- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 5 Mar 2014 14:42:27 -0800
- To: Richard Barnes <rlb@ipv.sx>
- Cc: Jim Schaad <ietf@augustcellars.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAEnTvdC9xUhVe6QBWYBRg2sGV6zUZrbRETQmVLH0NyDO0EhBHg@mail.gmail.com>
Does anyone have any objections to this ? On Mon, Mar 3, 2014 at 1:15 PM, Mark Watson <watsonm@netflix.com> wrote: > My proposal for this is to add an *informative* note to the wrapKey method > description as follows: > > "Informative note: The key wrapping operations for some algorithms place > constraints on the payload size. For example AES-KW requires the payload to > be a multiple of 8 bytes in length and RSA-OAEP places a restriction on the > length. For key formats that offer flexibility in serialization of a given > key (for example JWK), implementations may choose to adapt the > serialization to the constraints of the wrapping algorithm." > > ...Mark > > > On Sun, Mar 2, 2014 at 4:51 AM, Richard Barnes <rlb@ipv.sx> wrote: > >> Yeah, no need for normative text. It would be helpful to have a note >> that says "Reminder: needs to be a multiple of 8 bytes long; pad as you >> like if you need to." >> >> >> On Fri, Feb 28, 2014 at 5:49 PM, Jim Schaad <ietf@augustcellars.com>wrote: >> >>> I agree that this is definitely NOT normative text. >>> >>> The only obvious place I can think of is in the generic wrapKey >>> description >>> for placement. >>> >>> I am neutral on the proposed text and it's inclusion in the document. >>> It is >>> not clear to me that it will help, but on the other hand I don't believe >>> it >>> is harmful in anyway. >>> >>> Jim >>> >>> >>> >>> From: Mark Watson [mailto:watsonm@netflix.com] >>> Sent: Friday, February 28, 2014 8:41 AM >>> To: public-webcrypto@w3.org >>> Subject: Bug 24457 - AES-KW can only wrap a JWK key if its serialization >>> happens to be 8*n bytes long >>> >>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24457 >>> >>> Alexey re-opened this bug with: >>> "A WebCrypto implementation can pad JWK with spaces for AES-KW, but the >>> same >>> padding can destroy the ability to wrap with RSA-OAEP, because you can >>> run >>> out of size limit. So, any padding should be conditional on which >>> algorithm >>> will be used for encryption in a later step of wrapping algorithm. >>> >>> I think that it would be appropriate to have normative text. But even if >>> it's simply a note, it should be: >>> 1. Substantially more elaborate than suggested above. >>> 2. Added as part of this bug (so it seems like the bug should remain open >>> until the note is added)." >>> I would suggest that any such note be non-normative: >>> - There has been strong objection to specifying our own padding scheme >>> >>> - There is no _need_ for normative specification to ensure >>> interoperability: >>> so long as the serialization is valid JSON, we are good. >>> >>> A note (I am not sure where it would be) might look something like: >>> "Note: Some algorithms used for key wrapping place constraints on the >>> payload size. For example AES-KW requires the payload to be a multiple >>> of 8 >>> bytes in length and RSA-OAEP places a restriction on the length. For key >>> formats that offer flexibility in serialization of a given key (for >>> exmaple >>> JWK), implementations may choose to adapt the serialization to the >>> constraints of the wrapping algorithm." >>> Comments ? >>> ...Mark >>> >>> >>> >>> >>> >> >
Received on Wednesday, 5 March 2014 22:42:54 UTC