[hpke] AD comments on draft-ietf-hpke-hpke
Deb Cooley <debcooley1@gmail.com> Sat, 25 April 2026 12:31 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: hpke@mail2.ietf.org
Delivered-To: hpke@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 907BBE2EE9C4 for <hpke@mail2.ietf.org>; Sat, 25 Apr 2026 05:31:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777120275; bh=shzcTb1YKfmaCwpyyiq2w/n7WmXP4bymqIetomokAIs=; h=From:Date:Subject:To:Cc; b=n3WpcVi73ea5P20Ru//wbBTeyhBK5pDzE0k7r3JBLopkp0PUr0u8RxnWPKIUMSKtz cESabZ0D/u5XWixJaFoOIHqhQLCUwaMABRzqCDyLvfXp9UPbToQZd/mjCCtthTG6Po hlPo8shiBrCRqBaDseIKNIi6RG7RUZ3inaetbyMY=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HBBPq_khSRO for <hpke@mail2.ietf.org>; Sat, 25 Apr 2026 05:31:15 -0700 (PDT)
Received: from mail-dy1-x1332.google.com (mail-dy1-x1332.google.com [IPv6:2607:f8b0:4864:20::1332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 15259E2EE93C for <hpke@ietf.org>; Sat, 25 Apr 2026 05:31:01 -0700 (PDT)
Received: by mail-dy1-x1332.google.com with SMTP id 5a478bee46e88-2b4520f6b32so12221333eec.0 for <hpke@ietf.org>; Sat, 25 Apr 2026 05:31:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1777120260; cv=none; d=google.com; s=arc-20240605; b=Lp+MXcGsT3ReWps7PIXZZ5ogJHkw/Tf5nflaEpdaMKePS68wvLeu44b67hFKBWb4hd pUXepYOheZbTiLuJes0zy0l6ZBUXWz4Ixx5ISjVW3+3Z6T4Gnu2/6/zIbhLvyv5y4KbK 8zbKj8cNYh7B2OaotxeOB5QAMMoCY9UlP5gBIn9BQC6rtIi4Rt0QvKL/k1x72vll4Qv6 TKkFR9NqDcA6iIEBG225XsFJQ4b6CHUvMW1QqwZHxi231IapQJf2BB27M00G4synpzm/ solwN6lR/KdX0pMdUkDklwM6U8IbDl6kz1NcUv5StcxjLGsLgZAczlg27hos6k1DKsgD Znsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:mime-version:dkim-signature; bh=R5YOLiL0VxXrbYnTkzGraI853vUxtFE9eV46e/OTiwo=; fh=5MwGIYW90nTxGMB8YSTd3rEfFEVEjrs+6A8EIofmoPk=; b=hETTS3yM1KuTlccegdT93YB3OO85meCWErq8s3+rvrJqqf4WyH5w1ljFUB2zFy+XLg pMXZBLfjfznJRmgFcpm8gKnJQ3renWNEUsLzgoxz9P7NuddkiDLRhHcM+30QesMeonj5 X1Szpjtj3gqVjOcd103mp90HebOy9zSCEjztz67jZVRTpkaonmhr/Qn6cDEjWsErbmRF van167EvaYJ422NdlxsUs4Vkj6+62riB/vSuxBDLqCYRQJu9rRtgs2pVyofdbK/GKue+ kaRQIcTcfaIvUi6mni6v2mqaZmMFn8/QjwDFUf7JLbfErRyIrKf5MxaGHRrx8c2lUsCk iNuQ==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777120260; x=1777725060; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=R5YOLiL0VxXrbYnTkzGraI853vUxtFE9eV46e/OTiwo=; b=X/znT+3hXIA/7UkDFeUX9q7tuYPESLOZYZsrVJu8IYWyoDfKv8FePIsQp0p1OtMW0s 4frMOKVD53fKa/I0seLDq4vKYznKKgFfyV8U2lhcR2qRGVzXk0+h3m+cq/lb5LGoZhK6 1CyGKVXHag/pVSkwPXxZpOeEqg5lNYIev68ltB4A/T14xeHb8msKlEBQiIcym+9GgTBZ StHo2Pw+Mz7AUwRqjDo4JeBL2gmKHvlAQRKRI3qeqUDzU82WLdxMhs7p0lbMxpW4fS4y IBZ4SsCpyUvm0Vcvzv8wKhwl1rZThtumjqr2gVyjxTo09TJIT0jU/2bjKwos8rbbngbi mUzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777120260; x=1777725060; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=R5YOLiL0VxXrbYnTkzGraI853vUxtFE9eV46e/OTiwo=; b=VmcvTJ4wenSXtIzjD67ujb0/Ve+K5Z+6ccTovrXYwvt14pkrr3SkygvVIvas+grCSC ++OErWPtBO7yxHYptwm7v8iyZUSjvOE3ZDeCQwmetlEnr1yQZatGVR4yuHvTVgFgTZlE JzUPjWo+7OpjVqqdN1p6EYHhkMldrBcDwTUfMiYgavvA2gnuMqmNNpf1EUPud1mpJRUa Kkthig/0HUQ/VJ40PJFn51jpxshvCnszLB8FhRQfaid3gar8Krk46mi6m0iZBhJLRSEw arRqDfunfN27qF/4+/s6Z6GzDdVBvf50d9rKT/doDR5htA1vo5sCc53yadWlOZJ3ZaAL baHA==
