IETF Logo Mail Archive

Re: [COSE] COSE ciphersuite list in draft-ietf-cose-hpke-07

Orie Steele <orie@transmute.industries> Tue, 07 November 2023 13:44 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8635FC16F3F6 for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 05:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJogiAL9poJC for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 05:44:11 -0800 (PST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5699C1FB860 for <cose@ietf.org>; Tue, 7 Nov 2023 05:44:11 -0800 (PST)
Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-5bdbe2de25fso529864a12.3 for <cose@ietf.org>; Tue, 07 Nov 2023 05:44:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1699364651; x=1699969451; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gGhIKu+NI5XramyD99pWBfWd7+geZECxfKCLVm5QJaU=; b=US89/pH15GYK8XjpDCdMawqWAEza8D5TyeJUI41fyYyHBrlHc5uoxlD0HLQZApC4uU 24Ts4ccqmNBpoJU3HqjZiAkgac/qahRk2O516XH3gqi3jq1X9GW49n8elYHvgpqV95nY kK1Z4ZQjJ+TKcobeDCajPhvDnYdhwzrVQHs2FHICK71TlxljKT6rnSiUsX3hjd9e1ghq EtRXDupoxNO9fqU6ybMyPgIQ/x6KtMTop1JzvlW6X/FbWUAnPWO7uteot6QWNnnjxzfi GMEgC/ssHyf/PkRk+00G/W6aTw/rNtehzwatNzZrhapbhMgj3ZKliWFDMz3XlRgmDh0K R8GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699364651; x=1699969451; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gGhIKu+NI5XramyD99pWBfWd7+geZECxfKCLVm5QJaU=; b=PUaTwtZNmqTf/Znx3qKcDqHEB2DLj2XDapfQzWJb7DTZooFTViApA7YCcHJ2ho3jBa 82F+cLgKEtB9SEkote3hPFnqa6WYaYWugOflv8TbbW+93yL70yp9IHvZkEtm6WI4/ZRL Ea38BFMO/o52NIKvBzE9p1GOI1M8GzBeCinrBlSPNzpmCQc2QfWeoxK78XX8We03Qk2o 4xbdDfgLR8BPBtZD9cDfr3k7Vg31gUN0GD6eoQVnj9NoNBUKRD+FgcMfapdcLV2xlNmD r3R+xPFMonKKV+CUHmyjEkI6FHUaZkx/sJLE8oBnUm97NxNQcM22HLdxWzvmdIoNrkqk 8bvQ==
X-Gm-Message-State: AOJu0YyKS51c4YtSi96xdns/iv6xErJlYHIvE02SFQLKCQIf65FYXfW0 QYeh4NRrt1g2nGC8sRXfHx9QYq9LFStp3jo/k7gBMg5Q9UJk7E2MRyY=
X-Google-Smtp-Source: AGHT+IFvsEQesXz6LwpaKQMalYihWjlwxqQYW3n8iRA6faB47A8hGqxhxMfop85smq7nXHkK4HDU945WqA3qdxF1pqs=
X-Received: by 2002:a17:90b:4f91:b0:27d:3f0c:f087 with SMTP id qe17-20020a17090b4f9100b0027d3f0cf087mr31186254pjb.25.1699364650687; Tue, 07 Nov 2023 05:44:10 -0800 (PST)
MIME-Version: 1.0
References: <CACW8--OsQNAhEJ7Cbe8vd5LfSD+Y6n2mQVh-TAfuupi5uVdujw@mail.gmail.com>
In-Reply-To: <CACW8--OsQNAhEJ7Cbe8vd5LfSD+Y6n2mQVh-TAfuupi5uVdujw@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 07 Nov 2023 14:44:00 +0100
Message-ID: <CAN8C-_+og5pd0JTO64UYgkq1ZFCrVYG39LujCZ79eNMnDGzFyg@mail.gmail.com>
To: Rohan Mahy <rohan.mahy=40wire.com@dmarc.ietf.org>
Cc: cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005933570609902a61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/ymtBMHhKd1TiTcbpnIF8U-w7d7k>
Subject: Re: [COSE] COSE ciphersuite list in draft-ietf-cose-hpke-07
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2023 13:44:15 -0000

Thanks for the review!

I'm really supportive of getting a structure that can support hybrid kem,
but I feel we can get there faster without adding the key type or alg
points for stuff that has not yet settled in the HPKE registry fully.

Smaller documents are easier to review and faster to finish.

I am strongly supportive of only registering things in this draft that
people really want to use, and that are being used successfully elsewhere.

It seems that there is a general desire to have:

1. NIST / not NIST
2. Traditional / Hybrid
3. Low / Mid / High security params.

I would recommend we still try to keep the first set of registrations
minimal.

The only thing I feel sorta strongly about, is not waiting for hybrid, to
publish the envelope format.

Regards,

OS







On Tue, Nov 7, 2023, 2:01 PM Rohan Mahy <rohan.mahy=
40wire.com@dmarc.ietf.org> wrote:

> Hi,
>
> Regarding the list of ciphersuites in draft-ietf-cose-hpke-07:
>
> The MLS working group observed that most people who are interested in
> using ChaChaPoly instead of AES are not interested in running NIST Curves
> either.
>
> I'll also observe that the interest in the CP NIST curves is currently
> unproven and that these COSE ciphersuites could be easily added later.
>
> I would like to include the X25519/Kyber768 KEM with AES and ChaChaPoly,
> but these could also be included later. There is substantial interest in
> using a hybrid KEM to prevent harvest-now/decrypt-later attacks. However, a
> desire to publish this spec sooner would be a perfectly reasonable
> justification to leave these ciphersuite out.
>
> Concretely, I would propose the following COSE HPKE ciphersuites:
>
> HPKE-Base-P256-SHA256-AES128GCM
> HPKE-Base-P384-SHA384-AES256GCM
> HPKE-Base-P521-SHA512-AES256GCM
> HPKE-Base-X25519-SHA256-AES128GCM
> HPKE-Base-X25519-SHA256-ChaCha20Poly1305
> HPKE-Base-X448-SHA512-AES256GCM
> HPKE-Base-X448-SHA512-ChaCha20Poly1305
> HPKE-Base-X25519Kyber768-SHA256-AES256GCM
> HPKE-Base-X25519Kyber768-SHA256-ChaCha20Poly1305
>
> Thanks,
> -rohan
>
>
> *Rohan Mahy  *l  Vice President Engineering, Architecture
>
> Chat: @rohan_wire on Wire
>
>
>
> Wire <https://wire.com/en/download/> - Secure team messaging.
>
> *Zeta Project Germany GmbH  *l  Rosenthaler Straße 40,
> <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g>10178
> Berlin,
> <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g>
> Germany
> <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g>
>
> Geschäftsführer/Managing Director: Christian Salza
>
> HRB 149847 beim Handelsregister Charlottenburg, Berlin
>
> VAT-ID DE288748675
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>

v2.23.0 | Report a Bug | By Email