IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 11 July 2024 07:42 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9749EC14F706 for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 00:42:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDJRN9NtjCBv for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 00:42:36 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2b.welho.com [83.102.41.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A707CC14F6E9 for <jose@ietf.org>; Thu, 11 Jul 2024 00:42:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id B763746D8B for <jose@ietf.org>; Thu, 11 Jul 2024 10:42:32 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id iZ5ZBsxhS6FI for <jose@ietf.org>; Thu, 11 Jul 2024 10:42:32 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 6D0392323 for <jose@ietf.org>; Thu, 11 Jul 2024 10:42:31 +0300 (EEST)
Date: Thu, 11 Jul 2024 10:42:31 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>
Message-ID: <Zo-M5079iwsR5G3v@LK-Perkele-VII2.locald>
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com> <CAFpG3gctSyVhC4gFJ4f00YoRKT4AyiOm84oB3XntQCT43QxZww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAFpG3gctSyVhC4gFJ4f00YoRKT4AyiOm84oB3XntQCT43QxZww@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: VLIVPGL3EBHI3GVW2GXI4UEQKRELDYU6
X-Message-ID-Hash: VLIVPGL3EBHI3GVW2GXI4UEQKRELDYU6
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/-Qa4DsvbJTIkBxSpflkDvIUmsJ0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote:
> 
> 
> I would like add another option proposed below for HPKE JWE Integrated
> Encryption Mode:
> 
> The algorithm name SHALL be of the form "HPKE-P256-SHA256".
> The "enc" value SHALL be " A128GCM".
> The hpke-aad SHALL be of the form "protected (.aad)", as described in Step
> 15 of RFC7516.
> The hpke-info SHALL be the same as is provided to concatKDF info for
> ECDH-ES, as described in
> https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2

JWE does not allow doing that.

"A128GCM" is valid AEAD algorithm, and JWE is very clear on how such
thing is processed. And that processing is flat out incompatible with
Integrated Encryption or using HPKE for bulk encryption.




-Ilari

v2.36.0 | Report a Bug | By Email | System Status