W3C home > Mailing lists > Public > public-html-media@w3.org > April 2015

[encrypted-media] Clear Key should not use "A128KW" as the JWK "alg"

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Fri, 10 Apr 2015 23:19:48 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-67701713-1428707987-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Clear Key should not use "A128KW" as the JWK "alg" ==
Clear Key's License Format specifies JWK with an "alg" (algorithm) 
value of "A128KW".

The JSON Web Algorithms (JWA) registry [describes] 
(https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#page-39)
 "A128KW"  as "AES Key Wrap using 128 bit key." However, Clear Key 
does not use key wrapping, so this is an incorrect description of the 
algorithm.

According to the JWK specification of the ["alg" 
parameter](https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41#section-4.4):
> The values used  should either be registered in the
   IANA JSON Web Signature and Encryption Algorithms registry defined 
in
   [JWA] or be a value that contains a Collision-Resistant Name....
 Use of this member is OPTIONAL.


Rather than attempting to register "A128" or using some ugly 
Collision-Resistant Name, we should just drop "alg" from the 
specification. The implementation will use the key as specified by the
 container anyway.



See https://github.com/w3c/encrypted-media/issues/48
Received on Friday, 10 April 2015 23:19:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 10 April 2015 23:19:49 UTC