Re: [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt
"Stanislav V. Smyshlyaev" <smyshsv@gmail.com> Wed, 21 April 2021 08:00 UTC
Return-Path: <smyshsv@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 195283A1A0D for <cfrg@ietfa.amsl.com>; Wed, 21 Apr 2021 01:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjdQA71LK9nX for <cfrg@ietfa.amsl.com>; Wed, 21 Apr 2021 01:00:07 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FBEC3A1A0C for <cfrg@irtf.org>; Wed, 21 Apr 2021 01:00:07 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id v6so60845135ejo.6 for <cfrg@irtf.org>; Wed, 21 Apr 2021 01:00:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Mg17DfB8RY9YE9EusQPcF2vCadUtbvtXmaxZids9BR8=; b=dV5hO31dlXspMdBZ+7qv80525IaVUxJ79D8BTpA3F9kzFLPp2cJRM/w29oy0wgwIXw QHs94eozvICaTYZ4GrXAIxYvuuRcdh+PlQlBmLcleVXZ4ApsG7PSmd+wQSHPiodUjopv MvKnQO42PR4bjG213nt76EDSDn8CKx1/jW+HyVo5BpFeEg5bN0WCY48VJrmQVODQXtMP lhS7WEHGIFAgxwW95hUTwgTe7KD1SkqDIu2q9aWSkquSAGzpEbz457v3mhItCBjkiz5a PvtG6zQtjJ1qMPQIe4NxP7Ou2FexgNWtH7tOBeic7JcrWtZ373kubKCBGIAemxO9rI0y U3RA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Mg17DfB8RY9YE9EusQPcF2vCadUtbvtXmaxZids9BR8=; b=pY4ihuNzT/En3nZH9xXXsfzlSjQqFHspj4T6yiVpsrY4rUNezpDvruwu5j1vZdnkkc HGYJ9uLBhzLqm1q0J5sub1eeBD7j9evxYw8LjSp43FfZW2o0y7jTHsXpj079wy9bSLzq 2srZ5E6cl//St0LAjPSpMMitooGDti/NV3/VCyc/PN6yMMcR9Fjs8K/2/WzWp7xWWerm SbYcMn7p5Pz16Blw3OBnFa8RXS+8mUJLysmu1BP+xtoi3SOc0t1W/O6tCbbhTeM4ofqv vFcr42RRq6yWeH4f8BC96E6/lK/85CVNCwso7ROv+4dmJQ0ZKSoiTGOi9OJGdXVX0cCn tkpw==
X-Gm-Message-State: AOAM531/oq6VHXIjLJq+dmoJ9qz6hABTp+Uqc6NhCrKhit2SKlVDf2J4 vLOHcHsREY9+QguuVRK/VPSdTHJL+Wyqgp38H0EQKP6A
X-Google-Smtp-Source: ABdhPJzEIBzoodpWKOy+p9UjYzte6kDDGr7kpxYDCacMThpDFwlJSC0FSLzf8bBCph90KKhgNXZtUGrVHAHsy5Rs8pc=
X-Received: by 2002:a17:906:170d:: with SMTP id c13mr30840895eje.491.1618992004352; Wed, 21 Apr 2021 01:00:04 -0700 (PDT)
MIME-Version: 1.0
References: <161342335747.29605.4309828130398666424@ietfa.amsl.com> <72D4DB86-0BA3-41A1-84CE-AAF2D9DBC49B@pureftpd.org> <36a961b5-918a-41d5-9228-074636f7b3b2@www.fastmail.com>
In-Reply-To: <36a961b5-918a-41d5-9228-074636f7b3b2@www.fastmail.com>
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Wed, 21 Apr 2021 10:59:32 +0300
Message-ID: <CAMr0u6nFX0kkdStb0K=Hj4esKRJbBS=fNHC-Sz6V3RuUvD2S7Q@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>, CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000504c6705c076f3a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/odlR2U0cFyvmJn13DhSoGBs_iCg>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 08:00:12 -0000
Dear Chris, HPKE is now in "Awaiting IRSG Reviews" status. I would suggest updating the draft if there are updates, so that all future reviewers could find the most up-to-date version in the datatracker. Regards, Stanislav On Wed, 21 Apr 2021 at 01:04, Christopher Wood <caw@heapingbits.net> wrote: > Thanks, Frank! We applied your suggestions in this PR: > > https://github.com/cfrg/draft-irtf-cfrg-hpke/pull/217 > > Since this was mostly editorial, we'll hold off publishing a new version > for now. (Chairs, please let us know if you'd like to see a new version in > order to move this document forward.) > > Best, > Chris > > On Mon, Apr 19, 2021, at 12:51 PM, Frank Denis wrote: > > General comments on draft-irtf-cfrg-hpke-08: > > > > * The document is well-written and every function is clearly specified. > > I wrote implementations solely based on it, that were verified to be > > interoperable with other implementations, and didn’t hit anything that > > required additional information. > > > > * The test vectors also appear to be correct. > > > > Given this, the maturity of the scheme, and the fact that it is a > > dependency for other protocols, I’d like to see this document move > > forward. > > > > > > --- > > > > > > Additional comments: > > > > > > * Section 4: > > > > “This function can raise an DecapError” -> “a DecapError” > > > > > > > > * Section 4: "The Seal() and Open() functions can return a > NonceOverflowError." > > > > The fact that HPKE uses increasing nonces is an internal detail; > > exposing this to applications looks like the wrong abstraction level. > > > > From an application perspective, a more meaningful error would be > > `TooManyMessages` or a more generic `Overflow` error that could also > > encompass the case of the AEAD’s internal counter reaching a limit. > > > > Using `NonceOverflowError` may catalyze inconsistencies between the > > specification and its implementations. > > > > > > > > * Section 4: LabeledExtract() and LabeledExpand() functions > > > > The document doesn’t mention any size limits regarding the `suite_id` > > and `label` parameters of these functions. > > > > This can be an issue for implementations favoring static/pre-allocated > > storage space over heap allocations. > > > > Specifying reasonable limits (64 bytes?) may be useful to avoid > > interoperability issues. > > These limits can also be documented in section 7.2.1. > > > > > > > > > > * Section 8.1.3 > > > > Splitting this into 2 or 3 paragraphs would make the section more > readable. > > > > > > > > * Section 8.4: “Further, because HPKE uses AEAD schemes that are not > > key-committing” > > > > This seems to suggest that non key-committing schemes are a requirement > > for HPKE, which is not the case. > > Further revisions of the document can include key-committing schemes, > > and exported keys can safely be used with such AEADs. > > > > > > > > > > > > Cheers, > > -Frank. > > > > > > > > _______________________________________________ > > CFRG mailing list > > CFRG@irtf.org > > https://www.irtf.org/mailman/listinfo/cfrg > > > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt internet-drafts
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt Frank Denis
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt Christopher Wood
- Re: [CFRG] I-D Action: draft-irtf-cfrg-hpke-08.txt Stanislav V. Smyshlyaev