Re: [CFRG] Questions for the group from the HPKE presentation

Natanael <natanael.l@gmail.com> Mon, 09 August 2021 14:53 UTC

Return-Path: <natanael.l@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A10453A165C for <cfrg@ietfa.amsl.com>; Mon, 9 Aug 2021 07:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id clzrXu7xILBo for <cfrg@ietfa.amsl.com>; Mon, 9 Aug 2021 07:53:33 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 407C43A165A for <cfrg@irtf.org>; Mon, 9 Aug 2021 07:53:33 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id x7so12464167ljn.10 for <cfrg@irtf.org>; Mon, 09 Aug 2021 07:53:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p8UhYsOUjkvwtBn4n5UjByXjz3h3DDgZLfUX1px0Qeo=; b=BlOFOFVwq1692ykuUoK1ewB8GRZIAlBhAs7qVD7+ly/K2bnlxrqJwi378qxZtlUl+D XmuUZ/mMlRGX4oVBTsAU4Vtr2ixudhD3ZJJ3v9D8a2H8DJp/wa74NJ+rAxRKYMnB+hzj bnV6ISIECfxoeB2NnGAdpo20GdUqyAGt+6xaj5d9+m6EPjfInCAhn+YrdpYD2Nr20436 w58cOqVBzEjkrH3HnmF+2XTNzN01HUGMdxyKCJpv6t8104J1lRGGYSCWOeUFW+R5dkNZ RoGclZRNmwbUEmm3kcQ+sd3mMOJP+/MgszIRoHY4NbRm/zGiZ+RpdqN7F7gZ4uMcK2/K 51WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p8UhYsOUjkvwtBn4n5UjByXjz3h3DDgZLfUX1px0Qeo=; b=r1IhC9RpogEa/OJ+OmtBCs50QunxuWUOwC8LXKJvrC87FIg2J0Rb6dhPGMhvHzsQJ8 GPsCRlB2VZ593rGzE5IjD7aJZjkqPxqv8R6YNcTMr3GAGmLr9bVTP2StlWzjAC4jWfb4 kD9MmXqoDsyDMYQbblMinJo4dWL/Ob9m+jx6B03xyH88e50NGeYCyNERy9gQ/Vpj1C0D XGj2b7kTklKmkFxQzjMxBnZUho8K2keL7EPMoaWUbeXRz9Ph7/prE7zwBftAF5SkmB6G 52ObxYXfodPRD+RnrwLVOrP594bfY76PpApwuJaQH6vdGpIqpoo7naW9iNKv/ygGlKFy jUWw==
X-Gm-Message-State: AOAM531a/6tEm7A4EuizuEHtP6P6yZe+I5ROrNbcHFE1jHv4xQWf6kRs Yuty3k658QbIvNkAK/cquh2ZCmbp4jVeyLGH6UY=
X-Google-Smtp-Source: ABdhPJzjC8akiZdncdg7G5Ipjp17k+LamE3VsPasalgIIN8htbAUGgyiBsXGhikHDEORzDXe9tOtuARSSBgZ0nCFUgo=
X-Received: by 2002:a2e:9e0b:: with SMTP id e11mr15775650ljk.418.1628520810400; Mon, 09 Aug 2021 07:53:30 -0700 (PDT)
MIME-Version: 1.0
References: <a582bedb-35ce-41ba-ba9b-2dd1c074b248@www.fastmail.com> <747276B5-678B-4983-82FB-B36BF9B5C7CB@ll.mit.edu>
In-Reply-To: <747276B5-678B-4983-82FB-B36BF9B5C7CB@ll.mit.edu>
From: Natanael <natanael.l@gmail.com>
Date: Mon, 9 Aug 2021 16:53:14 +0200
Message-ID: <CAAt2M19sbarykwFd7iYM_grymeLTTKt5YQf=+8PUCFPdJW+PRQ@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000069ce1e05c9218c91"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/bRAOT0AT8QGuAX4SUFjKzX0SqU0>
Subject: Re: [CFRG] Questions for the group from the HPKE presentation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 14:53:35 -0000

Den mån 9 aug. 2021 16:47Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
skrev:

> Semi-related. Am I the only one who became rather antagonistic to AEAD
> modes that can't survive nonce reuse/misuse?
>
> I'd like to see only nonce misuse-resistant AEAD as we move forward.
>

FWIW I am also strongly in favor of MRAE modes (misuse resistant
authenticated encryption, like SIV modes). Robustness properties are only
becoming more important.