IETF Logo Mail Archive

Re: [COSE] HPKE for COSE

Göran Selander <goran.selander@ericsson.com> Mon, 08 November 2021 13:39 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDA253A0418 for <cose@ietfa.amsl.com>; Mon, 8 Nov 2021 05:39:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYTZoELO2-Ls for <cose@ietfa.amsl.com>; Mon, 8 Nov 2021 05:39:37 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130075.outbound.protection.outlook.com [40.107.13.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 599853A045B for <cose@ietf.org>; Mon, 8 Nov 2021 05:39:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hxHINsiBFWhU8RIJMFB+c/1FdooVtSoWXyScLGrIFoXMapMa9aN6i1xIhg/IpZd7cgzaDuFvuc+w05uEK0GoYUVvrlsPlJU/LDWv0ZIpid3A3/S1u4EuKCiAC4clT7O8e2SWWWjOUglhoCFrGlvjeHtbiO8a9Y0IIxP7W03WxXM00BOTCB3rFZWsdG671RwnV8NP0Mpp/wacKkpl6QRyUwDIFOG02a9tH4mar+qXCRB4slS0+V7pQlhZvo9wEfe96niM4U3I0VeG9O6O2Gq0ZKxEI4FdcPHuaoHN3qCrciBCoEOlXmwnuXj4JZG8kqj9hjqRjclwFCSKQZOGRo0ACA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nUU22r3teTA/sM5pUuVCZeSporSewFmLW7Idy71wNwk=; b=CVBjGdkuz5AKnobsjEYL9yCCtKVOH/AD9+bbv56dgSZfMpf/mVaeEtkzaWzPPZNFlGbiXJoBD2D1HbHHka34X+PTpKSaGOQQGfISwUHuw/tG5KfmdyehZhNLPIzLM4gjwFYpnaYerqdqcVOK0YsBoiyg4LuzqplkLd/8Qn/wfNpqzWUsLANBiqANq9/WcxcYOehllGzfuWVFF8UbEqxbipKFtbQ4QUbgHpS5qaT+Ey3JOjV+HX4wF681IM8zrD7O31wVXxLxwEq+wlVLTRw2J6Y4NZSkleSm3DRqwoEDK6QRVxjRkGc5fiWKjstncXdADw87twiTWFxrQL1DIojo3A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nUU22r3teTA/sM5pUuVCZeSporSewFmLW7Idy71wNwk=; b=NbcEUJuNLakOtkctYVIa5X5ymiVDYC0+zfrCxx1eJSMRYEEplGvmX4KHgqPqOIO6MVZU5ARPo5g/9D05QPGMAwWYYIhg6aw2fBs8eTInF+el4rCPGrsMSCWTOsdSGOCeRLYN4P4fbU5H2SaK9RL5B2BVplFJ7YaY794V1ASD5bc=
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com (2603:10a6:200:45::6) by AM0PR0702MB3650.eurprd07.prod.outlook.com (2603:10a6:208:25::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.4; Mon, 8 Nov 2021 13:39:33 +0000
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7dea:b76c:191:ec29]) by AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7dea:b76c:191:ec29%11]) with mapi id 15.20.4690.015; Mon, 8 Nov 2021 13:39:33 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "cose@ietf.org" <cose@ietf.org>
CC: Brendan Moran <Brendan.Moran@arm.com>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [COSE] HPKE for COSE
Thread-Index: AdfJvsgM1P5wKWwXQ4CRl8DwV1JUFQAApPEQAYrCkFgBLQt4Kg==
Date: Mon, 08 Nov 2021 13:39:33 +0000
Message-ID: <AM4PR0701MB2195C9BB30275AFFFF9CB51AF4919@AM4PR0701MB2195.eurprd07.prod.outlook.com>
References: <DBBPR08MB5915B4E831131EA80932F286FA839@DBBPR08MB5915.eurprd08.prod.outlook.com> <DBBPR08MB59156826A497D1E84B51EB16FA839@DBBPR08MB5915.eurprd08.prod.outlook.com> <HE1PR0701MB3050DE68A909BD0D94F596C6898B9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050DE68A909BD0D94F596C6898B9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c208bb1-a1b9-4c4f-4c0c-08d9a2bd32e4
x-ms-traffictypediagnostic: AM0PR0702MB3650:
