IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-02.txt

Nasrul Zikri <nasrulzikri@outlook.com> Wed, 20 November 2019 06:32 UTC

Return-Path: <nasrulzikri@outlook.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C1E120810 for <cfrg@ietfa.amsl.com>; Tue, 19 Nov 2019 22:32:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1JibCxGcLhB for <cfrg@ietfa.amsl.com>; Tue, 19 Nov 2019 22:32:29 -0800 (PST)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-oln040092254088.outbound.protection.outlook.com [40.92.254.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92BF6120B04 for <cfrg@irtf.org>; Tue, 19 Nov 2019 22:32:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IXKUlkr16qloZ6iWrc3VoiCPg0BuC1yfpzu/QNX5VMiep0XcgAHEGTKVKUIvKVDA12RH8izIeszpOG1D7v9JzG8XGmUSo7WfUuOSvlWuFcd+qkCjhiJCMdR5HadMVubMGbKN4f2jEmTqnga1iHgh0m4PYJ4gLGCNBXoMR9Q9dCcoLf77JulAlca+jq1df758BK3fU82AkU2fmzPP3Bt54n2Cv6kq1fHXFSGH+ZLEemhCeIUKcof4EJFGDL6LRmBCJMnlvUtEM8AlayYaRr5lAyIs89ZGtPV4YZxPCzKuZf/9x3ZBkQRVlzrtrGxQreWQ9ypTMocYhZOi/8FgtmGlRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/bFYS+20WaO/O+PraedYCf3R7eXgkRVKcvuwj6dVdfA=; b=YcVVWMBG52AqkZpNb9i+MN06SsSWZZLGsIzrX1rKq1smPmSoS3QdHTTDD7gY+RyNHdDW5AHVTCFjWCKMuOuOCh1bEWM+X9728pcY6ubqRO1N7Mixjo8oYKEKAhW5eCCMJ+51+vMx57s2IQC1KoEvda97CW8TtUd0Xl5R4C3crd/TSqRE8cVau5y0Kx28oLuOCsjTC6TiIr/AEj1q974QGsxkVFXaspDZN7JMlAJrSQtr0srPz0Uz3C0nqTifVG/Tc0ZIzVc6TCGX0YJHgAT+Df45K2S/dZ5WRS0JJrf8qw4yc1K8XZFCdI2Xsyog+KO+UgDuAYOPuMjYoO2SrqCRww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/bFYS+20WaO/O+PraedYCf3R7eXgkRVKcvuwj6dVdfA=; b=ciL3k3bJGNrXrHiSClJd4xaOjJ/FvxXU87tTCiz5ctcaLyjAjN9DW/DCORK6ySqf3rUZsEu57P4w0yeDC86ZSDk3iTVEIk2nX1/sXsjxn0MxzhlqZNL8/jWLqCcqPUNvoKV+E0FRJzlJ1XvRghUrD8P/YqALIfeGNaD3fNBPHMibOjx3kDzfi7M3UnAwSMcr9OyTeBYlcodDnmWR1Ymuz5+kyU9xVXrdq7R9b/tVxfyQm3amZL84yn1kmhS+1vcDT5qYQ3Bgi+VvF4Bgqsq12ZJjk2andqW4QByNxo9OnskroAa8TYWf6uzcoFc91PeWlKbXBLnd9ktsDOEoYnpaKQ==
Received: from PU1APC01FT022.eop-APC01.prod.protection.outlook.com (10.152.252.58) by PU1APC01HT010.eop-APC01.prod.protection.outlook.com (10.152.252.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Wed, 20 Nov 2019 06:32:24 +0000
Received: from PU1PR01MB1947.apcprd01.prod.exchangelabs.com (10.152.252.52) by PU1APC01FT022.mail.protection.outlook.com (10.152.253.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Wed, 20 Nov 2019 06:32:24 +0000
Received: from PU1PR01MB1947.apcprd01.prod.exchangelabs.com ([fe80::3076:a7ea:eac2:8b10]) by PU1PR01MB1947.apcprd01.prod.exchangelabs.com ([fe80::3076:a7ea:eac2:8b10%5]) with mapi id 15.20.2451.029; Wed, 20 Nov 2019 06:32:24 +0000
From: Nasrul Zikri <nasrulzikri@outlook.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-02.txt
Thread-Index: AQHVnwlQ535jm3a+BEOkPAVUTE70gg==
Date: Wed, 20 Nov 2019 06:32:24 +0000
Message-ID: <PU1PR01MB194785846F2111C524EC27D9A84C0@PU1PR01MB1947.apcprd01.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:7F1C7D1D3CF29D82C81236C75BA1A8A2D703C927570A5ADB72E2E01F10DFD8C8; UpperCasedChecksum:B1380097D4D0B3DC06FA0673A98C007B26ACA08FA6D044C0CC2A28113B55464B; SizeAsReceived:6719; Count:42
x-tmn: [ATQbmD9CUhOZD3v8HnRuvoeEhwsaVJ1w]
x-ms-publictraffictype: Email
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 6113d75a-2289-4c1d-044b-08d76d8367f1
x-ms-traffictypediagnostic: PU1APC01HT010:
x-ms-exchange-purlcount: 5
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uQqyn4HhUSZHGnOQdV5V06wHbehtMLI7oLeCbLl6Fl9lhkxHka1W8j16xZj++Jep/lf0+g6AHlIeuHnFNg0+xgds3AK/BY1H5uBdG5WWpKPuirKEzwMFvo1+wxFoRuBkYo8N+2QQlNaYRvpr9zhVkO1JTRrfLFgINpzPgqBMdijZIyr57GbOsjInEsECZKvzRdcBPmBV1a4h/Zn6sdaXvj4YptRDUDj2bvKICcuNWPI=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_PU1PR01MB194785846F2111C524EC27D9A84C0PU1PR01MB1947apcp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 6113d75a-2289-4c1d-044b-08d76d8367f1
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2019 06:32:24.7746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT010
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/MfEbnIrVjSfIdjr3g1IQJOz43gA>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 06:32:32 -0000

