Re: [COSE] [jose] Call for Adoption: draft-ajitomi-cose-cose-key-jwk-hpke-kem
Ilari Liusvaara <ilariliusvaara@welho.com> Sun, 16 April 2023 15:47 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8AAC14E513 for <cose@ietfa.amsl.com>; Sun, 16 Apr 2023 08:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUDNRbRaf6UI for <cose@ietfa.amsl.com>; Sun, 16 Apr 2023 08:47:04 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2b.welho.com [83.102.41.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C571C14F749 for <cose@ietf.org>; Sun, 16 Apr 2023 08:47:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 3C6B73FE48 for <cose@ietf.org>; Sun, 16 Apr 2023 18:47:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id DFEVCqtGmZb2 for <cose@ietf.org>; Sun, 16 Apr 2023 18:47:00 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-94-129-82.rev.dnainternet.fi [87.94.129.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id CB0F772 for <cose@ietf.org>; Sun, 16 Apr 2023 18:46:59 +0300 (EEST)
Date: Sun, 16 Apr 2023 18:46:59 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: cose <cose@ietf.org>
Message-ID: <ZDwYc2vD4LNgX1GE@LK-Perkele-VII2.locald>
References: <CAN8C-_LrQoeN87SFsA8XN-9GJMQZOv9A1sc3MgWOk0EFmoHxKQ@mail.gmail.com> <9639F2AF-CF80-4C46-9936-E2D267647A4F@island-resort.com> <ZDkEW716XyikW1ah@LK-Perkele-VII2.locald> <CAN8C-_Jawc9OEROYdi+QhNtXbvKPQaLtL1+veCF0zVKFnUM00g@mail.gmail.com> <ZDmdwQqw5xg4FvHY@LK-Perkele-VII2.locald> <7357D0EA-F248-4042-B4E0-111DB306E988@island-resort.com> <CAN8C-_LfJmu2Qf1hV1W4iu8V4dyxEwo-_h8RVXPgyaRFDtPTCQ@mail.gmail.com> <ZDuDv6NVJ8exaXMj@LK-Perkele-VII2.locald> <CAFWvErWkOWTT28gxd43atkjVwMUcZw9Zi=MEodL_PFDiQFpueQ@mail.gmail.com> <CAN8C-_+=mT97rownLqFvKaWRBbmBHp+JMbVpFArBrB0C3zNqeA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAN8C-_+=mT97rownLqFvKaWRBbmBHp+JMbVpFArBrB0C3zNqeA@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/ajqBEfAAsXTe9Bex4uBjh3fbRr0>
Subject: Re: [COSE] [jose] Call for Adoption: draft-ajitomi-cose-cose-key-jwk-hpke-kem
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Apr 2023 15:47:09 -0000
On Sun, Apr 16, 2023 at 09:09:13AM -0500, Orie Steele wrote: > Inline: > > On Sun, Apr 16, 2023 at 7:06 AM AJITOMI Daisuke <ajitomi@gmail.com> wrote: > > The reasons why I proposed this draft as an independent specification > > separate from COSE-HPKE are as follows: > > > > a) I wanted to define not only COSE_Key but also JWK representation > > together for HPKE. This is the biggest reason. > > > > 8812 defined an "alg" and key representations for JWK and COSE Key in one > document. However, in this case, there are no "alg" values for JOSE. > > Regarding (a), for example, the key representation for secp256k1 has both > > JWK and COSE_Key formats defined (RFC8812), and the recent post-quantum key > > representation proposed by Mike Prorock also has both JWK and COSE_Key > > formats defined. > > Yes, I generated the current JWK / JWS test vectors for those drafts, the > first thing I did, was the key format... the second thing I did was the > envelope format for the signatures: > > https://github.com/mesur-io/post-quantum-signatures/blob/main/test-vectors/suites/dilithium-pqcrypto/jwk.js > https://github.com/mesur-io/post-quantum-signatures/blob/main/test-vectors/suites/dilithium-pqcrypto/jws.js > > When I implemented the signature interface, it took a JWK private key, not > a "raw dilithium 3 private key"... the thought process there was that it > should reject a key that had been restricted to a different algorithm... > > Meaning you can always ask for ES256K from a key restricted to EdDSA... but > that should error, before an expensive / sensitive operation is attempted. It should error even if key is not restricted, because the algorithm requested (ECDSA SHA-256) is incompatible with the key (Ed25519?). Then there is the case where ES256 is requested with ES256K key. The requested cryptographic operation makes perfect sense (ES256 and ES256K are the same cryptographic operation!), but spec says it is not allowed. > Same thing on the verify side: > The verify interface takes a public key in JWK format, not a "raw dilithium > 3 public key". > You can try to verify ES256K with a key restricted to EdDSA... that should > also error, before an expensive / sensitive operation is attempted. Again, it should error even without restriction because algorithm requested is incompatible with the key. But then there is the ES256 with ES256K key. Specification says it should error, but the cryptographic