draft-ietf-jose-json-web-algorithms-19.txt   draft-ietf-jose-json-web-algorithms-20.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track December 29, 2013 Intended status: Standards Track January 20, 2014
Expires: July 2, 2014 Expires: July 24, 2014
JSON Web Algorithms (JWA) JSON Web Algorithms (JWA)
draft-ietf-jose-json-web-algorithms-19 draft-ietf-jose-json-web-algorithms-20
Abstract Abstract
The JSON Web Algorithms (JWA) specification registers cryptographic The JSON Web Algorithms (JWA) specification registers cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK)
specifications. It defines several IANA registries for these specifications. It defines several IANA registries for these
identifiers. identifiers.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 2, 2014. This Internet-Draft will expire on July 24, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 4, line 9 skipping to change at page 4, line 9
8.5. Plaintext JWS Security Considerations . . . . . . . . . . 49 8.5. Plaintext JWS Security Considerations . . . . . . . . . . 49
8.6. Differences between Digital Signatures and MACs . . . . . 49 8.6. Differences between Digital Signatures and MACs . . . . . 49
8.7. Denial of Service Attacks . . . . . . . . . . . . . . . . 50 8.7. Denial of Service Attacks . . . . . . . . . . . . . . . . 50
8.8. Reusing Key Material when Encrypting Keys . . . . . . . . 50 8.8. Reusing Key Material when Encrypting Keys . . . . . . . . 50
8.9. Password Considerations . . . . . . . . . . . . . . . . . 50 8.9. Password Considerations . . . . . . . . . . . . . . . . . 50
9. Internationalization Considerations . . . . . . . . . . . . . 51 9. Internationalization Considerations . . . . . . . . . . . . . 51
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 51 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.1. Normative References . . . . . . . . . . . . . . . . . . . 51 10.1. Normative References . . . . . . . . . . . . . . . . . . . 51
10.2. Informative References . . . . . . . . . . . . . . . . . . 53 10.2. Informative References . . . . . . . . . . . . . . . . . . 53
Appendix A. Algorithm Identifier Cross-Reference . . . . . . . . 54 Appendix A. Algorithm Identifier Cross-Reference . . . . . . . . 55
A.1. Digital Signature/MAC Algorithm Identifier A.1. Digital Signature/MAC Algorithm Identifier
Cross-Reference . . . . . . . . . . . . . . . . . . . . . 55 Cross-Reference . . . . . . . . . . . . . . . . . . . . . 55
A.2. Key Management Algorithm Identifier Cross-Reference . . . 55 A.2. Key Management Algorithm Identifier Cross-Reference . . . 56
A.3. Content Encryption Algorithm Identifier Cross-Reference . 56 A.3. Content Encryption Algorithm Identifier Cross-Reference . 56
Appendix B. Test Cases for AES_CBC_HMAC_SHA2 Algorithms . . . . . 57 Appendix B. Test Cases for AES_CBC_HMAC_SHA2 Algorithms . . . . . 57
B.1. Test Cases for AES_128_CBC_HMAC_SHA_256 . . . . . . . . . 58 B.1. Test Cases for AES_128_CBC_HMAC_SHA_256 . . . . . . . . . 58
B.2. Test Cases for AES_192_CBC_HMAC_SHA_384 . . . . . . . . . 59 B.2. Test Cases for AES_192_CBC_HMAC_SHA_384 . . . . . . . . . 59
B.3. Test Cases for AES_256_CBC_HMAC_SHA_512 . . . . . . . . . 60 B.3. Test Cases for AES_256_CBC_HMAC_SHA_512 . . . . . . . . . 60
Appendix C. Example ECDH-ES Key Agreement Computation . . . . . . 61 Appendix C. Example ECDH-ES Key Agreement Computation . . . . . . 61
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 63 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 63
Appendix E. Document History . . . . . . . . . . . . . . . . . . 64 Appendix E. Document History . . . . . . . . . . . . . . . . . . 64
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 71 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 72
1. Introduction 1. Introduction
The JSON Web Algorithms (JWA) specification registers cryptographic The JSON Web Algorithms (JWA) specification registers cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS) [JWS], JSON Web Encryption (JWE) [JWE], and JSON Web Key (JWK) (JWS) [JWS], JSON Web Encryption (JWE) [JWE], and JSON Web Key (JWK)
[JWK] specifications. It defines several IANA registries for these [JWK] specifications. It defines several IANA registries for these
identifiers. All these specifications utilize JavaScript Object identifiers. All these specifications utilize JavaScript Object
Notation (JSON) [RFC4627] based data structures. This specification Notation (JSON) [I-D.ietf-json-rfc4627bis] based data structures.
also describes the semantics and operations that are specific to This specification also describes the semantics and operations that
these algorithms and key types. are specific to these algorithms and key types.
