draft-ietf-jose-json-web-algorithms-38.txt   draft-ietf-jose-json-web-algorithms-39.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track December 9, 2014 Intended status: Standards Track December 30, 2014
Expires: June 12, 2015 Expires: July 3, 2015
JSON Web Algorithms (JWA) JSON Web Algorithms (JWA)
draft-ietf-jose-json-web-algorithms-38 draft-ietf-jose-json-web-algorithms-39
Abstract Abstract
The JSON Web Algorithms (JWA) specification registers cryptographic The JSON Web Algorithms (JWA) specification registers cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK)
specifications. It defines several IANA registries for these specifications. It defines several IANA registries for these
identifiers. identifiers.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 12, 2015. This Internet-Draft will expire on July 3, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 28 skipping to change at page 3, line 28
6.3.2.3. "q" (Second Prime Factor) Parameter . . . . . . . 31 6.3.2.3. "q" (Second Prime Factor) Parameter . . . . . . . 31
6.3.2.4. "dp" (First Factor CRT Exponent) Parameter . . . . 31 6.3.2.4. "dp" (First Factor CRT Exponent) Parameter . . . . 31
6.3.2.5. "dq" (Second Factor CRT Exponent) Parameter . . . 31 6.3.2.5. "dq" (Second Factor CRT Exponent) Parameter . . . 31
6.3.2.6. "qi" (First CRT Coefficient) Parameter . . . . . . 31 6.3.2.6. "qi" (First CRT Coefficient) Parameter . . . . . . 31
6.3.2.7. "oth" (Other Primes Info) Parameter . . . . . . . 32 6.3.2.7. "oth" (Other Primes Info) Parameter . . . . . . . 32
6.4. Parameters for Symmetric Keys . . . . . . . . . . . . . . 32 6.4. Parameters for Symmetric Keys . . . . . . . . . . . . . . 32
6.4.1. "k" (Key Value) Parameter . . . . . . . . . . . . . . 32 6.4.1. "k" (Key Value) Parameter . . . . . . . . . . . . . . 32
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33
7.1. JSON Web Signature and Encryption Algorithms Registry . . 34 7.1. JSON Web Signature and Encryption Algorithms Registry . . 34
7.1.1. Registration Template . . . . . . . . . . . . . . . . 34 7.1.1. Registration Template . . . . . . . . . . . . . . . . 34
7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 35 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 36
7.2. Header Parameter Names Registration . . . . . . . . . . . 41 7.2. Header Parameter Names Registration . . . . . . . . . . . 42
7.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 41 7.2.1. Registry Contents . . . . . . . . . . . . . . . . . . 42
7.3. JSON Web Encryption Compression Algorithms Registry . . . 42 7.3. JSON Web Encryption Compression Algorithms Registry . . . 43
7.3.1. Registration Template . . . . . . . . . . . . . . . . 42 7.3.1. Registration Template . . . . . . . . . . . . . . . . 43
7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 43 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 44
7.4. JSON Web Key Types Registry . . . . . . . . . . . . . . . 43 7.4. JSON Web Key Types Registry . . . . . . . . . . . . . . . 44
7.4.1. Registration Template . . . . . . . . . . . . . . . . 44 7.4.1. Registration Template . . . . . . . . . . . . . . . . 45
7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 44 7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 45
7.5. JSON Web Key Parameters Registration . . . . . . . . . . . 45 7.5. JSON Web Key Parameters Registration . . . . . . . . . . . 46
7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 45 7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 46
7.6. JSON Web Key Elliptic Curve Registry . . . . . . . . . . . 47 7.6. JSON Web Key Elliptic Curve Registry . . . . . . . . . . . 48
7.6.1. Registration Template . . . . . . . . . . . . . . . . 47 7.6.1. Registration Template . . . . . . . . . . . . . . . . 48
7.6.2. Initial Registry Contents . . . . . . . . . . . . . . 48 7.6.2. Initial Registry Contents . . . . . . . . . . . . . . 49
8. Security Considerations . . . . . . . . . . . . . . . . . . . 49 8. Security Considerations . . . . . . . . . . . . . . . . . . . 50
8.1. Cryptographic Agility . . . . . . . . . . . . . . . . . . 49 8.1. Cryptographic Agility . . . . . . . . . . . . . . . . . . 50
8.2. Key Lifetimes . . . . . . . . . . . . . . . . . . . . . . 49 8.2. Key Lifetimes . . . . . . . . . . . . . . . . . . . . . . 50
8.3. RSAES-PKCS1-v1_5 Security Considerations . . . . . . . . . 49 8.3. RSAES-PKCS1-v1_5 Security Considerations . . . . . . . . . 50
8.4. AES GCM Security Considerations . . . . . . . . . . . . . 49 8.4. AES GCM Security Considerations . . . . . . . . . . . . . 50
8.5. Unsecured JWS Security Considerations . . . . . . . . . . 50 8.5. Unsecured JWS Security Considerations . . . . . . . . . . 51
8.6. Denial of Service Attacks . . . . . . . . . . . . . . . . 50 8.6. Denial of Service Attacks . . . . . . . . . . . . . . . . 51
8.7. Reusing Key Material when Encrypting Keys . . . . . . . . 51 8.7. Reusing Key Material when Encrypting Keys . . . . . . . . 52
