IETF Logo Mail Archive

Re: [COSE] [jose] HPKE PartyU / PartyV

"lgl island-resort.com" <lgl@island-resort.com> Sat, 23 March 2024 20:38 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A303C14F616 for <cose@ietfa.amsl.com>; Sat, 23 Mar 2024 13:38:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xp6rlS7oA_yK for <cose@ietfa.amsl.com>; Sat, 23 Mar 2024 13:38:01 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2090.outbound.protection.outlook.com [40.107.223.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDFDBC14E515 for <cose@ietf.org>; Sat, 23 Mar 2024 13:38:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bfVgp1i7C5l8cPkZ7drpjYoRIlnkI6VBvbqTetUW4Qn9QsHLWn0pIIw+dEEagQXr8Lh69EZy163pJToKMLKoLelwfQEz4eFE7a7D6UhU0DAUIJuWR2GQS8aT9AF+cqKNbSizE8pLhUgDGeYYCfv7AGWcWgHysKqTdyRUDOUkSseWxtdZf1jvhc5+NEg+c6lmQmaYLjWY9u24SGW6ga2juJMdWzQURpdrbqUdlZiYVJsjgDntGpPLLLXoj5oYzD9mHgrYfLUf/uJFIJz38F44nfyIyImRpEhIGTuw7GsxOgM0tCiPm8z2urTHBugjRE3AnS3zc6WyuOD+PYu/g4gpqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vT3GTTrt6yZGIHqzFXPkl4wJyOiBLoDLwLwNhoNcw3w=; b=P9BUhMzQJ9kJ/QWyPVDSQjNjStLVGLfqUAjGvvpY5yVrqD/T8WyzVnxJmK4aOxDyvwKf80ChL3CjcwAjXKfJt0wd38/vvveHpeFxX54+xsbv5Q11hqU7k2VNYQti81DULHD/lCmyC8feqUjAF/e5DwpsowKPU97oftvRjBeXTthWOVjMiouImPsyRVx7YuheXi44CC0D3ksi+9OyNuoHUrpy32t8UoFs9ZDhqJFIL0almw7SG8k0cRokAFZApKV4ZuLRkn+4vSsstLQz4+dswftU29arE8OukDJtPdKbQlQ5yNNkyGXXUuybavzaGrD1qcLdDzVSS0m6CYkIFxOlpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from SJ0PR22MB3094.namprd22.prod.outlook.com (2603:10b6:a03:42b::14) by SN7PR22MB3762.namprd22.prod.outlook.com (2603:10b6:806:358::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.26; Sat, 23 Mar 2024 20:37:58 +0000
Received: from SJ0PR22MB3094.namprd22.prod.outlook.com ([fe80::30d3:d84d:c7ea:c6c2]) by SJ0PR22MB3094.namprd22.prod.outlook.com ([fe80::30d3:d84d:c7ea:c6c2%2]) with mapi id 15.20.7409.026; Sat, 23 Mar 2024 20:37:58 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
CC: cose <cose@ietf.org>
Thread-Topic: [COSE] [jose] HPKE PartyU / PartyV
Thread-Index: AQHaeLqobEXWyBU1aUaEzEnRI3t5JbE9J0eAgABRDACAAEpqAIAAVIaAgAFWWICAAGA5gIABGIwAgAA5tQCAAn1EAIAAL1iAgACK1YCAABpHAIABJ7QAgAA494A=
Date: Sat, 23 Mar 2024 20:37:58 +0000
Message-ID: <AF75EFD3-F7FF-4F64-830F-E69B1C250335@island-resort.com>
