Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)
Colin Perkins <csp@csperkins.org> Wed, 03 April 2024 22:27 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B44C1C14F680 for <cfrg@ietfa.amsl.com>; Wed, 3 Apr 2024 15:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level:
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bt06VDTGfuwb for <cfrg@ietfa.amsl.com>; Wed, 3 Apr 2024 15:26:57 -0700 (PDT)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 951BFC14F5FB for <cfrg@irtf.org>; Wed, 3 Apr 2024 15:26:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=aMQmBn65FbK+qO0jSlCafz2sQ6/mk7MA65os+taRnus=; b=LrkAOohbCOAHj7qq+FK05EoIeB mLBDRSRJlrYhvAvkbtK8ZT/JkBjlVqCsRXqn3vYmh2CjsrpWgtFrdHAkik67Qorhv8K7AO0xcUaid F5wOGmAmg71d5LTgC7UowIJOsBxtkQo3sPFt/40yLF/kucuJcFbIZ5Qlly79WWk0biJPnXfSYaQa8 uQAJAWVZ5tQi+fMjEbPvHNHDkEfNFRcDeshTAnTwoQBz2uK9aHWzUUVmq6vjq4N486hpnxJu6/YI7 moKUvMaGQnZ43z/qzGGR9jaD5xbR+60E/QKm+kwitNa+ihNn9/ujnNDkusneoUlXccWZSDKlAdYRf uehXB8Nw==;
Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1rs94K-001Hea-4k; Wed, 03 Apr 2024 23:26:56 +0100
From: Colin Perkins <csp@csperkins.org>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: CFRG <cfrg@irtf.org>
Date: Wed, 03 Apr 2024 23:26:54 +0100
X-Mailer: MailMate (1.14r6025)
Message-ID: <61EEA3B7-3413-4B26-B92B-B67D9C728B32@csperkins.org>
In-Reply-To: <F1F7DDAB-1161-48C7-A545-285BE9ABB31A@gmail.com>
References: <20240130102359.887F91A3A476@rfcpa.amsl.com> <F1F7DDAB-1161-48C7-A545-285BE9ABB31A@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_937FA06A-9EDE-4547-83E0-86C05CFF657E_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"plain":[249, 3434], "uuid":"D4B5B77B-43B8-4E8C-A1B8-832445E122F7"}]
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vJIWlXe_Vh3ebngR0pLFt_S7lDo>
Subject: Re: [CFRG] [Technical Errata Reported] RFC9180 (7790)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 22:27:02 -0000
Hi, This erratum hasn't seen much discussion, the other two have been discussed previously. In all three cases I think input from the CFRG Chairs is needed to judge consensus on how to proceed. Colin On 2 Apr 2024, at 21:46, Neil Madden wrote: > Anyone know what’s going on with errata for HPKE? I reported this > one in January and not heard anything about it. There appears to be 3 > errata on RFC 9180 that are in “reported” state, 2 of which date > back to 2022. Is anyone looking at them? > > Regards, > > Neil > > Begin forwarded message: > >> From: RFC Errata System <rfc-editor@rfc-editor.org> >> Date: 30 January 2024 at 10:24:00 GMT >> To: rlb@ipv.sx, karthikeyan.bhargavan@inria.fr, ietf@benjaminlipp.de, >> caw@heapingbits.net, irsg@irtf.org >> Cc: neil.e.madden@gmail.com, rfc-editor@rfc-editor.org >> Subject: [Technical Errata Reported] RFC9180 (7790) >> >> The following errata report has been submitted for RFC9180, >> "Hybrid Public Key Encryption". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7790 >> >> -------------------------------------- >> Type: Technical >> Reported by: Neil Madden <neil.e.madden@gmail.com> >> >> Section: 9.1.2 >> >> Original Text >> ------------- >> A detailed computational analysis of HPKE's Auth mode single-shot >> encryption API has been done in [ABHKLR20]. The paper defines >> security notions for authenticated KEMs and for authenticated >> public >> key encryption, using the outsider and insider security terminology >> known from signcryption [SigncryptionDZ10]. The analysis proves >> that >> DHKEM's AuthEncap()/AuthDecap() interface fulfills these notions >> for >> all Diffie-Hellman groups specified in this document. >> >> >> Corrected Text >> -------------- >> A detailed computational analysis of HPKE's Auth mode single-shot >> encryption API has been done in [ABHKLR20]. The paper defines >> security notions for authenticated KEMs and for authenticated >> public >> key encryption, using the outsider and insider security terminology >> known from signcryption [SigncryptionDZ10]. The analysis proves >> that >> DHKEM's AuthEncap()/AuthDecap() interface fulfills the notions of >> Outsider-CCA, Insider-CCA, and Outsider-Auth for all Diffie-Hellman >> groups specified in this document. It does not fulfill the notion >> of >> Insider-Auth defined in the paper. >> >> Notes >> ----- >> The referenced paper defines four notions of security, Outsider-CCA, >> Insider-CCA, Outsider-Auth, and Insider-Auth. It proves that HPKE >> meets the first three, but, contrary to the current text of the RFC, >> it proves that it does *not* meet Insider-Auth security and that this >> is infeasible for HPKE. This is an important negative security result >> that should have been highlighted in the RFC. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". (If it is spam, it >> will be removed shortly by the RFC Production Center.) Please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> will log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC9180 (draft-irtf-cfrg-hpke-12) >> -------------------------------------- >> Title : Hybrid Public Key Encryption >> Publication Date : February 2022 >> Author(s) : R. Barnes, K. Bhargavan, B. Lipp, C. Wood >> Category : INFORMATIONAL >> Source : Crypto Forum Research Group >> Area : N/A >> Stream : IRTF >> Verifying Party : IRSG > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://mailman.irtf.org/mailman/listinfo/cfrg
- [CFRG] Fwd: [Technical Errata Reported] RFC9180 (… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Martin Thomson
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Martin Thomson
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Benjamin Lipp
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Karthik Bhargavan
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Colin Perkins
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Neil Madden
- Re: [CFRG] Fwd: [Technical Errata Reported] RFC91… Karthik Bhargavan
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Thad Thompson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Eric Rescorla
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Dennis Jackson
- Re: [CFRG] [Technical Errata Reported] RFC9180 (7… Neil Madden