On your draft of Hybrid Public Key Encryption.

The draft appears to be for any DH KEM, but I note, however that the
examples and test vectors it gives are only for the elliptic curves
P-256, Curve25519, P-521, Curve448.

Would it be possible to define the algorithm identifiers and test
vectors for some FFDH groups as well as the elliptic curve? Or is there
some important reason why only ECDH methods are suitable?

If FFDH groups are indeed correct for use in the draft, it would appear
that the table in section 8.1 could be extended to allocate identifiers
for at least the parameter ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,
ffdhe8192 as stated in RFC 7919, and perhaps the MODP groups as stated
in RFC 3526 and RFC 5114.

I would also like there to be a way of specifying the use of a custom
finite field for when the use of a defined elliptic curve or finite
field is not enough. I realise that stating a method for transporting
the parameters {p,q,g} is outside the scope of this draft, but could a
value for custom groups or private use be stated in this table also?

Tk,
Nasrul



> Hey all,
>
> Happy IETF 106 deadline day!
>
> The authors feel that this version of HPKE is substantially complete.  All
> of the functional parts are there, as well as test vectors to facilitate
> interop.  And I think we've got some formal proofs on the way.  Please take
> a look and speak up if you see any gaps.
>
> Thanks,
> --Richard
>
> On Mon, Nov 4, 2019 at 3:47 PM <internet-drafts@ietf.org>; wrote:
>
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> > This draft is a work item of the Crypto Forum RG of the IRTF.
> >
> >         Title           : Hybrid Public Key Encryption
> >         Authors         : Richard L. Barnes
> >                           Karthik Bhargavan
> >         Filename        : draft-irtf-cfrg-hpke-02.txt
> >         Pages           : 45
> >         Date            : 2019-11-04
> >
> > Abstract:
> >    This document describes a scheme for hybrid public-key encryption
> >    (HPKE).  This scheme provides authenticated public key encryption of
> >    arbitrary-sized plaintexts for a recipient public key.  HPKE works
> >    for any combination of an asymmetric key encapsulation mechanism
> >    (KEM), key derivation function (KDF), and authenticated encryption
> >    with additional data (AEAD) encryption function.  We provide
> >    instantiations of the scheme using widely-used and efficient
> >    primitives.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-irtf-cfrg-hpke/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-irtf-cfrg-hpke-02
> > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke-02
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-hpke-02
> >
> >
> > Please note that it may take a couple of minutes from the time of
> > submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email