#28: AES-GCM should not be allowed for content encryption in combination with Direct Encryption key management mode
Comment (by [email protected]): It is not true that there is no need to keep track in this case. An application would still need to ensure that it does not re-use the nonce value when doing the encryption. The simplest way to do this is to have a counter which can then be used to say it has been exceeded. One of the stated goals for this group is to allow crypto to be done by people who are not experts. This means that we need to ensure that there is good text that can be understood to deal with those cases where it is going to be very easy to get things wrong. This is probably one of those cases. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: algorithms | Resolution: Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <https://grenache.tools.ietf.org/wg/jose/trac/ticket/28#comment:6> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
