Re: [Cfrg] Adoption call for draft-barnes-cfrg-hpke
Marek Jankowski <mjankowski309@gmail.com> Thu, 02 May 2019 15:55 UTC
Return-Path: <mjankowski309@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C327120232 for <cfrg@ietfa.amsl.com>; Thu, 2 May 2019 08:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.408
X-Spam-Level:
X-Spam-Status: No, score=-0.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXzJK9qRJXIP for <cfrg@ietfa.amsl.com>; Thu, 2 May 2019 08:55:06 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68073120377 for <cfrg@irtf.org>; Thu, 2 May 2019 08:55:06 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id r10so2594827ioc.8 for <cfrg@irtf.org>; Thu, 02 May 2019 08:55:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9W0rcrS1lW5tEFjM9lzUXgZwrZRzfDmkn1J5vDveIWg=; b=bTwI+hASZmnkekX8r8h5n7Yk89QpAImoSesOX+8DoqAtTSSVz/bIqp81AC8Eoq1s6x 5xvMw7zNBG3yxFIlf4igqK02P9FSuAxqcC0okQYmJ0XSWG7qhDoN+Y0VEjynEJi0VY/D U0kb3PZMsco7IyM0COg+YqLU4xdGTf8ctr3gy12ijgaUHrJ9ZZl5fEu1YMZwZkkGYPaa qu6HbM4hqigSRLSur/mdjx7+SeKIkJUuxuUPgius4csX7h53aLElKvqX/8jlRWmPVWco BVFhkOfvwsDJMxCvd1c5j9z3RM09aGqXVntiYRF3/KPSSZoiWA+jxwwK7DIzcXY53j9o RKTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9W0rcrS1lW5tEFjM9lzUXgZwrZRzfDmkn1J5vDveIWg=; b=YwXZ33wPBvrkxjOXTIEAgQUEeGcDfDR4ReYiDRTGAOoWsDCi6fIZxU8MI3ahWe52MT Iau9z34POb9beVz9fzPKuTv5NzEGf3kjUIoRqLWYJgABm0Ebm6BEeRqfOZuDUyugTs8S ahU/K/M8EJ/fssJAzPseP1aedy37mhHJ/TBgzx1yUsvZ/Ff8t5L/85++uoHTY9XDX8nS 0/4auSHhbPSW03pS/wUIzRpIEAJ/5fbiA/eusFnHoHGsoLvcBvPZIPfH3bqT42Becpdv rkoo7uFU//AL8+GzMv7cY1vRT6TAmCmmYLHrARmtFnFz3oJfRupp9OOaAk3IQInoTklO MUVw==
X-Gm-Message-State: APjAAAVlAU9CE0Y34CGzFqqcDcCY4GCxlTsnSACQWFkX5QuWhdUlGnJH guUUbl1OqE667XqNzs0vslsCLaVVHhzKNBdBG4U=
X-Google-Smtp-Source: APXvYqwhWoKKgfthWnQi7j9uyB87TXe8cDwlBWGSRN9HvDl2dyAFolCYsVa1H0/AkjP6jks1ZkFCHjZoSm7tRVK/8WY=
X-Received: by 2002:a5e:9918:: with SMTP id t24mr3197084ioj.258.1556812505750; Thu, 02 May 2019 08:55:05 -0700 (PDT)
MIME-Version: 1.0
References: <C7DA46E8-EBE9-4F4F-A621-23A089C59598@inf.ethz.ch> <3228B212-1006-4FAD-9514-D9914806638B@cisco.com>
In-Reply-To: <3228B212-1006-4FAD-9514-D9914806638B@cisco.com>
From: Marek Jankowski <mjankowski309@gmail.com>
Date: Tue, 30 Apr 2019 19:44:15 +0200
Message-ID: <CAMCcN7Qxbcy-cqA8mFwK_eatOEzNm2M03u4Q_J4nPW-igr0nWQ@mail.gmail.com>
To: mcgrew <mcgrew@cisco.com>
Cc: Paterson Kenneth <kenny.paterson@inf.ethz.ch>, "Richard Barnes (richbarn)" <richbarn@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000006326e40587e9a882"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/RHW0abICKQEC3epSbVUADpp3Ab4>
Subject: Re: [Cfrg] Adoption call for draft-barnes-cfrg-hpke
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 15:55:08 -0000
I also support the adoption of this draft. Marek. On Tue, Apr 30, 2019 at 5:28 PM mcgrew <mcgrew@cisco.com> wrote: > Hi Kenny and Richard, > > I support the adoption of draft-barnes-cfrg-hpke, and I have some comments > below. > > I like the goal of an RFC that provides a self-contained normative > description of "hybrid public key encryption." > > It should be an explicit goal that an implementation can conform to this > RFC and also conform to [keyagreement], for the NIST approved algorithms, > because NIST validation is important in the industry. I suggest adding a > subsection somewhere that details how this conformance is possible. > Please note that I’m not asking that every possible option/ciphersuite in > this document be in the NIST-approved category; rather, I’m asking that for > the NIST-approved algorithms, the details such as key generation, domain > parameters, and symmetric key derivation don’t have any incompatibilities. > > I suggest changing the name from hybrid public key encryption to something > from the existing literature. According to Boyd and