IETF Logo Mail Archive

Re: [CFRG] DAE for HPKE, was Re: I-D Action: draft-irtf-cfrg-dnhpke-02.txt

Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 02 October 2023 13:40 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB5FC159A1D for <cfrg@ietfa.amsl.com>; Mon, 2 Oct 2023 06:40:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEGuFiQzci7J for <cfrg@ietfa.amsl.com>; Mon, 2 Oct 2023 06:40:34 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03D7C159823 for <cfrg@irtf.org>; Mon, 2 Oct 2023 06:40:33 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 392AZ9gm015498; Mon, 2 Oct 2023 08:40:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=6vubHnkZV2Xdeme97u/hAoai G13G5QveM1DWjoCPnis=; b=Jr42nkss9BE6GT1TUe7jCHF0d4rc7ThPPI8HfzmI RexTpB59JnQkFvsMxSfV0LRLnYwyxeIi+x1Mu2sIVOBrtHCGNWlw1nCTWVAEvtyV kNZtx29P1tO3UW2M5xBld0AO8SsH2wEFKsWByICPqflD5RHP0JxBLb0C8KiX/57u baZb+KU1CQ6ixmIDB9V/M+D+JEbIfA5JnpnKAKVYCCr46lLMS0F+OvziiPGNdujq pfRxWA5zir58HsY6TSiQN1zAVQYJKWDph00Dw239uyop5W+SLmQep9Ur/gc/nymd aMMmKJtXbYPQBary7Kd9btCC0MK9A5VkFE9JC71SK3N05A==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2106.outbound.protection.outlook.com [104.47.58.106]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3teenmp7yj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 02 Oct 2023 08:40:29 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U03j4dftt5OwKrAMnEponnS4kOwOhUt/ui38NS8nHbsBNFUbOiP0Zu3DRlY9pCXYoUgn7Q/DP+ncw01DWuTUxB1PqnJvV10foP4alEyf9DD3BVTn4pn0jMNIkPadpDnZ+aSpM2jtQtPt1tVL6eu7YYVnIDU0c02g30OlTXn0FNXNY7fR/8qz1EC9xPElbkjPKSCSFd1CGWV3sojgSh7LBoecCoYQR2T3WikRpZHHIbAWWPJL8wpmCRzQ3iI4RpkftEF5OJPSUeUoRduzMAx0yIZGM6egSzU/zHnlZzgqnZvHzBHW4WYfYcpbblRGOg8+ylY48nfwgGu9yShxic2i1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cGfhccwD2uTJR/+W/kB6D25PmdrC7L2dY/PMRaSw8uk=; b=HHZBdqg1eGfoZphc7ricCNX6ATbq7wRp/cG2ig1ZiMbw8PYr3cx8Zuz2tVnEirQNt28h2VJXTFMGjywRO3SSfiAm36vW5PSVAeC3HCZ5+M6HZir4++u9AmyyplfMomPppG0TCgki+7uvXYFYRZsMYO3da11ED5mADercPneITkuptJ/GnGvxSP1rQuSKiIyuc8G1qiy+pGLxx2Oqp2JD+0x5XRB5vrrSwdRNdQdqCAvTYXRvoMa9gn+rE2jQ41XEjE225Jn3sLKzfMjfZaF9NzXi1Y9GD52bKAGfaALFcue1NaZh8ePh3VFEYRMfBdA4zLDJFJ8b0isMXiEHY8WFzg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CH3PR11MB8211.namprd11.prod.outlook.com (2603:10b6:610:15f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.26; Mon, 2 Oct 2023 13:40:24 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e8e2:1fd5:85f8:899b]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e8e2:1fd5:85f8:899b%2]) with mapi id 15.20.6838.029; Mon, 2 Oct 2023 13:40:24 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Richard Barnes <rlb@ipv.sx>, Eric Rescorla <ekr@rtfm.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] DAE for HPKE, was Re: I-D Action: draft-irtf-cfrg-dnhpke-02.txt
Thread-Index: AQHZ9TSVr4MNiqAe9UGDl39xLCl4zbA2f9IQ
Date: Mon, 02 Oct 2023 13:40:24 +0000
Message-ID: <CH0PR11MB5739C38E222CE46C63D56CC69FC5A@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <169592647633.22478.7564567661859429538@ietfa.amsl.com> <105f3992-d271-d3fd-e3eb-23751f763e15@lounge.org> <CABcZeBNG9TTMK7AP8+ecWjzD+k5w6YBOdM0QuePMdc+PD5QXog@mail.gmail.com> <09ef9418-0c6c-3771-a82a-900c8143afc4@lounge.org> <CABcZeBP1+4Tof9K0Zf7mjmHAhqHAs2nqoNSiHhPS9scZJ-E8Hw@mail.gmail.com> <CAL02cgRUTNMf6vt1ppwQbO=UqXMY3ujfgsws8J7NnxfU-ZT8TQ@mail.gmail.com> <C1948A98-B3E4-42EE-BDDC-31BCFD0656FA@akamai.com>
In-Reply-To: <C1948A98-B3E4-42EE-BDDC-31BCFD0656FA@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CH3PR11MB8211:EE_
x-ms-office365-filtering-correlation-id: d3132d11-0665-49b7-5939-08dbc34d2170
