<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aah – the problem with “dir” is that it talks about “</span>the appropriate bit length for the AES key wrapping algorithm used<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">”,
correct? This could be fixed by saying “</span>the appropriate bit length for the AES key wrapping algorithm
<span style="background:yellow;mso-highlight:yellow">or direct encryption algorithm</span> used<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">There is a problem for keys over 256 bits. The simple fix is to replace the “greater than 256 bits sentence” with something like:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in">If a key between 257 and 384 bits is needed, SHA-384 is used instead of SHA-256. If a key between 385 and 512 bits is needed, SHA-512 is used instead of SHA-256. If a key wrapping key with greater than 512 bits
is needed, a different method of deriving the key from the <tt><span style="font-size:10.0pt">client_secret</span></tt> would have to be defined by an extension.<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Are people good with this addition? It doesn’t break anything, and it allows the use of more algorithms, which we may be glad we enabled at some point in the
future.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net]
<b>On Behalf Of </b>Brian Campbell<br>
<b>Sent:</b> Wednesday, December 18, 2013 3:29 PM<br>
<b>To:</b> <openid-specs-ab@lists.openid.net><br>
<b>Subject:</b> [Openid-specs-ab] Core: is "dir" an allowed alg for Symmetric Encryption?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Is "dir" an allowed alg for Symmetric Encryption? The text below from Core 10.2 kind of suggests it isn't. And doesn't provide a means of getting an appropriately sized key for dir with A192CBC-HS384 or A256CBC-HS512. I don't think this
limitation was intended so wanted to raise the question.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Symmetric Encryption<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">The symmetric encryption key is derived from the
<tt><span style="font-size:10.0pt">client_secret</span></tt> value by using a left truncated SHA-256 hash of the octets of the UTF-8 representation of the
<tt><span style="font-size:10.0pt">client_secret</span></tt>. The SHA-256 value MUST be left truncated to the appropriate bit length for the AES key wrapping algorithm used, for instance, to 128 bits for
<tt><span style="font-size:10.0pt">A128KW</span></tt>. If a key wrapping key with greater than 256 bits is needed, a different method of deriving the key from the
<tt><span style="font-size:10.0pt">client_secret</span></tt> would have to be defined by an extension. Symmetric encryption MUST NOT be used by public (non-confidential) Clients because of their inability to keep secrets.
<o:p></o:p></p>
</div>
</div>
</body>
</html>