[hpke] Re: Clarification on some corner cases of HPKE
Filippo Valsorda <filippo@ml.filippo.io> Wed, 17 June 2026 23:12 UTC
Return-Path: <filippo@ml.filippo.io>
X-Original-To: hpke@mail2.ietf.org
Delivered-To: hpke@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EA789103095E8 for <hpke@mail2.ietf.org>; Wed, 17 Jun 2026 16:12:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1781737963; bh=sSYNxiUUkibmvfY5tQ6QH0cnkwE+DrjDLvWcOn1jK/0=; h=Date:From:To:Cc:In-Reply-To:References:Subject; b=BExVGOU9vFZAGj/1MJKqwMVl7fXbpjWgdJJkJFiWzoighKYYRz+Pln/FLBuG0UxBE lBxrVThhCnjZ3VoDNnf8FbMGzTbyvbOK6y9R3wx8wdxiQKKSmSDdYyXPudl4jqYQRD LsFol5w7+b0RIBLmyxhrwG2KZAXpKv9MLTXOD/Ng=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=filippo.io header.b="QIsvHxE6"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="REIf3Vov"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v3cU0TOAh-qz for <hpke@mail2.ietf.org>; Wed, 17 Jun 2026 16:12:43 -0700 (PDT)
Received: from fout-a4-smtp.messagingengine.com (fout-a4-smtp.messagingengine.com [103.168.172.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0081C103093DC for <hpke@ietf.org>; Wed, 17 Jun 2026 16:10:35 -0700 (PDT)
Received: from phl-compute-09.internal (phl-compute-09.internal [10.202.2.49]) by mailfout.phl.internal (Postfix) with ESMTP id 934F5EC02BF; Wed, 17 Jun 2026 19:10:29 -0400 (EDT)
Received: from phl-imap-09 ([10.202.2.99]) by phl-compute-09.internal (MEProxy); Wed, 17 Jun 2026 19:10:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=filippo.io; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1781737829; x=1781824229; bh=cZlMXAa2Lc t4OqhgEQ/vTq5gwOhAuMEYmG+EpVkP0rg=; b=QIsvHxE6wATHrlyYcnqq6LNSkk TqkCuZjB9FK/LDl+27qUOhbzPAZ3PmQnyuifZ5xYGLpYbSv01Kj47dxw0tJiYdEH rG0MPWmmK61iw08wAYDrX2sg0B64/L9s8cTbVO5xE8hkoc2WGMJ4YGiQxChVWZVu TZpUTZl3inGtOxeEmKPMGu53hxuJsqfAb8KoPHN9xu+FugIpyDFldLJvHIbEkopO /AsZJ2ZyggZjdqcvr67fFLkdggzsTmLKMETS5pV81jeXFrjhPoo1w+9DyH/fRvVS KljUS0AFlNaeM3Xh4JesKvharYgw+lP0Gmmq7r0KuCedgfTGGMyxNHq8EVjw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1781737829; x=1781824229; bh=cZlMXAa2Lct4OqhgEQ/vTq5gwOhAuMEYmG+ EpVkP0rg=; b=REIf3Vovenhsm6+s4LKMXu+P//GGDQY5d8Bf06J2lIrIULHtT1q pHPGBxSQ1Ws6UVfhHxpbeYbvMn44l+Hu7EgntVocp/m58VpWz92MFD0cu6Zg7K1a 2+actI/mb52f1M5OTFpwOQ4A6LcUDibVkZrhmP9DCy804GDei/ysg5nJlDudjMWs CF/vz31iX9VAoJTEEXaJNWC7wn8Bk685l+AcnjoPcU9+vvNznR5u9Er4Okyf1LND wV7B13YgteNM/4yaR7yBxYnFx4x3JV9I+4DJFP+1dfz8hMWkpZqZ67ZOW5bK1Bgl rvq9RObYo48Ym3LXW9Oii6pg/aJ5AM4RMvQ==
X-ME-Sender: <xms:ZSkzavGierrrqPSwqmqjXK8JK56_KJab4rfgvg8j_PIosYOtOtVCFw> <xme:ZSkzanK6VqQhR63OAK_WhDyoBSv4xClmGHtLh5wm1ypy7Zd3u6apwtpPV_iLw9AdG XYBszdR8yzT0JUySFnSy5rcfNy5uDfVERCRQZqhppSuELGnk2j5>
X-ME-Proxy-Cause: dmFkZTFi90xzPdyFYlSz0zaBkcjLVCTK8XJ5iNSYL86IL7bFLlwFguuF5mnUFg0JY99CtD sTv7sLKIL7L3qTb372nYeQ1xdNMtH7Dv/bOuFCWU/F8rD1F5dfje6qeC/qJ2oNGNBfAoSh 5yJNy0uZcyU2+YiNbTuGyT8ylE08K6DPMQlBcbGMiwjH4VQfJz70aPKKlFo0VyNeYl7vZK cqhQnC5LvTW0RJFs8H3JGIJrMocfcbHP6OjIam21ODwO4PJodlytPbOI2JtgkG1K8hmcHJ ByvXYKi5KA65BAXTkT5FHvvrRT9/r3gckVmkvZwbjPd3kzJWRvfO79JEl/tgZFusQttLY5 1t2V9q/jk8jR92aAR9wXqaLaSruOGx6fFw+sG65U79wG4tuenicMhPjP80iY8J/v6JQvkv QSmebS1nUVW1v5Ou56co5pXBxN9ACohXR2BHEG9F7UxgUvH+vae/4Zf+Ll1lNmBXydtupg P0Zq174PyQKmVpE7GsDlJVeoRM/gOTHP8Hd6aAy/xrMhvUfQFrDY6WwCEyzrskI1Alno0R 3kJDfOFgAdFDmMOewqRu3FQemY7DjjNPISNLBXP7etgny6nnPFnyF5DV4hGlGTq/X2Kj0f Pbi0pwrrmJSa/7F4U2iaJMzOemi1wYqCes6XHwY2ZE5TG6MSdboL8DxjFg2A
X-ME-Proxy: <xmx:ZSkzavQ2okRYewRWbeyksUianX3kNYtdrhj650ghvg7dxuts5biRLg> <xmx:ZSkzapv3XDvZZ1qUUlfgPsVa14jhgwS9Iug37d4GU2EapH9iloMlNw> <xmx:ZSkzagb3J9B9YWbdTYAMQBwx30FkR_GtBLg6Bj8XL_Ud7eEyN437QA> <xmx:ZSkzavHS7G07LolHxekL7sFxZXwkNyHD4pepvZ_MOWCkywBRlNCWWA> <xmx:ZSkzagko963uq0IPB-cUEtlMLlXw8yiuYHQzcu17mMru8XzTblxXAeP2>
Feedback-ID: i2e91459c:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 528653021A92; Wed, 17 Jun 2026 19:10:29 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Thu, 18 Jun 2026 01:09:25 +0200
