Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-02.txt

Richard Barnes <rlb@ipv.sx> Wed, 27 November 2019 20:03 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC4B1209F0 for <cfrg@ietfa.amsl.com>; Wed, 27 Nov 2019 12:03:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUfCY5hhCQJc for <cfrg@ietfa.amsl.com>; Wed, 27 Nov 2019 12:03:04 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A6AF12099E for <cfrg@irtf.org>; Wed, 27 Nov 2019 12:03:04 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id d7so3301586otq.3 for <cfrg@irtf.org>; Wed, 27 Nov 2019 12:03:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wo3nOFUTCThWDnEg42ratZGpl2bINjneyn8VbjYOiLc=; b=GaeXppm9oE/EbBO/sI6Ts7a7cIS3wknbNTGKiAeH/DyIUJYNrCBEZ4pPj8FP7/Yxq1 twml9DTklhTqcVxdaWmrGwWnwQzKhQwMvP3azvomTnYR7DLfM0qw3ni0xv9X4KEdZBPt xRKIDFoenP6AlSEU0xxUoK4SvzEiaHNW4NvCNx5fEdusZ2uSKr4jsKNQbbviTTWU06k7 m8yh0J4I5+Q4E8qzkO9SCNSjVV6Q6bnZMSg8LimuPonNGDoWeP47W1h4rIanw5hg9oot FPq1JctfMvaNic+P21S/+Ra6+3lUCWZYBKCAh16LBX5BRVvdynRFo73TW6C5BfseYguO NiQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wo3nOFUTCThWDnEg42ratZGpl2bINjneyn8VbjYOiLc=; b=SZ1Ono5ApGmF8KlJApx6rLTwfN/AKXsvks9imyI7KTbh7r0UhWd2JJdwizhNSf2qR9 4262mtI94rsBFzVnAd9SR/dpz9lAqyHdYiAq7PIAFa3F6chlQw7QVD9w1wk56SKr7u11 tgJIjtOD+dyFJg2Su7se3HkwWan1w/zowBEZrJpzGxJnCHT9boX3WnTVeeQuXfqxTdLp d8MQxX40eKDpZSZPp+UeX+2Ggpx4ruqHHAriv2JPQALCT6gVOjhriKYqtdgkulWSIIB2 DBwJo2EvrYJ++/CAfAs52X2K9xAqL6LSRDd/SkaZUF6LipJ933NSgvD9wJn/iddHL7BZ gG8Q==
X-Gm-Message-State: APjAAAWYBYxmVCNu7Sn8sEGKgL9MkHRaiYjWQC97nhKYeF+LC9y/qhkY hUH1PVnK+2DmnjyYfV5vG5ctlnfHREcwmzl7XDhTMVP3zQo=
X-Google-Smtp-Source: APXvYqy5T7vLwETefYVb2MFD0a5gc9lyEhsgii9vhuoDP9XbS9ZRtmRKzWI+O0PpZF4/f8r4dR3N9+tnqwflxzRLVHY=
X-Received: by 2002:a05:6830:2335:: with SMTP id q21mr4818369otg.237.1574884981997; Wed, 27 Nov 2019 12:03:01 -0800 (PST)
MIME-Version: 1.0
References: <PU1PR01MB194785846F2111C524EC27D9A84C0@PU1PR01MB1947.apcprd01.prod.exchangelabs.com>
In-Reply-To: <PU1PR01MB194785846F2111C524EC27D9A84C0@PU1PR01MB1947.apcprd01.prod.exchangelabs.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 27 Nov 2019 15:02:44 -0500
Message-ID: <CAL02cgRZwDX+Oo_sQ4T8QcuR+7LH=aw-4h43KjCgmfABQ5DJmQ@mail.gmail.com>
To: Nasrul Zikri <nasrulzikri@outlook.com>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000ea124c0598597ba5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Q35QkzGQn6BJaGA3tcHL26uoojA>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-hpke-02.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 20:03:14 -0000

Hi Nasrul,

Thanks for taking a look at this draft.  Personally, I am disinclined to
define FFDH schemes, unless there are other folks in the RG who think they
would be useful.  That said, the registry policy on group IDs is
Specification Required, so you can get code points if you have a
specification; it doesn't have to be in this doc.  AFAIK, there should be
no technical barrier to doing FFDH.