8.8. Password Considerations . . . . . . . . . . . . . . . . . 51 8.8. Password Considerations . . . . . . . . . . . . . . . . . 52
8.9. Key Entropy and Random Values . . . . . . . . . . . . . . 52 8.9. Key Entropy and Random Values . . . . . . . . . . . . . . 53
8.10. Differences between Digital Signatures and MACs . . . . . 52 8.10. Differences between Digital Signatures and MACs . . . . . 53
8.11. Using Matching Algorithm Strengths . . . . . . . . . . . . 52 8.11. Using Matching Algorithm Strengths . . . . . . . . . . . . 53
8.12. Adaptive Chosen-Ciphertext Attacks . . . . . . . . . . . . 52 8.12. Adaptive Chosen-Ciphertext Attacks . . . . . . . . . . . . 53
8.13. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 52 8.13. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 53
8.14. RSA Private Key Representations and Blinding . . . . . . . 52 8.14. RSA Private Key Representations and Blinding . . . . . . . 53
9. Internationalization Considerations . . . . . . . . . . . . . 52 9. Internationalization Considerations . . . . . . . . . . . . . 53
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 52 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 53
10.1. Normative References . . . . . . . . . . . . . . . . . . . 52 10.1. Normative References . . . . . . . . . . . . . . . . . . . 53
10.2. Informative References . . . . . . . . . . . . . . . . . . 54 10.2. Informative References . . . . . . . . . . . . . . . . . . 55
Appendix A. Algorithm Identifier Cross-Reference . . . . . . . . 56 Appendix A. Algorithm Identifier Cross-Reference . . . . . . . . 57
A.1. Digital Signature/MAC Algorithm Identifier A.1. Digital Signature/MAC Algorithm Identifier
Cross-Reference . . . . . . . . . . . . . . . . . . . . . 57 Cross-Reference . . . . . . . . . . . . . . . . . . . . . 58
A.2. Key Management Algorithm Identifier Cross-Reference . . . 57 A.2. Key Management Algorithm Identifier Cross-Reference . . . 58
A.3. Content Encryption Algorithm Identifier Cross-Reference . 58 A.3. Content Encryption Algorithm Identifier Cross-Reference . 59
Appendix B. Test Cases for AES_CBC_HMAC_SHA2 Algorithms . . . . . 59 Appendix B. Test Cases for AES_CBC_HMAC_SHA2 Algorithms . . . . . 60
B.1. Test Cases for AES_128_CBC_HMAC_SHA_256 . . . . . . . . . 60 B.1. Test Cases for AES_128_CBC_HMAC_SHA_256 . . . . . . . . . 61
B.2. Test Cases for AES_192_CBC_HMAC_SHA_384 . . . . . . . . . 61 B.2. Test Cases for AES_192_CBC_HMAC_SHA_384 . . . . . . . . . 62
B.3. Test Cases for AES_256_CBC_HMAC_SHA_512 . . . . . . . . . 62 B.3. Test Cases for AES_256_CBC_HMAC_SHA_512 . . . . . . . . . 63
Appendix C. Example ECDH-ES Key Agreement Computation . . . . . . 63 Appendix C. Example ECDH-ES Key Agreement Computation . . . . . . 64
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 65 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 66
Appendix E. Document History . . . . . . . . . . . . . . . . . . 66 Appendix E. Document History . . . . . . . . . . . . . . . . . . 67
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 77 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 78
1. Introduction 1. Introduction
The JSON Web Algorithms (JWA) specification registers cryptographic The JSON Web Algorithms (JWA) specification registers cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS) [JWS], JSON Web Encryption (JWE) [JWE], and JSON Web Key (JWK) (JWS) [JWS], JSON Web Encryption (JWE) [JWE], and JSON Web Key (JWK)
[JWK] specifications. It defines several IANA registries for these [JWK] specifications. It defines several IANA registries for these
identifiers. All these specifications utilize JavaScript Object identifiers. All these specifications utilize JavaScript Object
Notation (JSON) [RFC7159] based data structures. This specification Notation (JSON) [RFC7159] based data structures. This specification
also describes the semantics and operations that are specific to also describes the semantics and operations that are specific to
skipping to change at page 35, line 46 skipping to change at page 35, line 46
For Standards Track RFCs, state "IESG". For others, give the name For Standards Track RFCs, state "IESG". For others, give the name
of the responsible party. Other details (e.g., postal address, of the responsible party. Other details (e.g., postal address,
email address, home page URI) may also be included. email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document(s) that specify the parameter, Reference to the document(s) that specify the parameter,
preferably including URI(s) that can be used to retrieve copies of preferably including URI(s) that can be used to retrieve copies of
the document(s). An indication of the relevant sections may also the document(s). An indication of the relevant sections may also
be included but is not required. be included but is not required.