Mathuria, for > instance, this is a key transport scheme, and the term “hybrid” has a > different meaning. Something like "Key Transport for AEAD Using Discrete > Log Cryptography” seems accurate, since this draft only covers DL, there is > no need to have a name that would be generic to RSA and McEliece. > “Asymmetric Key Transport for AEAD” would be appropriate if there is a > need to be more generic. > > The phrase "Hybrid public-key encryption (HPKE) is a substantially more > efficient solution than traditional public key encryption techniques such > as those based on RSA or ElGamal” is confusing, because combined > asymmetric/symmetric crypto systems have been the preferred solution since > Kohnfelder’s 1978 thesis. Someone without domain expertise might > mistakenly think that this draft is claiming to be an improvement over > current public key algorithms. I suggest motivating this draft with > something like “While there are well accepted standards for public key > encryption [RFC7748][keyagreement], in several scenarios these techniques > must be combined with symmetric authenticated encryption." > > There should be some discussion about replay attacks and their > prevention. > > If there is not a strong mechanism protecting against replays, would it > make sense to use an AEAD that is robust against nonce misuse, like > GCM-SIV? > > "A given context SHOULD be used either only for encryption or only for > decryption.” Why not a MUST? > > It seems that there is no citation given for P-256 and P-521. > > A nit: KEM is used before it is defined. > > thanks > > David > > > > On Apr 26, 2019, at 4:09 AM, Paterson Kenneth < > kenny.paterson@inf.ethz.ch> wrote: > > > > Dear CFRG, > > > > (This is the first of two adoption calls today.) > > > > This email starts a 2-week adoption call for: > > > > https://tools.ietf.org/html/draft-barnes-cfrg-hpke-01 > > > > Hybrid Public Key Encryption > > > > Please give your views on whether this document should be adopted as a > CFRG draft, and if so, whether you'd be willing to help work on it/review > it. > > > > Thanks, > > > > Kenny (for the chairs) > > > > > > _______________________________________________ > > Cfrg mailing list > > Cfrg@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Adoption call for draft-barnes-cfrg-hpke Paterson Kenneth
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Stanislav V. Smyshlyaev
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Stephen Farrell
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Richard Barnes
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Benjamin Beurdouche
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Scott Arciszewski
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Dan Brown
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Mehmet Adalier
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Russ Housley
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… denis bider
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… John Mattsson
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Christopher Wood
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Richard Barnes
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Richard Barnes
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Paul Lambert
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… mcgrew
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Marek Jankowski
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Jim Schaad
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Hugo Krawczyk
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Dan Brown
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Hugo Krawczyk
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Natanael
- Re: [Cfrg] Adoption call for draft-barnes-cfrg-hp… Alexey Melnikov