[hpke] Re: A few PRs for review
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 24 June 2026 17:46 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: hpke@mail2.ietf.org
Delivered-To: hpke@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1B1C7106AA583 for <hpke@mail2.ietf.org>; Wed, 24 Jun 2026 10:46:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782323178; bh=ZIOeOI2KYYGJahRKhBRbnrwfF9Ib/Ba4swUkZSDSSHU=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=n39jIBRe+1xj72lg8apnXAkgSUXnI+u1aN7PWa9jm4mISpmf4p9tPmivT/8N85B8p Pfni5e1rKmGN7gi2jKVghW2r+tz1CvkyBcaye0myShPKi5xNqAVzGp07b+IziFW3FE LdIU9RbT5JWR4ie1BIrCg4Z1KjyOhIefckhXjiFo=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KLqivBrmMAI for <hpke@mail2.ietf.org>; Wed, 24 Jun 2026 10:46:16 -0700 (PDT)
Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazon11021112.outbound.protection.outlook.com [40.107.130.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8CD68106AA573 for <hpke@ietf.org>; Wed, 24 Jun 2026 10:46:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uByr/HeyjOBN3S5xC2KI8z8GWz0mXzaPs8OKvUBa5LooJnHJEfTIqade07jNOM0HtiDpsQhAjSz6PkOqcL7glbwTqYdUyCdTAbWaUCVEvZ9vy43lR/3i8LOfsaLL6yn+ZIWlpQrN5l9Y7ULgaptFWY/6Pf62TVjSyXchyk9yWK2/UaFyw4sGJBpP9UpSTwPYcfJKXrkKrJhoCHPwmDn5ytH/9QCLhBA/qXgXbYTFmsJjAa297n21TA9RmeVHXhqZrYUfwrc4ysyl/1QnLOSOmpYCa/yeT6bf+kYHpGagoJvF4KFamIB+E7nxRcmm2m+xAdUEj2Bl4IJQXUUGq8P85w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZIOeOI2KYYGJahRKhBRbnrwfF9Ib/Ba4swUkZSDSSHU=; b=x4TEzFmjL5v96M09R9/3oG0OgoFODqMJBOq9EVHB/6WItgCNaXavWtCk5fb3o8YIKfZonrc3NbQreO6c9QqrEwRceMwqbVG6FvfkU1dQSzpd5WYdZTWbvcl0C1AVUKG5/Ig/XcBqxQwdfvOXBdeFA3EL2e/yNMzvnL6xp2YkEOBQ6YS9t7PgoUBUWNdM//97wUlHKGB5e8g4oOs/YitL8UrX7sjGfVX+0Qm47iEPWuj7m4xoCnYF6pq2BbfgDWZ49pbQen0Z11Otp/PBJmR3lQGgTTY4RtGkENb0xyNj8YhQAgZvRA43hg2pi2LlC/CZL/2eUCzC2MIGvFdyDZrejg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZIOeOI2KYYGJahRKhBRbnrwfF9Ib/Ba4swUkZSDSSHU=; b=sBvBrOJPM5zK8+mhu6r5ITUiSvUGTgYVRzmdcKvv75FsWsRIc3bxEoe5796OGtLx8UV00eyikkPnOboN+gt1mxfpkoDqmk60Z27iraAxMlgDKfZ0qkVX5YHpcAfBoL6pte6SVt/d+IgITYBXCkLvL1AD/W2zy2M12inflmdCmexy5IF4jQTxMxkq2StxPDjkDEf57l4fU7BMs6RvaHdilkMMlNofreipl7NAmbgy5nzsUTvUCzScXZ1apfcs0uF7+DLbVoJSArkPpe/1yrlwcz4DZ3c95weipo/6n8Bh61mc7qTMSZdB9eBRGXRDsJGkbUFE4Ox4rK8Q2zMvIdeLSA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19) by PAXPR02MB7936.eurprd02.prod.outlook.com (2603:10a6:102:28f::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.13; Wed, 24 Jun 2026 17:46:01 +0000
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::71cc:8d7f:5cb5:3772]) by PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::71cc:8d7f:5cb5:3772%5]) with mapi id 15.21.0139.018; Wed, 24 Jun 2026 17:46:01 +0000
Message-ID: <8e0dfae7-7ef7-4693-bf2f-78871edf047c@cs.tcd.ie>
Date: Wed, 24 Jun 2026 18:45:59 +0100
User-Agent: Mozilla Thunderbird
