- From: Mike Jones <Michael.Jones@microsoft.com>
- Date: Wed, 31 Oct 2012 21:22:07 +0000
- To: Axel Nennker <ignisvulpis@gmail.com>, Wan-Teh Chang <wtc@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Ryan Sleevi <sleevi@google.com>, "jose@ietf.org" <jose@ietf.org>, "Axel.Nennker@telekom.de" <Axel.Nennker@telekom.de>
- Message-ID: <4E1F6AAD24975D4BA5B168042967394366885038@TK5EX14MBXC285.redmond.corp.microsoft.>
I agree that this would be useful, but the other factor that's critical is ability to implement when your developer platform doesn't have native support. As demonstrated in the appendices, it's trivial to implement Concat with only SHA-256 and SHA-512. So direct platform support for Concat is actually a non-issue for interoperability, as anyone can build it themselves with a few string concat operations and a single hash.
If other KDFs aren't built-in to all platforms, the key criteria for considering them is that the primitives needed to build them must be (just as they already are for Concat).
-- Mike
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Axel Nennker
Sent: Wednesday, October 31, 2012 2:16 PM
To: Wan-Teh Chang
Cc: Mike Jones; public-webcrypto@w3.org; Ryan Sleevi; jose@ietf.org; Axel.Nennker@telekom.de
Subject: Re: [jose] Platform Support for JWA Crypto Algorithms
I think we need a table with the same platform as in Mike's table that started this discussion with KDFs that actually have implementations.
Specification in RFCs or blessing by NIST does not count. Implementations rule.
Usage
Param Name
Param Val
Description
.NET
Windows native
OS X
iOS
Java JCA
BouncyCastle
Android
PHP
PHPSecLib
Python
M2Crypto
PyCrypto
Ruby
OpenSSL
node.js
NSS
JWE
kdf
CS256
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
JWE
kdf
CS384
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
JWE
kdf
CS512
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
Axel
2012/10/31 Wan-Teh Chang <wtc@google.com<mailto:wtc@google.com>>
On Mon, Oct 29, 2012 at 4:23 PM, Ryan Sleevi <sleevi@google.com<mailto:sleevi@google.com>> wrote:
>
> However, as an NSS developer, I do not see your presented argument as a
> reason not to use Concat-KDF, and Concat-KDF would be more preferable, as a
> NIST-blessed KDF, since NSS cares especially for NIST-blessed algorithms.
I think HKDF (hash-based key derivation function) is also worth considering.
It is specified in RFC 5869 and is also blessed by NIST in SP 800-56C.
Wan-Teh
_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose
Received on Wednesday, 31 October 2012 21:23:17 UTC