From: Filippo Valsorda <filippo@ml.filippo.io>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Martin Thomson <mt@lowentropy.net>, David Benjamin <davidben@chromium.org>, "Samuel Lee (ENS/Crypto)" <Samuel.Lee=40microsoft.com@dmarc.ietf.org>
Message-Id: <3db01fc3-24b7-4e30-a8f6-3447448c98e7@app.fastmail.com>
In-Reply-To: <c990b6d3-3414-44a6-8fe5-ff8f23999704@cs.tcd.ie>
References: <DS4PR21MB536838B9BE8C256C9C1325B980E42@DS4PR21MB5368.namprd21.prod.outlook.com> <CAF8qwaBoQj-7b0HCdzbGuR2J97EqhRcVm15kHjwoofEUb001Gw@mail.gmail.com> <9e8df6bb-facf-4741-a6f3-ebb903cc0b02@cs.tcd.ie> <ccf72dba-72ab-426d-b5d9-e0f2cba9ff20@betaapp.fastmail.com> <c990b6d3-3414-44a6-8fe5-ff8f23999704@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="db0d5631a2ad296a8ac47e2db4058493808fc3cd"
Message-ID-Hash: FNOD6COWACWAUIRHPT2W4AACDOV3PMGT
X-Message-ID-Hash: FNOD6COWACWAUIRHPT2W4AACDOV3PMGT
X-MailFrom: filippo@ml.filippo.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "hpke@ietf.org" <hpke@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [hpke] Re: Clarification on some corner cases of HPKE
List-Id: "Hybrid Public Key Exchange (HPKE) Publication, Kept Efficient (hpke) to discuss updates and improvements to HPKE." <hpke.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hpke/l8BKmHfFIRNikZ_VuYCR20zhVH0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hpke>
List-Help: <mailto:hpke-request@ietf.org?subject=help>
List-Owner: <mailto:hpke-owner@ietf.org>
List-Post: <mailto:hpke@ietf.org>
List-Subscribe: <mailto:hpke-join@ietf.org>
List-Unsubscribe: <mailto:hpke-leave@ietf.org>
This again sounds a bit backwards: OpenSSL is pretty popular, if it implements an arbitrary subset of the specification, protocols and applications will need to adapt to this partial API, so the use case will never materialize. It will be generally unpleasant for protocols and applications to discover, though, not being in the spec. If you think we ought to add these restrictions to HPKE, wouldn't it be more appropriate to propose them for draft-ietf-hpke-hpke, instead of unilaterally implementing them in a popular API? 2026-06-18 01:01 GMT+02:00 Stephen Farrell <stephen.farrell@cs.tcd.ie>: > > Generalising from what mt said (via highly selective quoting:-) > > On 17/06/2026 23:39, Martin Thomson wrote: > > is there really a problem? > > I think that's the main question. If there were a real > thing that needed zero length HPKE plaintexts I'd be fine > with making a PR (and don't expect that'd be hard). If > there were real HPKE auth-mode uses that needed a psk_id > that could have a NUL in the middle, similarly. (Bit of > a pain to change the API, esp as we may be on the way to > deprecating auth modes.) > > IIUC, neither situation actually applies though. We can > of course meanwhile argue the pros/cons (and as I said I > generally turn out on the losing side of the argument when > David's on the other;-), but on balance I'm not seeing > expending effort on OpenSSL PRs as worthwhile now. > > Cheers, > S. > > > _______________________________________________ > hpke mailing list -- hpke@ietf.org > To unsubscribe send an email to hpke-leave@ietf.org > > > *Attachments:* > • OpenPGP_signature.asc
- [hpke] Re: Clarification on some corner cases of … David Benjamin
- [hpke] Clarification on some corner cases of HPKE Samuel Lee (ENS/Crypto)
- [hpke] Re: Clarification on some corner cases of … Stephen Farrell
- [hpke] Re: Clarification on some corner cases of … Stephen Farrell
- [hpke] Re: Clarification on some corner cases of … David Benjamin
- [hpke] Re: Clarification on some corner cases of … Filippo Valsorda
- [hpke] Re: Clarification on some corner cases of … Martin Thomson
- [hpke] Re: Clarification on some corner cases of … Stephen Farrell
- [hpke] Re: Clarification on some corner cases of … Filippo Valsorda
- [hpke] Re: Clarification on some corner cases of … David Benjamin
- [hpke] Re: Clarification on some corner cases of … Richard Barnes
- [hpke] Re: Clarification on some corner cases of … Stephen Farrell
- [hpke] Re: [EXTERNAL] Re: Re: Clarification on so… Samuel Lee (ENS/Crypto)