Re: [jose] 192 bit AES keys

Fri, 19 Jul 2013 11:24:39 -0700 

+1   I don't think taking the length out of the algorithm and making it a 
separate parameter is a good way to go.

On 2013-07-19, at 1:11 PM, "Jim Schaad" <[email protected]> wrote:

> We need to keep key lengths in algorithm ids for the purpose of key 
> derivation.  Additionally there would need to be some way to signal the key 
> length to the system when doing key generation
>  
> i.e. you would need to change
> jose.SetCEKAlgorithm(“AES128”) to
> jose.SetCEKAlgoirthm(“AES”, 128)
>  
> jim
>  
>  
> From: [email protected] [mailto:[email protected]] On Behalf Of 
> Richard Barnes
> Sent: Friday, July 19, 2013 9:47 AM
> To: John Bradley
> Cc: Mike Jones; [email protected]
> Subject: Re: [jose] 192 bit AES keys
>  
> Or we could just remove the key lengths from the algorithm IDs altogether ;)  
> They really don't add any value.
>  
> 
> On Thu, Jul 18, 2013 at 6:17 PM, John Bradley <[email protected]> wrote:
> I am OK with registering the 192 bit versions. 
> 
> Sent from my iPhone
> 
> On Jul 18, 2013, at 5:17 PM, Mike Jones <[email protected]> wrote:
> 
> Richard had previously requested that we register algorithm identifiers for 
> AES using 192 bit keys.  As he previously pointed out, “It seems like if 
> we're going to support AES, then we should support AES.  Every AES library I 
> know of supports all three key lengths, so it's not like there's extra cost 
> besides the registry entry.”  (I’ll note that we already have algorithm 
> identifiers for the “mid-size” HMAC and signature functions “HS384”, “RS384”, 
> and “ES384”.)
>  
> I heard no objections at the time.  I’m therefore thinking that we should 
> register algorithm identifiers for these key sizes as well.  Specifically, we 
> would add:
> “A192KW”, “ECDH-ES+A192KW”, “A192GCMKW”, “PBES2-HS256+A192KW”, 
> “A192CBC-HS384”, and “A192GCM”.  Support for these algorithms would be 
> optional.
>  
> What do people think?
>  
>                                                             -- Mike
>  
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
> 
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to