I
know of supports all three key lengths, so it's not like there's extra cost
besides the registry entry." (I'll note that we already have algorithm
identifiers for the "mid-size" HMAC and signature functions "HS384",
"RS384", and "ES384".)
I heard no objections at the time. I'm therefore thinking that we should
register algorithm identifiers for these key sizes as well. Specifically,
we would add:
"A192KW", "ECDH-ES+A192KW", "A192GCMKW", "PBES2-HS256+A192KW",
"A192CBC-HS384", and "A192GCM". Support for these algorithms would be
optional.
What do people think?
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