x-microsoft-antispam-prvs: <AM0PR0702MB3650C8E2857D8678F3074EF7F4919@AM0PR0702MB3650.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2w/+2/O/Vl60gouNCqgrVBvk8jeZNk9mBiFTydWu8zEQB0zJCHodpTBp34cKNdOqedrLkvAM9ATtavJKvtqaMvjAw9MpnQUPCR9hodbvMrI+Vl6Veo+hepBzuM/nKKsDML7pR1tPk5y7U1XjbhLWbr0TUS21ZvplD63YDIQexOhKDx5SWs0FInHQBsIGTEkuYGXYBm0A2dv7ycDIiYpAhQ1rXllB2pb1uicWIjQ1Th2NdJrhaZnlbYCBjXGY7JpWmYaPs4l97Izcchjluv8BCTmGBA2HWQ0YW900kP0PN0xJS5H9mwgc6vfv/Wz3jmPZwRq1dpsPR5Nx0ii6FG0RaMN4F6COKRMYAKttkKrR2+leZ5uYkt5YiPhMpn0ZE4PrUB75PQuDDuFzuGMAI7gUpiF+lkHbCKrsW7Z7yFY9siZptUJiO3Wdn6hqwqHyqM8BmDTTaEqYVtiBcmoEH+K6KIonOoRYlre2hSfi03gqvSob3iNuaKGj8iWsKOQRw9B3HnOaeL2rQoEdWYiGQJSfXrD2/RIdYyofQ3VulcHb2m3oGaMqYmUqJxiXw+9RbtSiNJBbQlni/o9c7Xw5lpfeX2SASQPWOLBqqH2Ut7xsAhZFLRpVygL11ppQZ5u1L1z3q/U+GfXrhQPMRGxKpt1QOLhfwk2ojbtAUaWFx4Mh7hdSTGFMZsc27O23olpuqvlw0uMixQiQZhPJuSXEW4KBzNTabwJDAQyldIIh5uPMKfil+I48d9q2JM/tAq09T7795MkJiegImBC5QNhOele9A24dJNtW99riQmvIlZ0869V1Wdpz1VL7Riqg/v1hbqpzNDYDvf6GfaxSvtpWsFjywQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM4PR0701MB2195.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(66556008)(55016002)(82960400001)(186003)(66946007)(52536014)(508600001)(38100700002)(66574015)(316002)(66476007)(9686003)(54906003)(110136005)(122000001)(4326008)(64756008)(26005)(91956017)(66446008)(8936002)(8676002)(76116006)(83380400001)(53546011)(7696005)(33656002)(966005)(6506007)(5660300002)(38070700005)(166002)(71200400001)(2906002)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ar499ZrZG+62KSAP+g3zZkINo6OmraBfExGEvCVrdi40TKGUpeUaLtUE78PK7Z2uuFKeBgy8QFYRKHEoD/dodhiVOMyNJplvarNtkBoKDk2eCpAGdNVnhb+fT23pdC9OOj/M8sU7Ewb3uumhjcK8t0170SyG8El08loM2PPltCp8Mp4onu6xLqGStPgxzmlncHeWS2yVqytxDwi54vOEFvUrNtrj5zQ2bYDDbtGO2SZEdF45qSH4Nt8OCVrYqjl51+zwvcxPl3H0HcN0/nuqv1ED9IjZsDI+Q4gjHJNfwW60I/lHX41/dcUVKG64AVsfgqYj+aE4BQPNpSMPBy76FA5J1SXgtCsK7qgh8JWOrUWaNkRrlyn4BNh1CxlH4Mt4rOY0fdNUP0NlZbCeOKE2aFqPQeVSbSW7dpGe2RvZZZgYu0yfPJ9mzFh5b4bu/3C0AHA9hNzjfi3PnkiY6zbPZwpSUQNoM8L4FHM+evAjP3YpZRqa4FkJ+RpGdCJeXdm7ugSvBHHZ5ydzEt9/saWx2LXOG/D1oaOkzwWHdc11L6dOhnixTGUDMcbN44v5byYbP+XSI17BXvA46GR7xna7QmzDXSg59nuT9l2np9clevYfaH0YR0xh1EaFmA/OH/uE0yvjROyfcYN1XpWfuI23Hg9WMCpkDoF+f0IXKXfKkRx+8d6LxgFeYH0oEXfh6N2FEI7+nFT/Hte6lYVzm6gr4M/ux1SaXi/BBvjuNwDYZCsyM33er6B8iYl7kibetuEMdXTiiQSdDdbF+SAHl+T0QRkr5/wcKKosCZIRI8BUtlp8tPKZJFfjVlDxbat6jlNIUoDxgMBdxkGxYtIVsoJ4fAoJ3cIfAvzd9KlXBvDmKEBPeqa8/MUwFIB48R+8aXkvbiE4O7UK1BOVVUpmuGYLfRvv84PUhwf+tuvBnq+Yc3bXBoATnxXv9yx70/jkfdGU9gU4aDaqXRc/R4UpGYnyXRjOZQMBP3krZ5YRTRGkSFav51DL57pWtYE9zVbjeqp6obQbvQhUDoND1ovDceJjTf9lXRWDE+tg7Vxnx4JFplC4BzFk0X6vRS4oRjMulwDKHCs3P/AfZdxjY2BebrJ6lMlQIFiWsHr2bpFXAVNKmy6HY45bYepZqAZhAuxQ2MAICnKnCG1Rbc9xiyVyfLEfHrzZpVsAG1/i2670DwTkgqfKcK5xwA0++T8QslX/l+uXDbGZcMbKPI+AwKvrFzlmD7Dv61JM0s8arhw+0aVbT7x2yRShh6QzF7nkneS0Usuh038qv1S76Jjo2xSXda2YdYebvttTXSTj9YEmAybkfq37dDXEcHd5QpUL/7B9IC0w8yvYZ3NPZvrp1yXgWNU3OcDTRXqcafEQk0HOLXku5DT7yWDkZCvLU8wTz8/Z1BsiWL+phUezH+7d6udDePkEvOuMdsyssTJIjuUoOg5PnvoZn9989ip51uOCiMox3wd78QvC3R9qJ0/mKO08p1FDcqasIlPU+0NfL9DE4IGp5hugl2t4tHCaKFbQ7b9ct508mcjPVVPPfaFNtu0SBS3uhH6d6CfA82hK0FoVWX3wSWLWKNy0WzNiPJeRmSjdwV+a0BN8mIacUqilhgSWauucApPGfwA/70HwtuzYc5tg0jWC+Jxb4FSrfwzXYV6TAr2m8+ikITmGJyU0reoF4MFjc02m1IG9SdpjL4op2/toirE=
Content-Type: multipart/alternative; boundary="_000_AM4PR0701MB2195C9BB30275AFFFF9CB51AF4919AM4PR0701MB2195_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM4PR0701MB2195.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c208bb1-a1b9-4c4f-4c0c-08d9a2bd32e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2021 13:39:33.5137 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YBVVBBrDgVa1UkawITYMSbSj+HA5ye/8FKpHcwRWyMOeAr/rbVhJBQKAq6DDRXfvpsM941nY84YbXgM+K0oxG+hk8lrp7kVh1/V07TQczLA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3650
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/EM_2QBS7mtSrTmG_-rfmylbmMBc>
Subject: Re: [COSE] HPKE for COSE
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 13:39:43 -0000