operation makes perfect sense. > It is natural to ask for an operation from a key that is restricted to a > single algorithm, this won't always be the case, since "alg" is optional, > but it should be well supported for developers who want to build safer APIs. Back when I did some sketching on writing COSE/JOSE library, symmetric keys having no indication what algorithm those are for was quite nasty rat's nest. The asymmetric stuff was much more pleasant, even with stuff like dual-purpose ECDH/ECDSA keys. > If we follow recent conventions, it would be better to define both COSE_Key > > and JWK representations together, don't you think? As I also mentioned in > > the slides for IETF116, in the EUDCC (EU Digital COVID Certificate) where > > COSE has been adopted, the public keys for signature verification were > > distributed in JWK format. JWK format is also useful for COSE. > > > > > Yes, I agree they should be done together, see RFC 8812. > > I disagree that they should be done separate from "alg", here is a short > list of RFCs that define both "alg" and "kty" / "crv" together: > > - https://www.rfc-editor.org/rfc/rfc8812 > - https://www.rfc-editor.org/rfc/rfc8037 > - https://www.rfc-editor.org/rfc/rfc8152.html However, none of those faced a case where JWK was defined for something not usable in JOSE. > > If it is concluded that JWK should not be defined together, and that the > > definition of key representation should be limited to the HPKE Base mode, > > and that other HPKE modes should not be defined at this point, then it may > > indeed be better to merge this draft into the COSE-HPKE spec. On the other > > hand, if there is room for discussion on these issues, I think it would be > > appropriate to consider it as an independent draft currently. We can merge > > it into the COSE-HPKE spec at any time. What do you think? > > > > > I think you should continue working on it as an I-D, find co-authors, > implement library support for it, confirm your representations align with > previous libraries, and conventions their uses will assume, and continue to > press COSE HPKE to integrate reasonable key representation into the same > document that discussed "senders" and "recipients" and assumed "they have > already obtained each other's keys" : ) I don't think the key representation has to make any sense outside COSE-HPKE (but practically it will do so), so only libraries implementing COSE-HPKE are relevant. And having written COSE-HPKE implementation, the key representation and negotiation stuff definitely should not be intermingled. The parts of code that deal with the two are very different. Right now that library operates with pure key representation (with hacky encoding), it does not do negotiation at all. > I recommend reviewing the experience provided here: > > - > https://github.com/panva/jose/blob/a505724d72705b8bfab8026af45678b2a5534bf4/docs/classes/jwe_general_encrypt.GeneralEncrypt.md > - https://github.com/potatosalad/erlang-jose > - https://docs.authlib.org/en/latest/jose/jwe.html > - https://github.com/cisco/cjose/blob/master/src/jwe.c > - https://github.com/digitalbazaar/minimal-cipher Is anything there relevant? All those look to be JWE stuff. COSE-HPKE works quite differently from any existing JWE stuff. > You might also look at previous related drafts: > > - https://datatracker.ietf.org/doc/html/draft-madden-jose-ecdh-1pu-04 That does not look like it hits the truly nasty cases. -Ilari
- [COSE] Call for Adoption: draft-ajitomi-cose-cose… Ivaylo Petrov
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Hannes Tschofenig
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Mike Prorock
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Laurence Lundblade
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Laurence Lundblade
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Ilari Liusvaara
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Laurence Lundblade
- Re: [COSE] Call for Adoption: draft-ajitomi-cose-… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Orie Steele
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [EXT] Re: [jose] Call for Adoption: dr… Blumenthal, Uri - 0553 - MITLL
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Hannes Tschofenig
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… AJITOMI Daisuke
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Laurence Lundblade
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara
- Re: [COSE] [jose] Call for Adoption: draft-ajitom… Ilari Liusvaara