X-Forwarded-Encrypted: i=1; AFNElJ+jbLUA54pTcM3LdHY61tyAdjWevQ4J9pSKtd4+sNldBZn/97AbthCOlhlwBg1h56Yt+FSU@ietf.org
X-Gm-Message-State: AOJu0YyDYYWSaihQtYbZtW44KTrA1V2c9x/+/LMUIjyk10sY1bqgcG/K BeqKbqbZOxB0xEKpc2M/DgdFEaHu+Q9r0qfAwvzLy+kUI7Hugd+Im9HaNpXHFj54tZzP8S1w+Nu oAWkee5Empvg3YByDV/a42l3cw17HMQ==
X-Gm-Gg: AeBDiesAmE7w7UOUoHtTlMdFCDt9frjvkN5Kz5BJiZHc31Rj5XTn5wia7VyAvCHXvpO 6W3NpXyjIMClbp1XWFNabCOOJmZ+twLQvWIDzzrsME3JmE301EFE/46XH15fzFQNK0D8hRAcyC9 INMAhsMesi+24ZrAZExifIMLexnj9tRyTyc+yafiNnb+X9YcEGuQSKDRJhcf3u90AYizgHLEYCn j2UdUfTUQVq3xQNULlXEJJWFIJaCVVMkDioF4Z4n4QexhWHXMSZoVE1z5SyW7R79q1m40nRUFuJ y9y++FiBYyHaLssaVGjtvL6MfnpqN3cPX7ZHDMZZwE5Da+4hQwtpYwl3Ibn9QX+/1vVNZk5++eP KTVyEbg/Bm+WQ15EDDU5Z8+bfohIoZFedtpj9
X-Received: by 2002:a05:7300:72cc:b0:2be:7885:31df with SMTP id 5a478bee46e88-2e478839275mr21743317eec.17.1777120259902; Sat, 25 Apr 2026 05:30:59 -0700 (PDT)
MIME-Version: 1.0
From: Deb Cooley <debcooley1@gmail.com>
Date: Sat, 25 Apr 2026 08:30:51 -0400
X-Gm-Features: AQROBzDMKnpwdfIU9jYutg1oXUhVCqZBVd4RfwKK5lFc6Myau7qMynOs6snPjGQ
Message-ID: <CAGgd1Ofok0rH8_p+B4gfvAnhSzyq2Z3_Rv3oeMGJYcq26p91Xg@mail.gmail.com>
To: draft-ietf-hpke-hpke.authors@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d091880650480d2b"
Message-ID-Hash: FEGXY7ZETQRU73I3MNWPI2VMNRMZB2Y7
X-Message-ID-Hash: FEGXY7ZETQRU73I3MNWPI2VMNRMZB2Y7
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: hpke-chairs@ietf.org, hpke@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [hpke] AD comments on draft-ietf-hpke-hpke
List-Id: "Hybrid Public Key Exchange (HPKE) Publication, Kept Efficient (hpke) to discuss updates and improvements to HPKE." <hpke.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hpke/f1ohWEj5A7nej6P6Ksrxet4cH8k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hpke>
List-Help: <mailto:hpke-request@ietf.org?subject=help>
List-Owner: <mailto:hpke-owner@ietf.org>
List-Post: <mailto:hpke@ietf.org>
List-Subscribe: <mailto:hpke-join@ietf.org>
List-Unsubscribe: <mailto:hpke-leave@ietf.org>
Thanks for this work, I have a few comments, if it is easier to chat about some of these, I'm happy to do that. I look forward to the completion of this specification! Notes: - While I am a mathematician, I am rusty, go easy. - This is a top to bottom review. I did not use a diff between this draft and the original RFC 9180 as my starting point. As a result, I've made comments that would have been relevant to RFC 9180. Since that RFC is from the IRTF stream, it didn't have IETF consensus, therefore, I believe my review is justified. In the end, as a PS RFC, it will need to be