Re: [jose] draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)

Fri, 13 Jun 2014 14:28:26 -0700 

(Adding the JOSE working group)

I believe you're right.  I'll plan to make this change in the next version of 
the spec.

Thanks for the careful read!

                                                            -- Mike

From: Shaun Cooley (shcooley) [mailto:[email protected]]
Sent: Friday, June 13, 2014 10:34 AM
To: Mike Jones
Cc: Matt Miller (mamille2)
Subject: draft-ietf-jose-json-web-algorithms-27: section-5.2 (PKCS #5)

Michael -
 I am working on implementing a browser compatible JS implementation of JOSE, 
based on the work Matt Miller did for Node.JS.  While going through the spec, I 
noticed that PKCS #5 is called out for the AES-CBC ciphers.  Shouldn't this be 
PKCS #7?

PKCS #5 - RFC2898 section 6.2 specifies:
The padding string PS shall consist of 8 - (||M|| mod 8) octets all having 
value 8 - (||M|| mod 8).

PKCS #7 - RFC2315 section 10.3 note 2 specifies:
For such algorithms, the method shall be to pad the input at the trailing end 
with k - (l mod k) octets all having value k - (l mod k), where l is the length 
of the input.

PKCS #7 allows for padding in block sizes of 2-255 bytes, whereas PKCS #5 is 
intended for block sizes of 8.  This means that PKCS #7 is a superset of #5, 
and given that AES is a block size of 16, it seems the spec should require PKCS 
#7.

Thoughts?

Shaun Cooley
DISTINGUISHED ENGINEER.ENGINEERING
Collaboration Technology Group
[email protected]<mailto:[email protected]>
Phone: +1 408 902 3344
Mobile: +1 310 293 2087

[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]
Cisco.com<http://www.cisco.com/>


This email may contain confidential and privileged material for the sole use of 
the intended recipient. Any review, use, distribution or disclosure by others 
is strictly prohibited. If you are not the intended recipient (or authorized to 
receive for the recipient), please contact the sender by reply email and delete 
all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html




_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to