Re: [COSE] Other things from COSE_KDF_Context
Orie Steele <orie@transmute.industries> Wed, 13 March 2024 20:21 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC86C14F6BA for <cose@ietfa.amsl.com>; Wed, 13 Mar 2024 13:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pvm1fi7hye0R for <cose@ietfa.amsl.com>; Wed, 13 Mar 2024 13:21:35 -0700 (PDT)
Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 033CBC14F697 for <cose@ietf.org>; Wed, 13 Mar 2024 13:21:34 -0700 (PDT)
Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-6e6b22af648so1124908b3a.0 for <cose@ietf.org>; Wed, 13 Mar 2024 13:21:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1710361294; x=1710966094; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=w/ju95PvmSOhLX4Ghu0+A/ElXxL57QzyQjvisDD8xEM=; b=EcTayYLnqplUxevALdo7NXsYGgRA38pbgopTaeNPYIsmCSNjMTMR0c7pOMSpQleMfz wAn51ER8ML64DYMagLvPc5JDQdREbYq2zlbg9VaHiRi+JX5CVjSgmuzcZBo6qeX8Iq/c N9HRYujUXVz1vD+Q91DQXb2LkO8cnBF7/bWmv8dzx4/3u/fAOzx72IzPhOH2hMCGhUAP pdXhoGg5g+mhlgMVdNLGSnVqob7DNB6TOOfRkcCyiQEgDgvqN/YDyYHMdt2aIi8H6H7K IjnWLH0gbAz2gYxF6AUN9i3wpW1Y3s2MP5qIzNJUY1iCQxdbmjiEw9OSG8BVcQSMkw85 5WFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710361294; x=1710966094; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w/ju95PvmSOhLX4Ghu0+A/ElXxL57QzyQjvisDD8xEM=; b=rOaEtV3cQAcM0jVtFaPZdCkErz1ZmXx/6XSuAqK8zGyGKvCxxkH8DDu/QHx5HVuFDi 9U0bXBOnEut371z9pg+IB9Fw2PFROfH6aNt9nRdti6LEDpkL/MzkToEJ1zmL2/eek+wu qtjrAlpoSu47YK5EzG7/dTnCUXfdye5zNmfox5KWF9bSJRBB55xx0gaLenvu7z0oHDQ0 4JnP1zjBC9+Al02STe03jNps/zguUQuTQ9OOlbtVYtx5QPFQ2qKcYg1nKOY50c63vQ1Q DTkauHhm7YlTgKxYYpO5gKU/XOpsdJOvm8Puh1rcMdsM5db1L/ZZVokjft45ESaT1/SS xTjw==
X-Gm-Message-State: AOJu0YzE2Cg/uipQenLbVfZP0unJH3Hv68CqnEXb7fOZfGJ3tmBHezXH wsp6AWyykk95HA6BG5JmLK6K/8orHFRUrJ2vMOatA3AEwiw99oNTEPwkoNuix0RuIz2QG76eCeG zT1GH1PDWXIEcK3X5w5ZFinnjhw/u5u/LTidBVQ==
X-Google-Smtp-Source: AGHT+IHAfGZ4sdwqO/nnLF43UCBvFUFnshxLX1fXo19IzICQFvH7QOiTup3SQwPd25q8TacGoTCHld8oceSSNy+q6QA=
X-Received: by 2002:a17:90a:4a04:b0:29a:a31d:695a with SMTP id e4-20020a17090a4a0400b0029aa31d695amr5074466pjh.1.1710361294027; Wed, 13 Mar 2024 13:21:34 -0700 (PDT)
MIME-Version: 1.0
References: <3654F1C8-1BF7-4645-B2D8-8CD6D27E187B@island-resort.com>
In-Reply-To: <3654F1C8-1BF7-4645-B2D8-8CD6D27E187B@island-resort.com>
From: Orie Steele <orie@transmute.industries>
Date: Wed, 13 Mar 2024 15:21:21 -0500
Message-ID: <CAN8C-_KwuOjUp6NhKOE5mthgUKdjDJkdskfJo6q5hg_81P3Ttg@mail.gmail.com>
To: "lgl island-resort.com" <lgl@island-resort.com>
Cc: cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e5f500613908598"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/rtSBaxnCNJn2VdVXFEUtuSGkbBQ>
Subject: Re: [COSE] Other things from COSE_KDF_Context
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2024 20:21:39 -0000
Seems there are 2 categories of information you are considering. Public information in the protected headers (top level and recipient level). Private information, that might be passed as external aad to the enc structure. I think it's a nice property of enc structure, that the extensibility of the protected headers, can be used for additional context. We might be concerned if that structure gets very large, and given we are talking about encryption it's also important to warn users about putting sensitive information in the protected headers. OS On Wed, Mar 13, 2024, 3:08 PM lgl island-resort.com <lgl@island-resort.com> wrote: > In getting rid of COSE_KDF_Context, it seems important to be sure we’re > not leaving anything useful or important out. > > Generally, it seems like we have a general mechanism by adding new header > parameters that can cover a lot because they end up in the Enc_structure > and then as input AAD to Seal(). > > In the side discussions at the San Francisco IETF (Russ, Hannes,…) I > recall consensus that COSE_KDF_Context.SuppPubInfo.other should be set to a > fixed app/use-case identifier like "Xxxx Firmware Encryption”. As part of > getting rid of COSE_KDF_Context for COSE-HPKE, we should provide an option > to do this. > > Seems like the usual two possibilities:: > - New header parameter, perhaps “Usecase Context”? > - Add it to Enc_structure (or the recently proposed Rec_structure) > > > RFC 9053 also allows the input of a salt into the KDF. That would not be > covered by a new header parameter that gets passed to Seal as AAD. I’m not > too worried about this for HPKE, because I think HPKE covers that > internally, but it might be retained for a replacement for -29. > > LL > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose >
- [COSE] Other things from COSE_KDF_Context lgl island-resort.com
- Re: [COSE] Other things from COSE_KDF_Context Orie Steele
- Re: [COSE] Other things from COSE_KDF_Context lgl island-resort.com