Re: [COSE] [jose] HPKE PartyU / PartyV
Orie Steele <orie@transmute.industries> Sun, 24 March 2024 22:49 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7C5C14F6B4 for <cose@ietfa.amsl.com>; Sun, 24 Mar 2024 15:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2G6O2mMEQ7lj for <cose@ietfa.amsl.com>; Sun, 24 Mar 2024 15:49:52 -0700 (PDT)
Received: from mail-oo1-xc34.google.com (mail-oo1-xc34.google.com [IPv6:2607:f8b0:4864:20::c34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BE95C14F6A4 for <cose@ietf.org>; Sun, 24 Mar 2024 15:49:51 -0700 (PDT)
Received: by mail-oo1-xc34.google.com with SMTP id 006d021491bc7-5a47cecb98bso2333287eaf.0 for <cose@ietf.org>; Sun, 24 Mar 2024 15:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1711320590; x=1711925390; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9Lb8+mZQ+k7vErMXaonXSwDJESxsLylktLK5e3U7qns=; b=kP2kxTpTCeFOVaOk4Cvys5lj1QKDBqfkIkK3R0Ljdlrn9uHjgiTSuqHxu9a8kzhKSg 5+6Np1nrl1e+0+AfaoXOXPtZ+beOVw2ET6i+cl4FC5YNzWZtqTLK25BJga0cRU/5rytl OemealL65r5JN9XSeJAtyrjZCnzKS/RM0Kas9GteRE1oT7EhnkjvSu25ICXuIKmh69lW MgDl1iaQpsDWzoAAcvROUafkO7ABJ3C/sdjKt46ZE/D2/zXRZjseEgkeW5DOsJxkgjy3 B/PeyQx3EoB6YvC/AyvWnTmr4QUJyo3Q0ZNJCRPDHYhLMpisw2jRzBm9/Chgkosufa2z w6cA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711320590; x=1711925390; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9Lb8+mZQ+k7vErMXaonXSwDJESxsLylktLK5e3U7qns=; b=FKd0wfpTvQyJLQYyKsewHWLQ9MrG/otJ/ht1BzQgbZwbPG4U+aqN9jPPKyJu6ThRh4 pwbh7o0ZdZb2A63/GaeEHy2xKuep2BTYp7gyWnLNdrsL8kQYs3TdMMhGoOct/3QeP7b6 kk62BrTU4Ew3pRF9OCo8jqF7eBdkcyEE67XBBvTVFxEubWojLejTkCi0IgAhITZ42F+c Plap/XPIgMPMb3zZbI5Zl7xLGV2ScG5mu1+kf/yAOiWcvQlOazZHROROA1N+E+PvN1qD xG5JZX+Ma0RGMj+Nl4rHJ3Myl220//pxy4lrS0v8tOsl+WKL27NvihY5Hv6lKZ60TuTK 8GVQ==
X-Forwarded-Encrypted: i=1; AJvYcCUMNZehuqapwOjOz/RUPRvuMTa7872ibiKDLdRjECT6hObp+sKvC+YlX+RRUR4580zjD3B3p45gu7NWcCSg
X-Gm-Message-State: AOJu0YxYdorOoFTjIPA7bxM3WicjqfWEcFK2kQkRC2LaxFQXhKc5Zbrr rSGL6uwWSmjF9sZ8chBynlulX/An3m/XE+LusG+llfwJ1ltt6LVXgLbXfGb1AJamojKwBOo3ALD qp8INTbvY3iJpprdpX3rcpb8bGxRMONb/OrmZiQ==
X-Google-Smtp-Source: AGHT+IFBQjmRZK4HbLUIo/8lOlVpWGXfCaIAaoGYcSFXRDEpK1iXNl0kTbI4cf/R4iKjTw8GJKEty5O4Ij0J27+Blb4=
X-Received: by 2002:a05:6358:785:b0:17e:c5b9:5f6d with SMTP id n5-20020a056358078500b0017ec5b95f6dmr6435349rwj.14.1711320590424; Sun, 24 Mar 2024 15:49:50 -0700 (PDT)
MIME-Version: 1.0
References: <A1D2BF92-68FE-4E67-A420-D19D55AD6C99@island-resort.com> <CAFWvErWo11A--1Nkkv8p7JkF+xCPD66hVxJa8CTU+nO74cbCrA@mail.gmail.com> <2FC023C9-9091-4C9C-A2C7-350945C04B23@island-resort.com> <CAN8C-_KgZmFMkg_GsF0YgzgS+jCJKWAOZdytZKVwgbirrDUc_Q@mail.gmail.com> <Zf1jjGx2ZimgRqAD@LK-Perkele-VII2.locald> <CAFWvErVR6CSTd6bxRyTXWpib3jyjOWwdvDnprBOwPSed8GSDVA@mail.gmail.com> <B9B41D94-6708-491B-8551-5D504B8D8339@island-resort.com> <CAFWvErWKs0gzfvPymsOGfQXjMuAQRUJNaodvVfAbUWiwbuNMwg@mail.gmail.com> <Zf8N0hhwhhFJuFlI@LK-Perkele-VII2.locald> <AF75EFD3-F7FF-4F64-830F-E69B1C250335@island-resort.com> <Zf_3ssDYfnEh1qIW@LK-Perkele-VII2.locald> <2EA56DC2-D0B4-4BCA-9149-0C348B16E4D0@island-resort.com>
In-Reply-To: <2EA56DC2-D0B4-4BCA-9149-0C348B16E4D0@island-resort.com>
From: Orie Steele <orie@transmute.industries>
Date: Sun, 24 Mar 2024 17:49:37 -0500
Message-ID: <CAN8C-_K4ndbbOUg6JShf5psgLwjJdAPnXsVTKVPvjGUenBEX4A@mail.gmail.com>