Registering the algorithms and identifiers here, rather than in the Registering the algorithms and identifiers here, rather than in the
JWS, JWE, and JWK specifications, is intended to allow them to remain JWS, JWE, and JWK specifications, is intended to allow them to remain
unchanged in the face of changes in the set of Required, Recommended, unchanged in the face of changes in the set of Required, Recommended,
Optional, and Deprecated algorithms over time. This also allows Optional, and Deprecated algorithms over time. This also allows
changes to the JWS, JWE, and JWK specifications without changing this changes to the JWS, JWE, and JWK specifications without changing this
document. document.
Names defined by this specification are short because a core goal is Names defined by this specification are short because a core goal is
for the resulting representations to be compact. for the resulting representations to be compact.
skipping to change at page 51, line 39 skipping to change at page 51, line 39
10.1. Normative References 10.1. Normative References
[AES] National Institute of Standards and Technology (NIST), [AES] National Institute of Standards and Technology (NIST),
"Advanced Encryption Standard (AES)", FIPS PUB 197, "Advanced Encryption Standard (AES)", FIPS PUB 197,
November 2001. November 2001.
[DSS] National Institute of Standards and Technology, "Digital [DSS] National Institute of Standards and Technology, "Digital
Signature Standard (DSS)", FIPS PUB 186-4, July 2013. Signature Standard (DSS)", FIPS PUB 186-4, July 2013.
[I-D.ietf-json-rfc4627bis]
Bray, T., "The JSON Data Interchange Format",
draft-ietf-json-rfc4627bis-10 (work in progress),
December 2013.
[I-D.melnikov-precis-saslprepbis] [I-D.melnikov-precis-saslprepbis]
Saint-Andre, P. and A. Melnikov, "Preparation and Saint-Andre, P. and A. Melnikov, "Preparation and
Comparison of Internationalized Strings Representing Comparison of Internationalized Strings Representing
Simple User Names and Passwords", Simple User Names and Passwords",
draft-melnikov-precis-saslprepbis-04 (work in progress), draft-melnikov-precis-saslprepbis-04 (work in progress),
September 2012. September 2012.
[JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web
Encryption (JWE)", draft-ietf-jose-json-web-encryption Encryption (JWE)", draft-ietf-jose-json-web-encryption
(work in progress), December 2013. (work in progress), January 2014.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)",
draft-ietf-jose-json-web-key (work in progress), draft-ietf-jose-json-web-key (work in progress),
December 2013. January 2014.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), December 2013. in progress), January 2014.
[NIST.800-38A] [NIST.800-38A]
National Institute of Standards and Technology (NIST), National Institute of Standards and Technology (NIST),
"Recommendation for Block Cipher Modes of Operation", "Recommendation for Block Cipher Modes of Operation",
NIST PUB 800-38A, December 2001. NIST PUB 800-38A, December 2001.
[NIST.800-38D] [NIST.800-38D]
National Institute of Standards and Technology (NIST), National Institute of Standards and Technology (NIST),
"Recommendation for Block Cipher Modes of Operation: "Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC", NIST PUB 800-38D, Galois/Counter Mode (GCM) and GMAC", NIST PUB 800-38D,
skipping to change at page 52, line 49 skipping to change at page 53, line 5
[RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard
(AES) Key Wrap Algorithm", RFC 3394, September 2002. (AES) Key Wrap Algorithm", RFC 3394, September 2002.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005. Requirements for Security", BCP 106, RFC 4086, June 2005.
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627, July 2006.
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-
384, and HMAC-SHA-512 with IPsec", RFC 4868, May 2007. 384, and HMAC-SHA-512 with IPsec", RFC 4868, May 2007.
[RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated
Encryption", RFC 5116, January 2008. Encryption", RFC 5116, January 2008.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
skipping to change at page 64, line 17 skipping to change at page 64, line 17
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-20
o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis,
addressing issue #90.
-19 -19
o Used tables to show the correspondence between algorithm o Used tables to show the correspondence between algorithm
identifiers and algorithm descriptions and parameters in the identifiers and algorithm descriptions and parameters in the
algorithm definition sections, addressing issue #183. algorithm definition sections, addressing issue #183.
o Changed the "Implementation Requirements" registry field names to o Changed the "Implementation Requirements" registry field names to
"JOSE Implementation Requirements" to make it clear that these "JOSE Implementation Requirements" to make it clear that these
implementation requirements apply only to JWS and JWE implementation requirements apply only to JWS and JWE
implementations. implementations.
 End of changes. 14 change blocks. 
17 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/