clear to implementers. >From idnits (previously provided to the authors): - If you obsolete RFC 9180, please mention that in the abstract. - There are three references that are never referenced in the draft. - There are misc other comments/etc. listed in the experimental version of idnits. General: While the html version of this draft has a different font for variable names (enc, pt, ct, etc), none of the other formats have this feature. Please either use quotes around these structures, or add a note to the editor to do it for you as part of the editing process. The section currently titled 'Discussion Venues' can be expanded to include this note (possible renaming the section). General: While I'm making general comments, I'll point out that these all exist: 'secret key', 'secret', 'key' where I think mostly 'secret' and 'key' usually mean the same thing. Can we pick one word to mean the key used to encrypt/decrypt plain text/cipher text and use it always? (nothing we can do about pk = public key vice private key, but it confuses me all the time) Section 3: Please define N. I assume it is an integer, seems to be used as a length (as is 'n'). Section 5, para 1, sentence 2: Replace 'recipient public key' with 'recipient public key skR. Section 5, second to last para, sentence 1: Sec 10 is referenced, should this be Section 9.9? Or possibly both sections? Section 9.1.1: At least provide a reference, if not a brief definition of IND-CCA2, IND-CPA-secure, and INT-CTXT-secure ([CS01] Section 3.4 doesn't quite do it). I'm happy to discuss how to do this so it doesn't complicate the flow of this draft. Section 9.1.2, para 2: 'described above' is not obvious. Do you mean PSK mode? or something in the paper referenced. I'm thinking a reword of this sentence should add clarity, something like, 'Using the PSK mode, is not proven in [HPKEAnalysis] to have the hybrid quantum-resistance property because....' Obviously the authors might have a better suggestion. Section 9.2, last sentence: 'element of some set', set of what? Section 9.4: Please explain to me why Section 9.1.1 (para 2) suggests that something other than IND-CCA2 could be secure, compared to what is written here. While Section 9.4 proposes a sufficient security level, is it indeed the necessary security level? (note: I'm not proposing a change to Section 9.4, I want to understand the dichotomy) Section 9.5: Is there a suggestion for a fancy PBKDF (my term, possibly the wrong one for 'turn a password into a psk') to help with the 'low entropy password' in combination with the classic psk distribution problem? Section 11 (all subsections): These registries are 'specification required', which requires (and indeed has) designated experts. What it currently lacks is instructions for the DEs. Please provide instructions. Deb Sec AD
- [hpke] AD comments on draft-ietf-hpke-hpke Deb Cooley