To: "lgl island-resort.com" <lgl@island-resort.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e3c07d06146fdf33"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/W8yJ5UVB4mViJw_1oUAtU8_EUl0>
Subject: Re: [COSE] [jose] HPKE PartyU / PartyV
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2024 22:49:56 -0000
Essentially, every case where we use COSE KDF context to derive a key that does not commit to the content encryption algorithm, we would need to use a new context that did commit to the content encryption algorithm, and we would want to deprecate all the algorithms that were vulnerable to the cross mode attack at the same time. We might as well fully specify the new entries at that rate as well. ECDH-ES+A128KW+A128GCM ECDH-ES+HKDF-256+A128GCM Or fully specified: ECDH-ES-P384+A128KW+A128GCM ECDH-ES-P384+HKDF-256+A128GCM That's a lot of work, and certainly belongs in a separate draft, which I would be happy to review, but probably don't have time to author at this point. OS On Sun, Mar 24, 2024, 4:10 PM lgl island-resort.com <lgl@island-resort.com> wrote: > > > On Mar 24, 2024, at 2:51 AM, Ilari Liusvaara <ilariliusvaara@welho.com> > wrote: > > > > On Sat, Mar 23, 2024 at 08:37:58PM +0000, lgl island-resort.com wrote: > >> > >> On Mar 23, 2024, at 10:13 AM, Ilari Liusvaara <ilariliusvaara@welho.com> > wrote: > >> > >> _If_ key management algorithm is aad-capable, adding next_alg to aad is > >> an easy way to make decryption fail if attacker alters algorithms. > >> > >> COSE -25 and for COSE-HPKE key management is aad-capable. With a > >> little extra work I think content_encryption_algorithm (formerly > >> next_alg) can work for COSE -29. > > > > Sure -29 can be hacked to work. And fully-specified-encryption would > > redo it anyway. The main problem is Key Wrap and Key Transport. > > > > And next_alg and content_encryption_algorithm are not the same thing. > > next_alg is the algorithm with what the unwrapped key will be used with, > > while content_encryption_algorithm can be something else if there is > > intermediate step (even if I do not know why anyone would do that). > > My thought is that content_encryption_algorithm is the COSE algorithm ID > for the next *COSE* layer. > > > >> I’m starting to think about a new draft to define the -29 replacement. > >> Probably not a large document. It would not use COSE_KDF_Context. It > >> would use a new Enc_structure with content_encryption_algorithm. > > > > There should still be something close to COSE_KDF_Context, because it > > is driven by ECDH (or KEM), and thus there should be KDF step. > > > > > >> It could define a -25 replacement too, one without COSE_KDF_Context. > > > > Uh, the whole purpose of -25 is to have ECDH driving a KDF. > > Yes, still must have a KDF and section 5.1 applies, but the “info” or > "context information” input to the KDF would be a Recipient_structure like > that proposed by Ori, not the COSE_KDF_Context from section 5.2. > > LL > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose >
- Re: [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Neil Madden
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV Orie Steele
- Re: [COSE] [jose] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV lgl island-resort.com
- Re: [COSE] [jose] HPKE PartyU / PartyV AJITOMI Daisuke