To: Richard Barnes <rlb@ipv.sx>
References: <CAL02cgRdSStDYvmisCGC5brPKSaWjRb7_YOBJzT8rwB7dxUFLw@mail.gmail.com> <2f13d53c-7f18-4bd7-9151-a0ffe611ea40@cs.tcd.ie> <977edf46-16d9-4d83-b3d9-0eab4b40c671@cs.tcd.ie> <CAL02cgRfr79cwLsb1FQDdPEsev+dshWHUL83n358k2NUeRzw3g@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAL02cgRfr79cwLsb1FQDdPEsev+dshWHUL83n358k2NUeRzw3g@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------IlHrrEG0zPtrYnsBj8k80MWT"
X-ClientProxiedBy: DU2PR04CA0329.eurprd04.prod.outlook.com (2603:10a6:10:2b5::34) To PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PA3PR02MB11163:EE_|PAXPR02MB7936:EE_
X-MS-Office365-Filtering-Correlation-Id: 32c88cb2-bf21-4105-2795-08ded21874a2
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|19092799006|10070799003|23010399003|1800799024|366016|4022899009|376014|786006|22082099003|18002099003|4133799003|11063799006|4143699003|56012099006|6133799003;
X-Microsoft-Antispam-Message-Info: hf5Ogdw05YpEJBPbcCxNAdXAxpk5Wnc+bXCvi3PuM7vN0PIt1hvgGbf0PAb42w7zXcBnNzTdca4KBxO4Zk1bLsdaCN1RfCZQdFDeabszYjCKCkubOdpXxHeYWXDjJML72bl2WyP8iaOQEHN9OyTYvZ45m4mZ56rNC3VQzlhVLjHMA7O5oreAPCXOjy2vSfJr93RNJLXxuslnHgR9YigRsk9YdKgfz52AZa8FqYSFihosBCKvGpxM4dlN/VzCfgw1YGmxckOJtxHp0b4Q4Jus9Y0fh81ke8dgC1niVLcLY0u0OyBq68U3NEJ75qw1ROY9rH/QeaQZi4t1Vyej/tmYiUN7IXA9IvGYJBBZN4M3tyMsC+55eoB5wyZifCekTr9JNKnPZwM6j2aXvagJJDTXu+0nbwoFkwu9kfTBXjN8Ck5WseTc1yPtn23SNfLFIExDDg+fEkj7MoR9UF52jQZj0gF9P+U5TGZPPwuoL5nJdsOl3S54TUBDvsJIkexwI8CtjECSKeAA1hBc2Ms556JWYabj0KqRUHr3SVt7XSPFj+cPQXLHHnQa42reqkziJo78nI7sFN5SrgGjx3HXePfgazkMhzUSkiC8ZTyAPhyS7DCU1YRwvC6ho7jutDN2H5y/d9/ROIQfRKOnY60NyEoPlR7lx6CC/BfU8udulTzrJOw=
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA3PR02MB11163.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(19092799006)(10070799003)(23010399003)(1800799024)(366016)(4022899009)(376014)(786006)(22082099003)(18002099003)(4133799003)(11063799006)(4143699003)(56012099006)(6133799003);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: mfU8A5KXtOaPE2yP9ck3FyDiKb0eLVDynm6YChh6GzMyi2dWdOlLKJhz7dEQQaTzh/kgonbxgmcS66zQxgDzQqI6sTeUrAxqbCxJhPKKWOfJKmd6E/CJXm49Bk/vWdwoo4WudwxzkTeQaAx86Uc9XQrzIZEbLeQxMNiJ3WTwMARuloE4sOS3TxvyrWxid06qyUar6Ue27vNcF93w5CzQ6BK6P4ek6LXAi5Gv79FDeufJnDHtETLo7ZT7D9T9NsM5uzhtdwZ9POXgRH6EJsPkq3r/HObyHf+xLehfTDe4TE7Fl5wLXabzwxowlioQeFlf0pat7/4uoLzSFZBQ+A25pKcb6AZsaH7b9JLdDvfNTVKMjpwpIYVBih8KmGH8sjM8ORlIY5S/t0i8dG+25gUJo194IRKVzj4wNqPV2xTgzy0ArsndW9bJZArgAe2Ta9wE48aXS9HjywBMlA91YBMjv77Otn4nlPvsvleh6Y05vHmS3FxAUjP+828oGXYQUkePm+rrXkWj4SspzhWCGu48G54Wy3nCmYguluDNEf/mT0s2jD8SaCB0+r6/9eeYj5UKUZDd+edx2IM2ILC+1SilWOBwssJG/olQyX80HrqDWTQ+4b9QSY+Nk4zlcZstr/7JBzBy/EdRbQ1nxqPH6KEq3YvqbAQDyskDPSgZdAEdb+mEhPmb2vcuQ+z2oJAxt+CQbeJOfkhLGR1TuqrZp8GRBNX/7fOoyYNda0LkGfCL1hPm9MeF06Iicf5ht2gTyeveZawwCzrtfPzobRr61gy/ia5bNyowW3aTKubP69inq9t9KyD1BJA4FLObgl+LjNzcVq792Z7d65Xj5J/j3WJY4BFTjmjGTrcJrGO3BY7vdx6YKOKotMPP0NA9tVRfD5kOmSY7VhSsYr4A87Ge3uY5PU2hnJ6bVfjDQVyI19HueaKIZ1Okkmki4/AbqTjJe1aEnnsrgez7GgMk2O4wJPRM5x2zFxiwTqWqfxrPJ4WDLpRXlhBXN+2vgNgpGVCNY8oZ3ybPYdqyDV6jCy+z/lg9DY2XNIipgx7/jcrv1BOndqOWbn3y0RfuhZYj1L1MJT2/pUOUllq7iwBRLdxd49SxwNEt9EnJeeR3HNdmEbSlLCkk8aP7Kr0q5NjMqmzF1ImpUqicA7P3zSLL2357wOkEBiYY1WT21jBSJRG9qI3YWlhxGBGUtv8GnvSYZ/Nx+6GItFNNxMGZ0n1taKoyZsASb+xW/spTD77ck+5DQo2XeMYU3a9zIVo1u530Jr6I5VbBHr0XSUydedg0whJnVEGUvZ4IhVP7hIq9Iv3ml2+0akMZoacWRXJZvugHEpofZyf8e+WCOur/pEnn/eeKGFy1ZW6y59IoIycxehZI3Varw+Aor2R6KQstU9TYZ5PnLfJGcqHzSx7uLogVw7ZHTvQpJt00dNlBLC59LGbObYH7AV517UOhDyUw01+BZ1TtChkeGEK4wP6ek+JAcfwzDu/TxQ/UvfhrLJsiETjk50XXmGGTfcTWFgTg2XLAdGXD0RuiiIgsB0r9/hs4//8Qtu5FqP4ZKVmnJUdvTCIgxN/aykf8fcMQu9b4xM0BiTx1FyiKsxQtweVgjMEN7A74rKGSyqPxgi1XxWEmURwUNantnpbFd4izOtxMwL28f6cFPHVAb+0eJYKGm1VjORzqFGiAVAvPiX1aBHUaCrf3Bvp6KQS5lP8+RpgpmSPRwl3Rgud3fWy2eggwKcGKEyT32tRjvIslt6/4IiLn8PQZSqu2rEmryyyUtJy1QZ4Do5DEkQfEdK/RbjAq
X-MS-Exchange-AntiSpam-MessageData-1: pJSfnhPBgNxMww==
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 32c88cb2-bf21-4105-2795-08ded21874a2
X-MS-Exchange-CrossTenant-AuthSource: PA3PR02MB11163.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2026 17:46:01.3355 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: QqZXjDab6uF8buYUMf0DQHvNZNM05OW7CET0Aoe31OLTNILO25E1s24CoxhSaBvf
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR02MB7936
Message-ID-Hash: DNTNPMIVAHZFN6OB6POXKZJOBRSSOLQH
X-Message-ID-Hash: DNTNPMIVAHZFN6OB6POXKZJOBRSSOLQH
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "hpke@ietf.org" <hpke@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [hpke] Re: A few PRs for review
List-Id: "Hybrid Public Key Exchange (HPKE) Publication, Kept Efficient (hpke) to discuss updates and improvements to HPKE." <hpke.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hpke/o2PtZAJ3rnG6-2ocnMVolfqili8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hpke>
List-Help: <mailto:hpke-request@ietf.org?subject=help>
List-Owner: <mailto:hpke-owner@ietf.org>
List-Post: <mailto:hpke@ietf.org>
List-Subscribe: <mailto:hpke-join@ietf.org>
List-Unsubscribe: <mailto:hpke-leave@ietf.org>
On 24/06/2026 18:35, Richard Barnes wrote: > Hi Stephen, > > I think the question you raise was addressed by this PR from Martin which I > merged on my own (seemed minor enough): > > https://github.com/hpkewg/hpke/pull/66/changes Ah sorry, missed that and yes it unpicks the nit:-) > > Re NUL bytes - I think you are in the rough Absent a pile of others jumping in: me too. > (chairs feel free to correct > me). In addition to the list discussion here, OpenSSL appears to be the > only implementation that made this misinterpretation. I would actually > argue that the footgun points the other way, as others have on the list -- > having a NUL-clean API at lower layers removes possibilities for > misinterpretation of inputs. Every