Re: [CFRG] HPKE and AEAD Authentication Tag Length

Martin Thomson <mt@lowentropy.net> Tue, 24 August 2021 01:24 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD053A1413 for <cfrg@ietfa.amsl.com>; Mon, 23 Aug 2021 18:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=DdBiywc9; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=KvlNsl/Z
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDI83_6eFXPh for <cfrg@ietfa.amsl.com>; Mon, 23 Aug 2021 18:24:23 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5C033A1415 for <cfrg@irtf.org>; Mon, 23 Aug 2021 18:24:23 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 7DC4E3200A7E for <cfrg@irtf.org>; Mon, 23 Aug 2021 21:24:18 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Mon, 23 Aug 2021 21:24:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=i5ebo2/dDbeP12OFqskCQJZ4oq978Ag CLBCA+xlu0bs=; b=DdBiywc9/2BiuyXZW+j58cTIzNgD6XLKdawVZjnzk14trek A2FQcZQebQCclYBPetl5BDbidyvdO8xYCCqhznyplWgZduDLAd90q3KISx9ryMPy tn1sJNR+Devmw6I34PNLE6op0lWfoyqIFxYtfmXZNikaTjsunAjFyNl9bRI4uBQ/ dOzx5CHWUrrnJ40SWXOdXYhPK4OD0pX6O72V+pYne9hnTw8joS2ImWCzr+SyQLff QsH0CqNu1g9eNahR6JpWhwU58HtNfBQLAKZGppIQx6qMOZQYyQDscmln9F/FdX49 lc1aJtnma/YtVKCzbrVlVIz/5/UlBUMt36ydcNw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=i5ebo2 /dDbeP12OFqskCQJZ4oq978AgCLBCA+xlu0bs=; b=KvlNsl/ZUjiOpdCk0kgtUP eQFfcSwSWahIhSa9Nb8/OaTB/alc0BBTgQMc6WLugyl0gtJRb0gTOmKB6GKMFxnM dOadHZdtbFVOln5kIgJ8N9wGxln3uuWuQZkpgKLrw9esmd3d6c704dH2RBbrzNgN WlGFIRgwzM1k4ydQW0SZq19aciJJOqjHcIxCzteBPpyExS4WtcHz4eGkdryccH/w ZoQoESLHi+kYQUHnkpcQXhfy5Kjw4NlUm/2sHCipie7Rlqrlc0f2AKJGKo+18HZk wTLtJNs4WIfz+vxi/3riKRSp3932xLU0Cth1SAL2FK9Mz+Jn1+vevTLbkTlgLO2Q ==
X-ME-Sender: <xms:QUokYY_A3st9gTt44DClva7tMwENLXWAJImCym9OaKkuBd3llLP9DA> <xme:QUokYQuTorwPp_MVl_wlR6kAsXCOCkyt9xUdEZbLwVBYgMmEzxPe1F0aiht-nJD2r rM0f3ODnwD8hpkGHtM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddruddtiedggeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeevfeettdeluddtgfeuge ffjefgtddtteeiledviefhuddvffetteetkeduteekkeenucffohhmrghinhepghhithhh uhgsrdgtohhmpdhirhhtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:QUokYeDV2HCZohJyxq7xNJMm4WHXJya1hboBcC9eS7Vud9e-0Wz7MQ> <xmx:QUokYYe83Yutly2xu5k_pUxjvEQbxGSLMttcgNGdLs9LgUXtMeMUqw> <xmx:QUokYdNTgt-cMI82wS_XhlMA-v_0Tr7AFPa7bzrKdUeOVZeKoAQs_A> <xmx:QkokYTYOS9NJyWDqH-YVuLZ8s36sbdy1pdWMcVse8iY6Lzejc8K21w>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7E27C3C0EB8; Mon, 23 Aug 2021 21:24:17 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1118-g75eff666e5-fm-20210816.002-g75eff666
Mime-Version: 1.0
Message-Id: <14bb1ce1-9ee5-4a3a-a637-f1d8f448c08e@www.fastmail.com>
In-Reply-To: <CAOgPGoBK9Lq0D+ufJRYowXPcKJuT8gf81ZpJ0=RZzG8-f0=fpQ@mail.gmail.com>
References: <CAOgPGoBK9Lq0D+ufJRYowXPcKJuT8gf81ZpJ0=RZzG8-f0=fpQ@mail.gmail.com>
Date: Tue, 24 Aug 2021 11:23:16 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/cxNjy5AY2Zkwygx3s_C5X6A3lQw>
Subject: Re: [CFRG] HPKE and AEAD Authentication Tag Length
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Aug 2021 01:24:29 -0000

Curiously, the length of the tag is not in contention for any of these AEADs.  It's only if we take on something like CCM or OCB that it becomes relevant.

On Tue, Aug 24, 2021, at 04:52, Joseph Salowey wrote:
> In working on a Java HPKE implementation I found that specification 
> does not specify anything about the authentication tag length for the 
> AEAD cipher.  I opened issue #283 
> <https://github.com/cfrg/draft-irtf-cfrg-hpke/issues/238> and proposed 
> PR 239 <https://github.com/cfrg/draft-irtf-cfrg-hpke/pull/239> to 
> address this.  
> 
> Cheers,
> 
> Joe
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>