Hi Hannes,

Just on the IANA registration. Could we reuse the KEM IDs defined in HPKE [1], but encoded as CBOR int, and just add an indication that it is an HPKE algorithm?
We could e.g. define a COSE Header Parameter (say 'hpke-alg'; label 11) signifying that this is an HPKE algorithm, in which case e.g. {11 : 17} would indicate DHKEM(P-384, HKDF-SHA384).

Potentially we could also like to assign a reserved value to the COSE Header Parameter 'alg' (say -48) to indicate HPKE, in which case {1 : -48} would indicate "this is an HPKE algorithm".

Göran

[1] https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke-12#section-7.1

From: COSE <cose-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Date: Tuesday, 2 November 2021 at 14:27
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, cose@ietf.org <cose@ietf.org>
Cc: Russ Housley <housley@vigilsec.com>, Brendan Moran <Brendan.Moran@arm.com>
Subject: Re: [COSE] HPKE for COSE
Hi Hannes,

- I am positive, I am very fond of HPKE in general, but I think the draft fails to answer the question why. Why is this useful for COSE? What is the benefit compared to using the currently defined Ephemeral-Static algorithms in COSE?

- Are the CEK and the layer 1 needed? Layer 1 and 2 are two layers of key encapsulation on top of each other. Why not use the the KEM shared secret directly in COSE_Encrypt?

- Is the intention to reuse Encap(pkR) several times? If you want to reuse the same encapsulation several times it might be better to use the salt parameter in HPKE or the IV parameter in COSE_Encrypt. The requirements on these parameters would be much lower than on the CEKs that have very randomness requirements.

- The IANA registration follow directly from the HPKE draft. Can we do something smarter here so that any registered HPKE KEM can be used in COSE? There are already new more ligthweight KEMs suggested that might be a better fit for COSE. We can also expect registrations of all of the NIST PQC KEMs.
https://datatracker.ietf.org/doc/draft-harkins-cfrg-dnhpke/

- Editorial. I would suggest the following changes:

OLD "defined in RFC 2630 [RFC2630]"
NEW "defined in CMS [RFC2630]"

Cheers,
John

From: COSE <cose-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Monday, 25 October 2021 at 18:58
To: cose@ietf.org <cose@ietf.org>
Cc: Russ Housley <housley@vigilsec.com>, Brendan Moran <Brendan.Moran@arm.com>
Subject: [COSE] HPKE for COSE
Hi all,

We have just submitted the initial version of hybrid public key encryption (HPKE) for COSE with draft-tschofenig-cose-hpke-00

This document was produced based on a discussion in the SUIT working group where we use HPKE for firmware encryption. The believe is that HPKE can be a more generic mechanism useful for other applications beyond SUIT.

We would like to have an agenda slot at the next meeting to introduce this work to the group.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email