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T6R1rtPibVk7lNZ1dvALWd9Hl2A1YrbEQvW3YBtGrzrmpO+hGEzWaYELX42ciGDbWQR8wAb5GAn13L4xq44ihpp1r+Tc5IcjMvtBIclhZ231jHTH72PogcF3AbKZs1al8ivO+9H2bcCBKAZg+FBjDv/F7SFUT7/ZQgnqxJUDfYVqwghRJ/9kJCKeC7u8859gNOhSdbN9Q+uQA9+GnJYrz/hFqdA47l/0+BfCNUge9bK4+wdUZCVMoiEGSfs9KZ4NzgAgMWgHWzAM61GrF1rIZUdP5QBXMe1e1ATUNiyHjN3UqOgjz354R39r4herW5BN7IegCuG5UYsFVc9z48VlHCauiktET2pRky9wx7P503ma0UYXGnD8mMVr1bNwKHtu283qhTu/iHLcb0BxAIXFNVA4bPGHOLcn/5xXQJr6Oi0b+6ptXAyQXPXxKpJt6S971z+fVHR6kRLkaFOIyLiwWbIQDJEr9thufmzSdd/570Pba2TrM0jDNV9j5hlzwPZifQRFdqSnQqsihea4sMhr8B0goSp1i94AnqauZUVoUEWt6qFv5TQqfoxDzWWPI0umhyHHlFIKNwN/P8NtEZH3lqC9/uIg8QZSNUj+6UDXuQlNDYlfOcAiDGdpiYMuRn/A
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39850400004)(396003)(376002)(346002)(366004)(136003)(230922051799003)(1800799009)(186009)(451199024)(64100799003)(26005)(9686003)(86362001)(53546011)(38100700002)(6506007)(38070700005)(110136005)(76116006)(71200400001)(33656002)(66556008)(478600001)(64756008)(122000001)(5660300002)(66476007)(83380400001)(52536014)(41300700001)(316002)(66446008)(4326008)(55016003)(66946007)(2906002)(8936002)(8676002)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: I3JySfxZPcbzaxHKr5JAwgXYKGPnytyfaI4+X0JYW1vuWbwCa6fiXRVOcz+CyqfJSbjvI/3H6gcmLV3UA+tBieNJvqjOobgmecA75nE3Nt9bgDeSqH6B9r+lhOdGIZCA/RUhPpIhhWOrjRhEs+eOsQuvZnwqDGiHMc3fE17IZM8WDOPgiON5kr3CinTO/3sDNi0sEUHYIN5ZNwO6DpxYpe5Rm/3MbEPNQMQ0xYhGqYRpclkXoqopL3uLeTrw9Ut+PMqx7QucnkVCRFkhUcwO1RgONPCWSMJJrLtVz1zAuQ4eoVPvTF/KBJy9eNxuohpG65NwSDNRmaOWZjR/Lctq5NAV2cyGMjcyvO/7nFTuHjUOBDJtytrv/SlRb+dm07z/AIriLGb3WP1qwfNxmC92quViM81//U2wwxBmP03c5pOyeee30XR7cmOb4J/mCvjHl8vZkuMBenqUU0fKB9+fj7Lmfs+tDYu/SsP6JdlH7S6ukJyheoskfKn0KiQRK+w60ZzCUhczFIrdlHAcytBdXa8w0RcMMdostWDiYQdbv+UyvZdBFLX4ubvdiZ6UzWIBDFu44zCwm/Rd/HI4KlzGA7b225HMEVOIN7iLGizdNF+CSGW87kbtFPqPCdbhd/VrqcKzgeBAuT6a9v5V56FoR13yM160euF/oc2WqnR1HlraCzOv2AdLE25nr4yk18RcmHllNqdmG+D7fAqXwPcebLpQASAkOaydqfqrWS/LuvPEZAi2u4WpZZDUFcpHjkp2/8a12BA0yiuA/hDtQJPCoz6h282QYu5q8VvGDoqOnw1lZNOR+F15hd/RRtEXLUM/dvaVaLoHZ163wpoWN+P9S6CW0a/awaJCy1en1sgR8B52w96NfPS/ZKDd1i/EQKNbvFRcgmNTKdBDV0ubWpmimm9fYOZvDPHs+W7G4pNE01gjatpABqwYQ47V9nCWIyHOCum+dADHBwXIHun/1HdO0g0M/VjQ1nSJVR0tHPyPcaq7g65P9oiS9f+YRXe2QWnlFsOtmX5gYbMIANpVHmiIbunJU5PDBxjU5gWxPaKq7ckNOp9J/HHOFu+Dq9lSJ4OWsCoT0lX6qL1wqUxjXegRkiAL6KBeBIJNqE5Y/oj/KRnBKA6Y/3qZ6NTw9S1Y3zBh0jw0kf+B8LL3aPGLqSJNftY87ILdyHb3nc3paKexAHYqGmHO34ElOTZMURjP58hfvrlOvykMS+KoeiUVC3yz0PwDqzNH6Gy1h5QQQ96/ZCDCr8JEg1w0iZkTdqsbDVWjl92adZG8u3sR0My/s/2Ufhl2TXaLalPrw/7d2qF54JVs3oVjcEN6jVacZP1LzGoVimZCAimfDib66iYcOLHtXeEB+ae/cARBGzzgntnTyQWNkfqfsFmb0i+jeZ1foz+no57wltJ/7+38gD26rH8zmjUuh1A74xS1kU7Qcy82phzgi/9ENJ+NzAkQp/MyzAs+bs5HNdlAX2GEe7mZfR+lFD5dDFfI1sYwwEUmDKkMgKB6mT+XCDpnv5/oQSgFeJIVDkAT26o3xEBlpm8TWLpDXw+PfwDox9HCuT0wsoqJR6PeR4Pw8hz30ZnxGpISS1qT9pccvD1JoN2zc/uGMgridA==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739C38E222CE46C63D56CC69FC5ACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d3132d11-0665-49b7-5939-08dbc34d2170
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2023 13:40:24.3400 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m9o2S9pEuqH8QlfpDRTJx5UNQQdsnAIm+3SZlPPusAVji3bLelPIbWIY8hnCxhmoJFru5K19NZEPtnkpt3xLDteDcZEB7F6m2AJtzWKtVwU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8211
X-Proofpoint-GUID: ndeF2aEneTvaWAiNSES2Neg4xGdBvdV1
X-Proofpoint-ORIG-GUID: ndeF2aEneTvaWAiNSES2Neg4xGdBvdV1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-02_07,2023-10-02_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 bulkscore=0 mlxlogscore=644 spamscore=0 suspectscore=0 clxscore=1011 lowpriorityscore=0 malwarescore=0 phishscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2310020102
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AHMyAviVLvtpTIk6IAPKOAgoyoU>
Subject: Re: [CFRG] DAE for HPKE, was Re: I-D Action: draft-irtf-cfrg-dnhpke-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2023 13:40:38 -0000

