W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2014

Re: Bug 24457 - AES-KW can only wrap a JWK key if its serialization happens to be 8*n bytes long

From: Richard Barnes <rlb@ipv.sx>
Date: Sun, 2 Mar 2014 12:51:47 +0000
Message-ID: <CAL02cgSh_iy8U8r8bWa9A8eBJmPXgRz09_TRPJkmrCJ1uqWvcA@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Yeah, no need for normative text.  It would be helpful to have a note that
says "Reminder: needs to be a multiple of 8 bytes long; pad as you like if
you need to."

On Fri, Feb 28, 2014 at 5:49 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> I agree that this is definitely NOT normative text.
> The only obvious place I can think of is in the generic wrapKey description
> for placement.
> I am neutral on the proposed text and it's inclusion in the document.  It
> is
> not clear to me that it will help, but on the other hand I don't believe it
> is harmful in anyway.
> Jim
> From: Mark Watson [mailto:watsonm@netflix.com]
> Sent: Friday, February 28, 2014 8:41 AM
> To: public-webcrypto@w3.org
> Subject: Bug 24457 - AES-KW can only wrap a JWK key if its serialization
> happens to be 8*n bytes long
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24457
> Alexey re-opened this bug with:
> "A WebCrypto implementation can pad JWK with spaces for AES-KW, but the
> same
> padding can destroy the ability to wrap with RSA-OAEP, because you can run
> out of size limit. So, any padding should be conditional on which algorithm
> will be used for encryption in a later step of wrapping algorithm.
> I think that it would be appropriate to have normative text. But even if
> it's simply a note, it should be:
> 1. Substantially more elaborate than suggested above.
> 2. Added as part of this bug (so it seems like the bug should remain open
> until the note is added)."
> I would suggest that any such note be non-normative:
> - There has been strong objection to specifying our own padding scheme
> - There is no _need_ for normative specification to ensure
> interoperability:
> so long as the serialization is valid JSON, we are good.
> A note (I am not sure where it would be) might look something like:
> "Note: Some algorithms used for key wrapping place constraints on the
> payload size. For example AES-KW requires the payload to be a multiple of 8
> bytes in length and RSA-OAEP places a restriction on the length. For key
> formats that offer flexibility in serialization of a given key (for exmaple
> JWK), implementations may choose to adapt the serialization to the
> constraints of the wrapping algorithm."
> Comments ?
> ...Mark
Received on Sunday, 2 March 2014 12:52:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:02:40 UTC