Algorithm Analysis Documents(s):
References to publication(s) in well-known cryptographic
conferences, by national standards bodies, or by other
authoritative sources analyzing the cryptographic soundness of the
algorithm to be registered. The designated experts may require
convincing evidence of the cryptographic soundness of a new
algorithm to be provided with the registration request unless the
algorithm is being registered as Deprecated or Prohibited. Having
gone through working group and IETF review, the initial
registrations made by this document are exempt from the need to
provide this information.
7.1.2. Initial Registry Contents 7.1.2. Initial Registry Contents
o Algorithm Name: "HS256" o Algorithm Name: "HS256"
o Algorithm Description: HMAC using SHA-256 o Algorithm Description: HMAC using SHA-256
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Required o JOSE Implementation Requirements: Required
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "HS384" o Algorithm Name: "HS384"
o Algorithm Description: HMAC using SHA-384 o Algorithm Description: HMAC using SHA-384
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "HS512" o Algorithm Name: "HS512"
o Algorithm Description: HMAC using SHA-512 o Algorithm Description: HMAC using SHA-512
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RS256" o Algorithm Name: "RS256"
o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-256 o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-256
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RS384" o Algorithm Name: "RS384"
o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-384 o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-384
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RS512" o Algorithm Name: "RS512"
o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-512 o Algorithm Description: RSASSA-PKCS-v1_5 using SHA-512
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ES256" o Algorithm Name: "ES256"
o Algorithm Description: ECDSA using P-256 and SHA-256 o Algorithm Description: ECDSA using P-256 and SHA-256
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended+ o JOSE Implementation Requirements: Recommended+
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ES384" o Algorithm Name: "ES384"
o Algorithm Description: ECDSA using P-384 and SHA-384 o Algorithm Description: ECDSA using P-384 and SHA-384
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ES512" o Algorithm Name: "ES512"
o Algorithm Description: ECDSA using P-521 and SHA-512 o Algorithm Description: ECDSA using P-521 and SHA-512
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PS256" o Algorithm Name: "PS256"
o Algorithm Description: RSASSA-PSS using SHA-256 and MGF1 with SHA- o Algorithm Description: RSASSA-PSS using SHA-256 and MGF1 with SHA-
256 256
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PS384" o Algorithm Name: "PS384"
o Algorithm Description: RSASSA-PSS using SHA-384 and MGF1 with SHA- o Algorithm Description: RSASSA-PSS using SHA-384 and MGF1 with SHA-
384 384
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PS512" o Algorithm Name: "PS512"
o Algorithm Description: RSASSA-PSS using SHA-512 and MGF1 with SHA- o Algorithm Description: RSASSA-PSS using SHA-512 and MGF1 with SHA-
512 512
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "none" o Algorithm Name: "none"
o Algorithm Description: No digital signature or MAC performed o Algorithm Description: No digital signature or MAC performed
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 3.1 of [[ this document ]] o Specification Document(s): Section 3.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RSA1_5" o Algorithm Name: "RSA1_5"
o Algorithm Description: RSAES-PKCS1-V1_5 o Algorithm Description: RSAES-PKCS1-V1_5
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended- o JOSE Implementation Requirements: Recommended-
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RSA-OAEP" o Algorithm Name: "RSA-OAEP"
o Algorithm Description: RSAES OAEP using default parameters o Algorithm Description: RSAES OAEP using default parameters
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended+ o JOSE Implementation Requirements: Recommended+
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "RSA-OAEP-256" o Algorithm Name: "RSA-OAEP-256"
o Algorithm Description: RSAES OAEP using SHA-256 and MGF1 with SHA- o Algorithm Description: RSAES OAEP using SHA-256 and MGF1 with SHA-
