IETF Logo Mail Archive

Re: [COSE] [jose] HPKE PartyU / PartyV

"lgl island-resort.com" <lgl@island-resort.com> Fri, 22 March 2024 22:01 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E335C14F6F4 for <cose@ietfa.amsl.com>; Fri, 22 Mar 2024 15:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVaxamobqk3s for <cose@ietfa.amsl.com>; Fri, 22 Mar 2024 15:01:43 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2092.outbound.protection.outlook.com [40.107.93.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 674C8C14F6EE for <cose@ietf.org>; Fri, 22 Mar 2024 15:01:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EDf38UEJ5nBjYOoIrAeXfQJU8gemU/h3iMrWYw5qXhNeNgzXk0X5KDc4i4t1vRAznYqBeoFPjyma0yZzSmF4Zr2gehXT0P9G3BHNU9fipOa8Y76yB/Dgm9t9iLEiLytrMmvqYDHLjMT+1yOqqhzQYuouTZPPZCktOJmBzjhP0CHYvKiw+qsLC7Kw5SIrfgsPxhfMMvlzdoWBxL6uTXJqz10nCQXhisIHiwb0SNEDsDlsyKTlP3TVke4YGgoTw6OKsOH49943L3oLZPOcUblqFn35e9JFJexMntQR90wI7a0HmWQTfuyudqU326jkznjLkgUG3Em6/w1UM87lzkjJeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DCscxDP5QxTGMVhu3a3bXeryVItdBdPEbAbaQGHU6T0=; b=aoFWtBqq7rj+CbmVxYPH27Jyn0eTjJm84LGhfPFeHoZ3dP6GbSEUlwJZRzw3lb5TxtgGM1ODMZ7Q3Jhqr4Y51MsUwo/QSBbsc/St/mrJ3Ln0BYjJMNCEpYMExu0XyUpLpTbN0RROcBI7j+Atzh3swrHqX0toeP9dXbDXDa2r6QWX6zLdp8OoX8KxwATKy7UIMCgVtedD44ju9ezKH/JmDUZPiPt9Hnjbd1j5dmOCoHJFbMnT6Lq2mIbt7DCcm6kuBIJ44YpAurBMhNX9SQDJzegcusoET1ACUMLBohYYsy89j0VrUsacWO+B9gkHCBT2LwLhs6U/GlHjusLjPAyvEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SN7PR22MB4078.namprd22.prod.outlook.com (2603:10b6:806:2de::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.24; Fri, 22 Mar 2024 22:01:40 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e%5]) with mapi id 15.20.7409.023; Fri, 22 Mar 2024 22:01:40 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: AJITOMI Daisuke <ajitomi@gmail.com>
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, cose <cose@ietf.org>
Thread-Topic: [COSE] [jose] HPKE PartyU / PartyV
Thread-Index: AQHaeLqobEXWyBU1aUaEzEnRI3t5JbE9J0eAgABRDACAAEpqAIAAVIaAgAFWWICAAGA5gIABGIwAgAA5tQCAAn1EAIAAL1iAgACK1YA=
Date: Fri, 22 Mar 2024 22:01:40 +0000
Message-ID: <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com>
