IETF Logo Mail Archive

Re: [Cfrg] Adoption call for draft-barnes-cfrg-hpke

Marek Jankowski <mjankowski309@gmail.com> Thu, 02 May 2019 15:55 UTC

Return-Path: <mjankowski309@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C327120232 for <cfrg@ietfa.amsl.com>; Thu, 2 May 2019 08:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.408
X-Spam-Level:
X-Spam-Status: No, score=-0.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXzJK9qRJXIP for <cfrg@ietfa.amsl.com>; Thu, 2 May 2019 08:55:06 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68073120377 for <cfrg@irtf.org>; Thu, 2 May 2019 08:55:06 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id r10so2594827ioc.8 for <cfrg@irtf.org>; Thu, 02 May 2019 08:55:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9W0rcrS1lW5tEFjM9lzUXgZwrZRzfDmkn1J5vDveIWg=; b=bTwI+hASZmnkekX8r8h5n7Yk89QpAImoSesOX+8DoqAtTSSVz/bIqp81AC8Eoq1s6x 5xvMw7zNBG3yxFIlf4igqK02P9FSuAxqcC0okQYmJ0XSWG7qhDoN+Y0VEjynEJi0VY/D U0kb3PZMsco7IyM0COg+YqLU4xdGTf8ctr3gy12ijgaUHrJ9ZZl5fEu1YMZwZkkGYPaa qu6HbM4hqigSRLSur/mdjx7+SeKIkJUuxuUPgius4csX7h53aLElKvqX/8jlRWmPVWco BVFhkOfvwsDJMxCvd1c5j9z3RM09aGqXVntiYRF3/KPSSZoiWA+jxwwK7DIzcXY53j9o RKTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9W0rcrS1lW5tEFjM9lzUXgZwrZRzfDmkn1J5vDveIWg=; b=YwXZ33wPBvrkxjOXTIEAgQUEeGcDfDR4ReYiDRTGAOoWsDCi6fIZxU8MI3ahWe52MT Iau9z34POb9beVz9fzPKuTv5NzEGf3kjUIoRqLWYJgABm0Ebm6BEeRqfOZuDUyugTs8S ahU/K/M8EJ/fssJAzPseP1aedy37mhHJ/TBgzx1yUsvZ/Ff8t5L/85++uoHTY9XDX8nS 0/4auSHhbPSW03pS/wUIzRpIEAJ/5fbiA/eusFnHoHGsoLvcBvPZIPfH3bqT42Becpdv rkoo7uFU//AL8+GzMv7cY1vRT6TAmCmmYLHrARmtFnFz3oJfRupp9OOaAk3IQInoTklO MUVw==
X-Gm-Message-State: APjAAAVlAU9CE0Y34CGzFqqcDcCY4GCxlTsnSACQWFkX5QuWhdUlGnJH guUUbl1OqE667XqNzs0vslsCLaVVHhzKNBdBG4U=
X-Google-Smtp-Source: APXvYqwhWoKKgfthWnQi7j9uyB87TXe8cDwlBWGSRN9HvDl2dyAFolCYsVa1H0/AkjP6jks1ZkFCHjZoSm7tRVK/8WY=
X-Received: by 2002:a5e:9918:: with SMTP id t24mr3197084ioj.258.1556812505750; Thu, 02 May 2019 08:55:05 -0700 (PDT)
MIME-Version: 1.0
References: <C7DA46E8-EBE9-4F4F-A621-23A089C59598@inf.ethz.ch> <3228B212-1006-4FAD-9514-D9914806638B@cisco.com>
In-Reply-To: <3228B212-1006-4FAD-9514-D9914806638B@cisco.com>
From: Marek Jankowski <mjankowski309@gmail.com>
Date: Tue, 30 Apr 2019 19:44:15 +0200
Message-ID: <CAMCcN7Qxbcy-cqA8mFwK_eatOEzNm2M03u4Q_J4nPW-igr0nWQ@mail.gmail.com>
To: mcgrew <mcgrew@cisco.com>
Cc: Paterson Kenneth <kenny.paterson@inf.ethz.ch>, "Richard Barnes (richbarn)" <richbarn@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000006326e40587e9a882"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/RHW0abICKQEC3epSbVUADpp3Ab4>
Subject: Re: [Cfrg] Adoption call for draft-barnes-cfrg-hpke
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 15:55:08 -0000

I also support the adoption of this draft.

Marek.

On Tue, Apr 30, 2019 at 5:28 PM mcgrew <mcgrew@cisco.com> wrote:

> Hi Kenny and Richard,
>
> I support the adoption of draft-barnes-cfrg-hpke, and I have some comments
> below.
>
> I like the goal of an RFC that provides a self-contained normative
> description of "hybrid public key encryption."
>
> It should be an explicit goal that an implementation can conform to this
> RFC and also conform to [keyagreement], for the NIST approved algorithms,
> because NIST validation is important in the industry.  I suggest adding a
> subsection somewhere that details how this conformance is possible.
> Please note that I’m not asking that every possible option/ciphersuite in
> this document be in the NIST-approved category; rather, I’m asking that for
> the NIST-approved algorithms, the details such as key generation, domain
> parameters, and symmetric key derivation don’t have any incompatibilities.
>
> I suggest changing the name from hybrid public key encryption to something
> from the existing literature.   According to Boyd and Mathuria, for
> instance, this is a key transport scheme, and the term “hybrid” has a
> different meaning.   Something like "Key Transport for AEAD Using Discrete
> Log Cryptography” seems accurate, since this draft only covers DL, there is
> no need to have a name that would be generic to RSA and McEliece.
>  “Asymmetric Key Transport for AEAD” would be appropriate if there is a
> need to be more generic.
>
> The phrase "Hybrid public-key encryption (HPKE) is a substantially more
> efficient solution than traditional public key encryption techniques such
> as those based on RSA or ElGamal” is confusing, because combined
> asymmetric/symmetric crypto systems have been the preferred solution since
> Kohnfelder’s 1978 thesis.   Someone without domain expertise might
> mistakenly think that this draft is claiming to be an improvement over
> current public key algorithms.   I suggest motivating this draft with
> something like “While there are well accepted standards for public key
> encryption [RFC7748][keyagreement], in several scenarios these techniques
> must be combined with symmetric authenticated encryption."
>
> There should be some discussion about replay attacks and their
> prevention.
>
> If there is not a strong mechanism protecting against replays, would it
> make sense to use an AEAD that is robust against nonce misuse, like
> GCM-SIV?
>
> "A given context SHOULD be used either only for encryption or only for
> decryption.”   Why not a MUST?
>
> It seems that there is no citation given for P-256 and P-521.
>
> A nit: KEM is used before it is defined.
>
> thanks
>
> David
>
>
> > On Apr 26, 2019, at 4:09 AM, Paterson Kenneth <
> kenny.paterson@inf.ethz.ch> wrote:
> >
> > Dear CFRG,
> >
> > (This is the first of two adoption calls today.)
> >
> > This email starts a 2-week adoption call for:
> >
> > https://tools.ietf.org/html/draft-barnes-cfrg-hpke-01
> >
> > Hybrid Public Key Encryption
> >
> > Please give your views on whether this document should be adopted as a
> CFRG draft, and if so, whether you'd be willing to help work on it/review
> it.
> >
> > Thanks,
> >
> > Kenny (for the chairs)
> >
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email