256 256
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A128KW" o Algorithm Name: "A128KW"
o Algorithm Description: AES Key Wrap using 128 bit key o Algorithm Description: AES Key Wrap using 128 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A192KW" o Algorithm Name: "A192KW"
o Algorithm Description: AES Key Wrap using 192 bit key o Algorithm Description: AES Key Wrap using 192 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A256KW" o Algorithm Name: "A256KW"
o Algorithm Description: AES Key Wrap using 256 bit key o Algorithm Description: AES Key Wrap using 256 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "dir" o Algorithm Name: "dir"
o Algorithm Description: Direct use of a shared symmetric key o Algorithm Description: Direct use of a shared symmetric key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ECDH-ES" o Algorithm Name: "ECDH-ES"
o Algorithm Description: ECDH-ES using Concat KDF o Algorithm Description: ECDH-ES using Concat KDF
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended+ o JOSE Implementation Requirements: Recommended+
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ECDH-ES+A128KW" o Algorithm Name: "ECDH-ES+A128KW"
o Algorithm Description: ECDH-ES using Concat KDF and "A128KW" o Algorithm Description: ECDH-ES using Concat KDF and "A128KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ECDH-ES+A192KW" o Algorithm Name: "ECDH-ES+A192KW"
o Algorithm Description: ECDH-ES using Concat KDF and "A192KW" o Algorithm Description: ECDH-ES using Concat KDF and "A192KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "ECDH-ES+A256KW" o Algorithm Name: "ECDH-ES+A256KW"
o Algorithm Description: ECDH-ES using Concat KDF and "A256KW" o Algorithm Description: ECDH-ES using Concat KDF and "A256KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A128GCMKW" o Algorithm Name: "A128GCMKW"
o Algorithm Description: Key wrapping with AES GCM using 128 bit key o Algorithm Description: Key wrapping with AES GCM using 128 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.7 of [[ this document ]] o Specification Document(s): Section 4.7 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A192GCMKW" o Algorithm Name: "A192GCMKW"
o Algorithm Description: Key wrapping with AES GCM using 192 bit key o Algorithm Description: Key wrapping with AES GCM using 192 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.7 of [[ this document ]] o Specification Document(s): Section 4.7 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A256GCMKW" o Algorithm Name: "A256GCMKW"
o Algorithm Description: Key wrapping with AES GCM using 256 bit key o Algorithm Description: Key wrapping with AES GCM using 256 bit key
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.7 of [[ this document ]] o Specification Document(s): Section 4.7 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PBES2-HS256+A128KW" o Algorithm Name: "PBES2-HS256+A128KW"
o Algorithm Description: PBES2 with HMAC SHA-256 and "A128KW" o Algorithm Description: PBES2 with HMAC SHA-256 and "A128KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.8 of [[ this document ]] o Specification Document(s): Section 4.8 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PBES2-HS384+A192KW" o Algorithm Name: "PBES2-HS384+A192KW"
o Algorithm Description: PBES2 with HMAC SHA-384 and "A192KW" o Algorithm Description: PBES2 with HMAC SHA-384 and "A192KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.8 of [[ this document ]] o Specification Document(s): Section 4.8 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "PBES2-HS512+A256KW" o Algorithm Name: "PBES2-HS512+A256KW"
o Algorithm Description: PBES2 with HMAC SHA-512 and "A256KW" o Algorithm Description: PBES2 with HMAC SHA-512 and "A256KW"
wrapping wrapping
o Algorithm Usage Location(s): "alg" o Algorithm Usage Location(s): "alg"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.8 of [[ this document ]] o Specification Document(s): Section 4.8 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A128CBC-HS256" o Algorithm Name: "A128CBC-HS256"
o Algorithm Description: AES_128_CBC_HMAC_SHA_256 authenticated o Algorithm Description: AES_128_CBC_HMAC_SHA_256 authenticated
encryption algorithm encryption algorithm
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Required o JOSE Implementation Requirements: Required
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A192CBC-HS384" o Algorithm Name: "A192CBC-HS384"
