Re: [core] Allowing non-HMAC based KDF in OSCORE

Christian Amsüss <> Mon, 06 April 2020 16:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C0EA13A0C60 for <>; Mon, 6 Apr 2020 09:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DnLoCDMuq3RO for <>; Mon, 6 Apr 2020 09:18:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C63F93A0C5C for <>; Mon, 6 Apr 2020 09:18:11 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPS id AE30A40146; Mon, 6 Apr 2020 18:18:09 +0200 (CEST)
Received: from ( []) by (Postfix) with ESMTP id 1D96B79; Mon, 6 Apr 2020 18:18:09 +0200 (CEST)
Received: from (unknown [IPv6:2a02:b18:c13b:8010:2d54:7976:cdc9:1eab]) by (Postfix) with ESMTPSA id E8860367; Mon, 6 Apr 2020 18:18:08 +0200 (CEST)
Received: (nullmailer pid 2699440 invoked by uid 1000); Mon, 06 Apr 2020 16:18:08 -0000
Date: Mon, 6 Apr 2020 18:18:08 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <>
To: John Mattsson <>
Cc: "" <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [core] Allowing non-HMAC based KDF in OSCORE
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Apr 2020 16:18:15 -0000

Hello John,

On Fri, Apr 03, 2020 at 11:03:54AM +0000, John Mattsson wrote:
> As pointed out by Jim in the COSE virtual interim yesterday, OSCORE
> restricts the type of KDF to HMAC-based HKDF algorithms. I do not know
> (or remember) why the restriction is there.

from an implementer point of view, it would be much appreciated if an
OSCORE library would only need to ask its backend COSE library things it
can know (eg. whether an algorithm is a KDF algorithm) and not have to
ship additional knowledge about algorithms.

> I don't think there is any hurry to change this restriction but I
> think it should be changed at some point. It makes sense for OSCORE to
> allow any KDF specified in COSE. I would suggest that Group OSCORE
> (which updates OSCORE) lifts this limitation also for RFC 8613.

If we go that route (which sounds viable to me), could we have a "There
are no technical reasons why this could not be extended to (non-group)
OSCORE; updating that specification in a later document is being
considered." in there?


I shouldn't have written all those tank programs.
  -- Kevin Flynn