Ok, fine. :) I can buy that it needs to be there for key derivation in the combined cases (e.g., ECDH-ES+A128GCM). The need to specify key length at generation time is not a JOSE issue.
On Fri, Jul 19, 2013 at 1:11 PM, Jim Schaad <[email protected]> wrote: > We need to keep key lengths in algorithm ids for the purpose of key > derivation. Additionally there would need to be some way to signal the key > length to the system when doing key generation**** > > ** ** > > i.e. you would need to change**** > > jose.SetCEKAlgorithm(“AES128”) to**** > > jose.SetCEKAlgoirthm(“AES”, 128)**** > > ** ** > > jim**** > > ** ** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Richard Barnes > *Sent:* Friday, July 19, 2013 9:47 AM > *To:* John Bradley > *Cc:* Mike Jones; [email protected] > *Subject:* Re: [jose] 192 bit AES keys**** > > ** ** > > Or we could just remove the key lengths from the algorithm IDs altogether > ;) They really don't add any value.**** > > ** ** > > On Thu, Jul 18, 2013 at 6:17 PM, John Bradley <[email protected]> wrote:** > ** > > I am OK with registering the 192 bit versions. > > Sent from my iPhone**** > > > On Jul 18, 2013, at 5:17 PM, Mike Jones <[email protected]> > wrote:**** > > Richard had previously requested that we register algorithm identifiers > for AES using 192 bit keys. As he previously pointed out, “It seems like > if we're going to support AES, then we should support AES. Every AES > library I know of supports all three key lengths, so it's not like there's > extra cost besides the registry entry.” (I’ll note that we already have > algorithm identifiers for the “mid-size” HMAC and signature functions > “HS384”, “RS384”, and “ES384”.)**** > > **** > > I heard no objections at the time. I’m therefore thinking that we should > register algorithm identifiers for these key sizes as well. Specifically, > we would add:**** > > “A192KW”, “ECDH-ES+A192KW”, “A192GCMKW”, “PBES2-HS256+A192KW”, > “A192CBC-HS384”, and “A192GCM”. Support for these algorithms would be > optional.**** > > **** > > What do people think?**** > > **** > > -- Mike**** > > **** > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