o Algorithm Description: AES_192_CBC_HMAC_SHA_384 authenticated o Algorithm Description: AES_192_CBC_HMAC_SHA_384 authenticated
encryption algorithm encryption algorithm
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A256CBC-HS512" o Algorithm Name: "A256CBC-HS512"
o Algorithm Description: AES_256_CBC_HMAC_SHA_512 authenticated o Algorithm Description: AES_256_CBC_HMAC_SHA_512 authenticated
encryption algorithm encryption algorithm
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Required o JOSE Implementation Requirements: Required
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A128GCM" o Algorithm Name: "A128GCM"
o Algorithm Description: AES GCM using 128 bit key o Algorithm Description: AES GCM using 128 bit key
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A192GCM" o Algorithm Name: "A192GCM"
o Algorithm Description: AES GCM using 192 bit key o Algorithm Description: AES GCM using 192 bit key
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Optional o JOSE Implementation Requirements: Optional
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
o Algorithm Name: "A256GCM" o Algorithm Name: "A256GCM"
o Algorithm Description: AES GCM using 256 bit key o Algorithm Description: AES GCM using 256 bit key
o Algorithm Usage Location(s): "enc" o Algorithm Usage Location(s): "enc"
o JOSE Implementation Requirements: Recommended o JOSE Implementation Requirements: Recommended
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of [[ this document ]]
o Algorithm Analysis Documents(s): n/a
7.2. Header Parameter Names Registration 7.2. Header Parameter Names Registration
This specification registers the Header Parameter names defined in This specification registers the Header Parameter names defined in
Section 4.6.1, Section 4.7.1, and Section 4.8.1 in the IANA JSON Web Section 4.6.1, Section 4.7.1, and Section 4.8.1 in the IANA JSON Web
Signature and Encryption Header Parameters registry defined in [JWS]. Signature and Encryption Header Parameters registry defined in [JWS].
7.2.1. Registry Contents 7.2.1. Registry Contents
o Header Parameter Name: "epk" o Header Parameter Name: "epk"
skipping to change at page 55, line 4 skipping to change at page 56, line 4
10.2. Informative References 10.2. Informative References
[CanvasApp] [CanvasApp]
Facebook, "Canvas Applications", 2010. Facebook, "Canvas Applications", 2010.
[I-D.ietf-precis-saslprepbis] [I-D.ietf-precis-saslprepbis]
Saint-Andre, P. and A. Melnikov, "Preparation, Saint-Andre, P. and A. Melnikov, "Preparation,
Enforcement, and Comparison of Internationalized Strings Enforcement, and Comparison of Internationalized Strings
Representing Usernames and Passwords", Representing Usernames and Passwords",
draft-ietf-precis-saslprepbis-12 (work in progress), draft-ietf-precis-saslprepbis-13 (work in progress),
December 2014. December 2014.
[I-D.mcgrew-aead-aes-cbc-hmac-sha2] [I-D.mcgrew-aead-aes-cbc-hmac-sha2]
McGrew, D., Foley, J., and K. Paterson, "Authenticated McGrew, D., Foley, J., and K. Paterson, "Authenticated
Encryption with AES-CBC and HMAC-SHA", Encryption with AES-CBC and HMAC-SHA",
draft-mcgrew-aead-aes-cbc-hmac-sha2-05 (work in progress), draft-mcgrew-aead-aes-cbc-hmac-sha2-05 (work in progress),
July 2014. July 2014.
[I-D.miller-jose-jwe-protected-jwk] [I-D.miller-jose-jwe-protected-jwk]
Miller, M., "Using JavaScript Object Notation (JSON) Web Miller, M., "Using JavaScript Object Notation (JSON) Web
skipping to change at page 66, line 29 skipping to change at page 67, line 29
Jim Schaad, Hannes Tschofenig, and Sean Turner. Jim Schaad, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-39
o Added the Algorithm Analysis Documents(s) field to the IANA JSON
Web Signature and Encryption Algorithms registry.
o Updated the reference to draft-ietf-precis-saslprepbis.
-38 -38
o Require discarding private keys with an "oth" parameter when the o Require discarding private keys with an "oth" parameter when the
implementation does not support private keys with more than two implementation does not support private keys with more than two
primes. primes.
o Replaced uses of the phrases "JWS object" and "JWE object" with o Replaced uses of the phrases "JWS object" and "JWE object" with
"JWS" and "JWE". "JWS" and "JWE".
-37 -37
 End of changes. 45 change blocks. 
51 lines changed or deleted 107 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/