References: <Zfa0cauyJ0n2uRkI@LK-Perkele-VII2.locald> <CAFWvErWGBVHJp5gDfTQdxSsQKpkFcnw34kbKiadgqXB6ewX==g@mail.gmail.com> <Zff4A40zh_--tIWr@LK-Perkele-VII2.locald> <CAFWvErUaa4hxNmM82HY9mU6TyvWsh-5zAtDXO4r4qoqEfvxwOA@mail.gmail.com> <3732594D-ECA8-4BA3-9CFC-4E4E6E88D13A@island-resort.com> <CAFWvErXkcV8prWVTF=VLRZtin9wA1Z8+DPkopQxvDzqTepZ1ZA@mail.gmail.com> <A1D2BF92-68FE-4E67-A420-D19D55AD6C99@island-resort.com> <CAFWvErWo11A--1Nkkv8p7JkF+xCPD66hVxJa8CTU+nO74cbCrA@mail.gmail.com> <2FC023C9-9091-4C9C-A2C7-350945C04B23@island-resort.com> <CAN8C-_KgZmFMkg_GsF0YgzgS+jCJKWAOZdytZKVwgbirrDUc_Q@mail.gmail.com> <Zf1jjGx2ZimgRqAD@LK-Perkele-VII2.locald> <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com>
In-Reply-To: <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|SN7PR22MB4078:EE_
x-ms-office365-filtering-correlation-id: b41b8c82-5348-4188-4184-08dc4abba704
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8WPh5nKhsRvRUiAJKBJcQDUlpHa4QVhcqSPIlZOmPNzRjYLfmZgyRMwvO1+frJKuZSvFJOW/wD1C5VXRPO032YPU9ZjpISpRP7kGq/aI2hsP8OXIqnDa7aqhf582joqScdjyQqhWQ31woKU+TVDt136JYd2wevKFY0/lEwTAagdppJfAf5/mTnYLWB62w89d8cMgn2QAUxNx0ZHKNSokesasgRVKWcsASY74TO0K8/jq74eeZBgejsX9kbl4DQk5BPDECE0nE9usnCMLntlVJdLTKz6V2kDY3xXgcRL87mh3i+sjGpFv+sO2M6P0oa8o0SuOpRv5QkNrXqzQSphHvoOJshAe6f954B82nFHaiHnCz3D0KMijXGuLwmso3hjg4KXn+4zd2yKWGDdpP2BnDKL9AIJxiFrb82sU9B5I30NpF5S+bwGctsWCJ5QY6lmY38WfHC1K6pdHP4OHq4LUFfoYCB69806bMpALmdYTi8icIoWxJSWCWQ51aNaLvc4HZEcljwhLHJ+rse1L11dILazcRlUliL8hLW4opWDfnig4jMRAjp9Yls3YRz/EClYyS7yWyBGjovox6qBU5vBmotWUUJVG3Tm0IXzRpXKyiTEmUQTNbEbRzcyfgoMst6bEbZiB598Nw9OCriyGbsVrpyOdtwBxbuNGFuF2I/ElLk2Kp/bOPYL7yDaFvRK+Camcp6Pek6ndr1pFREO0ER2zjown3SjtcFky0SNOvipsVck=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oxoGYlDUB/+8f77bMQeI8Y1LYm5tlGnEF3LBNqC4YlkQEAHT/T44ZNvTxGLs+5QntKtuNWi4CRunJWaGoYmys9Dpcp2ZFBWEiSRaqfinh1dDW67poodrv4QgVUVr/UXkyraq2gtNCGEClRwWZOjnfWeG3Fgz8NR2aLFMlvmX55jr2YtvTzMLFV/IMmGZ3NkPLQGdTph91uY/mmqXIxD8J/ibRxmW9s0/cSwbo8HXw39eppgQff0owHa/fskRmf5/QV+qMFrZw3GXcaT+VMeT1X/a1l0jGxYw+q7g/czLEHICs2xmkPWYM2wXzoyBTojIEY/vFCPH3yiMVbW5CI/QBrJ7aSci1a5WTgMO4+X7lIbaaNg6HRHASGrtSxGwVekPqbkx7oJXWbV8UnXs4jTYsOCDqdbD4QvxQ8b/VVV7p3zXd0tT6K8XI4g3XpOhCJXRs9JAijVfMbov40mUUmg2D026/WS7p4i4nuGWWNYq4M78tmRAqxXfnXNW/aTsEeCrcmvjrvSbrEjPmomjH0fvvAkNwDrICJYSk2cGxDVRBEUiA8cKvxAEPlpgz1XhgWgbqXEUcyHU0Yem6TcCMoXQ88K4Ox3zN80oW3J3/Un+HlE9jMxRSALERjMa6ww7WOgVuia+9EDdyooVx0u/7qcIHHIe+b0ntFKMOXa15i4sRz8Va2jMG0R1YtilKJaN8jE/ah3aSTY4vyXPZPQqIrtTgRVozgJUoO5OP6bcQ5phuvAI2+O1SmN0JqRFkPyREtopUSaix9Sjtv3O+gcxOR5L3lW95if/HqwO/j4Tsu6rMv5jjQ8WHgJrs7hDujQnhVDVRVs28O47Do2yRQrkTyNfw/yh2UjO9Y02PTFBCaSEfuIGcYMg06AJkrAbgD8/VdIoiODHvg07vI5lflAorl+YjABoXRKdBloP+5b4BNozl8a91vAnL2yo2dN65AsTRdr3FTKC95vfNLC9p18TgV9M0O/sh/PKMEWTKNUZPqNe2dLBFfLV5+jg9VJQRBqwT+m4cSYzxmceC+4w65dzASYAARidcv16w2TJby2NvrhDrjPKfr68UWBwEEPXQaxZ9hoROhEaJcZo3qLI867xbWWR6H7cRQcO67GtwtKkRV+q9TQpNUDoFuXAdBGn0+DOqIFPHC4KHYbzKT01yx2xw03Kj3xAdJabrl4zhYmOF4iBIHKc+6t9glk56c26y2UQw+M4WiA3FQV9ZOgn6IsNIH+8nGBCjR+V6YfSDR0ExJNotybz4y1VYG0ugsyScjSZ3BTQlCUXJSrY3mjotxi2P1oZrokwEjWudkI7uyP63YTtnRtOgJAenmliFIY8uI2K7DHnvmQNB9+yaP4K+Bq/1Q9iWXpOs+8ZhsOVNpK/nIeZZrsilXZBC0UH8YsHCFi9z+qywOm3+NCw8nxnQOolbQ0su6i8DZTjRHjFcT9slqTshe9Dozt0Ej2jrsbHSzvqzh7xPNMCE/wKldPXUneQFyCjfCnFWsZJoOD6Oxp8rGfutVjvdlLQXg5jN8h3xPU63+MscyzuMxUByInIuxXPWg2hyRqoEG2A/OBAN5ZHFlnKSlA3hDwrIl4M0Tkj/lOeT2WXs3jxrNiT0hmowou3vbaWwQ==
Content-Type: multipart/alternative; boundary="_000_B9B41D946708491B85515D504B8D8339islandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b41b8c82-5348-4188-4184-08dc4abba704
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2024 22:01:40.1072 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VQte1uWaD2RkSpnxHEWuRevi630MxFXXYimBKCgKg0qpJ0udoUWvf7xxLs+ST8IbB3P0haYeBP+wof+KZOwJXw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR22MB4078
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/CVJyzYJRXmLhgb_amiC6J_EAq-I>
Subject: Re: [COSE] [jose] HPKE PartyU / PartyV
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 22:01:44 -0000

On Mar 22, 2024, at 6:44 AM, AJITOMI Daisuke <ajitomi@gmail.com> wrote:

Unfortunately, currently no algorithm that takes a key (as opposed to
giving a key) can protect the algorithm at next layer.

Ilari is talking about algorithms like AES Key Wrap, not what HPKE Seal() provides and not ECDSA.

I agree. The content_encryption_alg (next_alg) cannot be a countermeasure to the lamps attack on KAwKW(-29, etc.) and two-layer COSE-HPKE.

next_alg (or better content_encryption_algorithm can be used to protect COSE-HPKE and probably also protect -29 if applied correctly.

Of course, it is effective against the attack on direct KeyAgreement (-25, etc.) and I think it's much better than COSE_KDF_Context.

I believe what we should consider is only whether non-AEAD algs should be prohibited at layer0 or not.
I think it would be better to be prohibited if possible.

Daisuke, it looks to me that you are the only one that continues to argue this. Also, nothing you’ve said has created any doubts for me. Respectfully, I’m not going to respond to your arguments any more unless something very substantially changes.

LL

v2.23.0 | Report a Bug | By Email