> The TLS registries have learned that we need to have a notes column, and a recommended-or-not column. Perhaps an update that adds a Note column and the draft could cay “not IND-CCA2”. In fact, the IANA action to add that column could be part of this draft.

I’m with Richard that the label “Not IND-CCA2” includes both otherwise perfectly acceptable DAE ciphers, and also ROT13, and so is not a helpful label in terms of guiding non-cryptographer sysadmins and policymakers.


If we think that the deterministic nonce-less AEADs in draft-irtf-cfrg-dnhpke are ok-ish, then we need a better label than “Not IND-CCA2”.

---
Mike Ounsworth

From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Salz, Rich
Sent: Monday, October 2, 2023 8:30 AM
To: Richard Barnes <rlb@ipv.sx>; Eric Rescorla <ekr@rtfm.com>
Cc: cfrg@irtf.org
Subject: [EXTERNAL] Re: [CFRG] DAE for HPKE, was Re: I-D Action: draft-irtf-cfrg-dnhpke-02.txt

My interpretation of the question here is: - HPKE has been proven IND-CCA2 secure if the KEM and AEAD are IND-CCA2 secure - RFC 9180 makes no claims about the security of the construction if the AEAD is *not* IND-CCA2 secure - The request here

My interpretation of the question here is:
- HPKE has been proven IND-CCA2 secure if the KEM and AEAD are IND-CCA2 secure
- RFC 9180 makes no claims about the security of the construction if the AEAD is *not* IND-CCA2 secure
- The request here is to register an AEAD algorithm that is affirmatively *not* IND-CCA2 secure (can't be, not even claimed to be)

If this is an accurate summary, then I don’t see a reason for the experts to reject the algorithm.

So the question for the RG is -- Are folks OK with values being registered that do not meet the security requirements in the RFC?

Well, the RFC doesn’t have that requirement.  It says “if X then Y” not “only X is valid.” But I gave it a quick read, so if I’m wrong please point to the section where it says IND-CCA2 is required.

The TLS registries have learned that we need to have a notes column, and a recommended-or-not column. Perhaps an update that adds a Note column and the draft could cay “not IND-CCA2”. In fact, the IANA action to add that column could be part of this draft.


Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email