As far as custom parameters, I think the only reasonable way to accommodate
them here would be to reserve some space in the registry for private,
vendor-specific use.  But this seems like an even worse idea than FFDH, so
again, I'm inclined to do nothing here.

If other folks are interested in these cases, please speak up.

--Richard


On Wed, Nov 20, 2019 at 1:32 AM Nasrul Zikri <nasrulzikri@outlook.com>
wrote:

> On your draft of Hybrid Public Key Encryption.
>
> The draft appears to be for any DH KEM, but I note, however that the
> examples and test vectors it gives are only for the elliptic curves
> P-256, Curve25519, P-521, Curve448.
>
> Would it be possible to define the algorithm identifiers and test
> vectors for some FFDH groups as well as the elliptic curve? Or is there
> some important reason why only ECDH methods are suitable?
>
> If FFDH groups are indeed correct for use in the draft, it would appear
> that the table in section 8.1 could be extended to allocate identifiers
> for at least the parameter ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,
> ffdhe8192 as stated in RFC 7919, and perhaps the MODP groups as stated
> in RFC 3526 and RFC 5114.
>
> I would also like there to be a way of specifying the use of a custom
> finite field for when the use of a defined elliptic curve or finite
> field is not enough. I realise that stating a method for transporting
> the parameters {p,q,g} is outside the scope of this draft, but could a
> value for custom groups or private use be stated in this table also?
>
> Tk,
> Nasrul
>
>
>
> > Hey all,
> >
> > Happy IETF 106 deadline day!
> >
> > The authors feel that this version of HPKE is substantially complete.
> All
> > of the functional parts are there, as well as test vectors to facilitate
> > interop.  And I think we've got some formal proofs on the way.  Please
> take
> > a look and speak up if you see any gaps.
> >
> > Thanks,
> > --Richard
> >
> > On Mon, Nov 4, 2019 at 3:47 PM <internet-drafts@ietf.org>rg>; wrote:
> >
> > >
> > > A New Internet-Draft is available from the on-line Internet-Drafts
> > > directories.
> > > This draft is a work item of the Crypto Forum RG of the IRTF.
> > >
> > >         Title           : Hybrid Public Key Encryption
> > >         Authors         : Richard L. Barnes
> > >                           Karthik Bhargavan
> > >         Filename        : draft-irtf-cfrg-hpke-02.txt
> > >         Pages           : 45
> > >         Date            : 2019-11-04
> > >
> > > Abstract:
> > >    This document describes a scheme for hybrid public-key encryption
> > >    (HPKE).  This scheme provides authenticated public key encryption of
> > >    arbitrary-sized plaintexts for a recipient public key.  HPKE works
> > >    for any combination of an asymmetric key encapsulation mechanism
> > >    (KEM), key derivation function (KDF), and authenticated encryption
> > >    with additional data (AEAD) encryption function..  We provide
> > >    instantiations of the scheme using widely-used and efficient
> > >    primitives.
> > >
> > >
> > > The IETF datatracker status page for this draft is:
> > > https://datatracker.ietf.org/doc/draft-irtf-cfrg-hpke/
> > >
> > > There are also htmlized versions available at:
> > > https://tools.ietf.org/html/draft-irtf-cfrg-hpke-02
> > > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke-02
> > >
> > > A diff from the previous version is available at:
> > > https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-hpke-02
> > >
> > >
> > > Please note that it may take a couple of minutes from the time of
> > > submission
> > > until the htmlized version and diff are available at tools.ietf.org.
> > >
> > > Internet-Drafts are also available by anonymous FTP at:
> > > ftp://ftp.ietf.org/internet-drafts/
> > >
> > > _______________________________________________
> > > Cfrg mailing list
> > > Cfrg@irtf.org
> > > https://www.irtf.org/mailman/listinfo/cfrg
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>