function that relies on strlen() is an > out-of-bounds read in waiting. If you really want to supply the psk_id > from some string-like type, there are various types of escaping available. Yep, there are arguments both ways. My conclusion is that for anything commonly entered via CLI then allowing embedded NULs is worse. YMMV of course. S. > --Richard > > On Wed, Jun 24, 2026 at 7:18 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > >> >> Hiya, >> >> Apologies, forgot to ask a nit-picky thing about this: >> >> The info, psk and psk_id fields are described as having >> a default value of "", i.e. the empty string. If those >> values can include embedded NUL bytes (I agree info and >> psk ought support that), is an empty string the right >> way to describe the default value? >> >> I guess the potential ambiguity is between a zero-length >> default vs a default of length 1 containing a single NUL >> byte. >> >> I doubt anyone would be confused by this but wondered if >> there's a better way to describe the default having a >> length of zero. >> >> Ta, >> S. >> >> On 24/06/2026 14:28, Stephen Farrell wrote: >>> >>> Hiya, >>> >>> On 24/06/2026 04:20, Richard Barnes wrote: >>>> Hi HPKE WG folks, >>>> >>>> As our main spec is strolling down the path to finalization, a few more >>>> minor PRs have come along: >>>> >>>> https://github.com/hpkewg/hpke/pulls >>>> >>>> None are major, but a few have technical content, so review would be >>>> appreciated. If I don't hear anything by the end of the week, I'll go >>>> ahead and merge them and cut a new draft for the IESG to review. >>> >>> WRT PR#70, I guess I'll be in the rough, but I'm still >>> not keen on psk_id values with embedded NUL bytes as I >>> think that's more a foot-gun than useful, e.g. if such >>> a thing is supposed to be entered via a CLI or via some >>> script or into a form, unexpected things may happen, or >>> it may not be possible to enter the value. (I think the >>> rest of the PR is likely fine.) >>> >>> Cheers, >>> S. >>> >>>> >>>> Thanks, >>>> --Richard >>>> >>>> >>>> _______________________________________________ >>>> hpke mailing list -- hpke@ietf.org >>>> To unsubscribe send an email to hpke-leave@ietf.org >>> >>> >>> _______________________________________________ >>> hpke mailing list -- hpke@ietf.org >>> To unsubscribe send an email to hpke-leave@ietf.org >> >> >
- [hpke] A few PRs for review Richard Barnes
- [hpke] Re: A few PRs for review Stephen Farrell
- [hpke] Re: A few PRs for review Stephen Farrell
- [hpke] Re: A few PRs for review Richard Barnes
- [hpke] Re: A few PRs for review David Benjamin
- [hpke] Re: A few PRs for review Stephen Farrell
- [hpke] Re: A few PRs for review Salz, Rich
- [hpke] Re: [EXTERNAL] Re: A few PRs for review Samuel Lee (ENS/Crypto)
- [hpke] Re: [EXTERNAL] Re: A few PRs for review Samuel Lee (ENS/Crypto)