References: <3732594D-ECA8-4BA3-9CFC-4E4E6E88D13A@island-resort.com> <CAFWvErXkcV8prWVTF=VLRZtin9wA1Z8+DPkopQxvDzqTepZ1ZA@mail.gmail.com> <A1D2BF92-68FE-4E67-A420-D19D55AD6C99@island-resort.com> <CAFWvErWo11A--1Nkkv8p7JkF+xCPD66hVxJa8CTU+nO74cbCrA@mail.gmail.com> <2FC023C9-9091-4C9C-A2C7-350945C04B23@island-resort.com> <CAN8C-_KgZmFMkg_GsF0YgzgS+jCJKWAOZdytZKVwgbirrDUc_Q@mail.gmail.com> <Zf1jjGx2ZimgRqAD@LK-Perkele-VII2.locald> <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com> <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com> <CAFWvErWKs0gzfvPymsOGfQXjMuAQRUJNaodvVfAbUWiwbuNMwg@mail.gmail.com> <Zf8N0hhwhhFJuFlI@LK-Perkele-VII2.locald>
In-Reply-To: <Zf8N0hhwhhFJuFlI@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR22MB3094:EE_|SN7PR22MB3762:EE_
x-ms-office365-filtering-correlation-id: 28d46c45-19b1-4266-0b8e-08dc4b792047
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SJ+n/xXaeu0tt9hQr25xfmkDbttvCze/W3X7Z/ZUCOAj4APCZlAM+A4FqHOZM9BW234QeCtIRAKxPY1axyVKTbPj40w4LOAxQs1cB5lacwRvQ+e9O0Shlt13QjITIVJX5Rt0X3pRHzySQUsKblzuVFbXstl1q7cvh+5zylRzIgLIOaqR7Ox6YaALy4Wxws4peVh/iOb0m0ip5+jkT5mJG8kCIqwijiIn08INIoktQaESPbTD7tIn+7Pn2uYB597KihDiptVL0nK6CL+qIzjhC68RGqArC6oB4Yv+Vf6rSB1q06WUXLe/RRDDdig+ZMryh+JvjIvECPWNyLQNxruyNr0YWodBINCV4mIFnM1g4EyDwZOfqtsmmBVflv5GBDirgYYqeCn/htCTy7KdQKFGjZ7vCYOb4f8PfrnJnAIerF+rZRAvNkrApxp38Q9BAtn6ABO0XzpUqiP5TVVCb6jNoqE7WEFUwd1NK3g4tB2fqiFXTpqI6Ia2SgfRMa61jO9fY/HQihVyBG2cgV7W0Vq3fPEr/MeZuFV8qTdUiSd1ygrBpDBTJNLb9H348NcxyP4goSpEudGQmwLKwGzS7dkr7yxDP6VvxQ+cuiVsjfYdcX5jRp729j52Sx52b3dAs8tjiPu0ZblOMYc9LOnfMsuUosbbiSxHidT2xjk2Q6gvxrReDPLhU6fYm+wApvQKhOzTOyImYkuWp3oa6sv64BV6Sw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR22MB3094.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2k0bQxFXG5HzVLsQxpHRdIiMwL4R6+U7z6G3PqIZjZ/b27DslGmJw/u9lnsK1jfBqtmYVElZk5TlWmx4YEUJ73mNk1/ev/Fb6SHijr0JP2BSmgTYPSq6sTElFifhI6drK1pm8rMkDe9aykY+vzacQBpHZooaBZwXoyt4APPfjvFo65gqBNxVWyX7M69H+fNBOvuTWlK+A4l29VZgmQZWxqYb40eniirJ8cc05yToHtzg+VUWyyyPCKG99Ku4ExMni4k4N2jZPY9Ojy1aIMUQNwBCLmEaJzB/VxEm7G2EzhliECogBXpZOs0CBtQJ38wcfAw5cCxO3Ekp3WAmY6TtZCkXM+C2fVKBK8tcfzdn8DlrppyXO9wUR+8EdXmJo8AYHfOfRDOSNpv2HScpnsAYDp8WW2lLf2HqjA6gx8Q+4neYx2Vwm4H/lb+NRz3LeQjrrQbqH05egLQbqRDzFgvMWmPsWg6ZgtkhJJV7l6lPY769SogjPNWOm4Fi9Nnb1P2+MRYNDj9vvcyu0oZc/XT+K/NX4xJNj3iKLjAgcspLRImM4knyU6E/quuRVxXrpSEddCHwAOsOem63NO1pG1/YBxjtlbkvHrJqjxelYBZqWWckhg8AVBn3XjBrAEqHx9yhGT80JIh5vVONKBidKUUYkAC0D+5MvQuo9j9NDklPZTOtCVbKjaZu3QurqpqRC94LZPWxBy5Q6ks3GHTi5ikrDvNizBdDAc7XYWzUhoKvErT3uSC5yVRMxoyyWn2VS/gwQ+tVdPj04NKuJsAJRxZkcijaQeGa7qQ+ZudL2SaenGxH++CoWr4bNIpOm/vKOlS5RTpySN4rcpSzu3d6it1/TqAdanRRfhRtp8kKA71Ai26MtQXpxRZxW1eKrE5P6l+HCX/BxNdhfEfHaharmyYFx5NPa1RWbzotV21stcz3jyWd0d9IOpn54GkvG0dzYuDAwdiZQoGcKffxkunB+iWD0qly4Awuk4IOs+ICk0Cpj2s4D61ReookMei6js/OQHq3eMkypkMPf3lqArg5HezVpFNlnlYbln+X/OygBnraJ7GEnI4YOda3FUFnVSO9bZBv3Yfh7opinmhVjc4PVflh7bjSEfKvJOgSNhr8O1xby/+prHDcOEsJXsbs3vvGAlIyUhxCR3dpoz3r7umtfmOEGhSAE/ryeNyhAf5kKaifGoRORUAvyv3ZEPdLxk4i1oalRtiR/YIQv7fm69Vam9/rTqnrSFZs6yzq2c+620dGggyqeTkR9JkVuX46EMx0J5UJN6WndgLqAiUV0oXHu8f4lAtXyBbiQyMtJ+qBB5zeLZRR4Jqo8OAVQkDoaIqoKKDBpFAWWb2o5oGKiuCisxnPPuBZ8JsvDgTcXaGCllAyGsom7MNJa9nhPBLJjAQB4u3SkSKpmoM0+X1FUYWppCFKhMsTzQz8tKimi7hSedfmmiqVlaIug2hE81znlXaKhC2KeM/+GvCAotQTd6tVlqcf4tE0puMV+/1emv7zYvMNRCGz+DY7h9x7vV6u4Ojx4C4bkrXGgx0cNOo+DASv0xfj91NHTywHICaWfytHYAi0ySVXtwZ2npDs+2di7N9Az/aVhdAD8p5Sl7/LcFqJHrdIcQ==
Content-Type: multipart/alternative; boundary="_000_AF75EFD3F7FF4F64830FE69B1C250335islandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR22MB3094.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 28d46c45-19b1-4266-0b8e-08dc4b792047
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2024 20:37:58.3891 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eiaqp2VpyIhO2QwhhzzfnQtNbk6WI82nQOlVcksGIBGMeegyNZQdMEjhaEGQpqW49FKnaLSjHwJ1yKFWv8AphA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR22MB3762
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/9RkCyE96crQl5JAFZl7UeseJ90c>
Subject: Re: [COSE] [jose] HPKE PartyU / PartyV
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 20:38:06 -0000

On Mar 23, 2024, at 10:13 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:

_If_ key management algorithm is aad-capable, adding next_alg to aad is
an easy way to make decryption fail if attacker alters algorithms.

 COSE -25 and for COSE-HPKE key management is aad-capable. With a little extra work I think content_encryption_algorithm (formerly next_alg) can work for COSE -29.

I’m starting to think about a new draft to define the -29 replacement. Probably not a large document. It would not use COSE_KDF_Context. It would use a new Enc_structure with content_encryption_algorithm.

It could define a -25 replacement too, one without COSE_KDF_Context.

However, the problem is that COSE explicitly allows aad-incapable key
management algorithms (e.g., Key Transport or the whole section 5.4
stuff). And often there isn't even hacks around that.

You are talking about 6.1.1 and 6.2 from 9053 used with the non-AEADs in 5.4, right?  The others in section 6 of 9053 have a KDF, so they are OK (except for -29 which gets tripped up by key wrap).

I suppose errata might be issued with additional security considerations.

LL

v2.23.0 | Report a Bug | By Email