IETF Logo Mail Archive

[jose] Re: [EXTERNAL] Re: Call for adoption: https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/

Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 17 September 2024 13:34 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC328C14F68D for <jose@ietfa.amsl.com>; Tue, 17 Sep 2024 06:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1RGf5IrxJQ8r for <jose@ietfa.amsl.com>; Tue, 17 Sep 2024 06:34:13 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) by ietfa.amsl.com (Postfix) with ESMTP id 07DB2C14F600 for <jose@ietf.org>; Tue, 17 Sep 2024 06:34:12 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48HDOnbW015579; Tue, 17 Sep 2024 08:34:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=mail1; bh=niVjjACHL3YDMl3P6lrZhP5NeOSn Lmb6GmMcGuBPcZc=; b=FOisEpNd4W5SXcU1lUbxJ0R65SrS00eIJ0sdF0j3rhL3 e2Uw0RFJvKJjZxANQlkPkLwqfrBe/uXG2ue7D+OK4Ac/glzhrZrL7pzy9h+uv1U0 38wAXW/XlDEEiOUCdncHBO5HInSjUk+YvlimKXCMLE88/bgIH1B8MaR39SByfCxp 5ewd5nDz/4YGkQ7yjYI2Zep7mN3vau90bQS1N/srSHtH8I0EBjb4U0IGADQx7eL1 XR2tR1rlekJ5cvwrtByJu8QoGnldDV0FuBGvhvyYiPCWdKDltqOTgdUf+7ia3QqV T/KWjz6BhjQR/Bc9QtnnPm8yAJxucXOu43sjC14nqw==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2170.outbound.protection.outlook.com [104.47.58.170]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 41n760t93p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Sep 2024 08:34:09 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ekhoT/g8BPm1Y5w8bBzfSvsRmE+wjWpL9y5ZBlW3rWevUUmUd6LBIYx4eC+aQd4nUVwu8mIzJEtADT/8jBNu49wxkoYq8E+bHS6o1RFJ0VcJUq/hyE2PS7FJrSCH+5JCnpJWKd9SLn4VL21ejgD1DPNpMh+l7YXtejy9/KkUCJ0+tIPEbndNcsafAP9e52fXkoCKAXZAggjQfuoWB/iaLieXJxlGW3uEZ6UgrsOVXd5GrIlxzTWDi2dHD/lmCwbAqfdJByoCjqxjrVN0eLMSDvY208XNdSN4GcqHVy6ZJegCzRr5cnWVGguw4+NCxPZUEv8DDuSam5xIgkpfCNaw9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sKIUIEZ4BZ/UBCbtN0QIVqa0xMF1/b/yViNHh92VVYo=; b=e/zzk6XK74t5oqkTQfw25PmQU/1XlhiTeigvG6tOtXW9nUHkflq7D1V2JOOkU324dlxFeno4Z0DwSYX8KVz9Wcvl/1oNhoMM9eXFpj6t7hZ9CrPXfXwU3IhmOHGtV/iYe135L6/i6RdYcpQFMmy/lWu+gXlti9wemhcqw+MVsE2nuGOvyn71qvB3kmLQ/OlNJqRCwhHj0yCBCemY9DVS+v7b5Vp4O+mWC7TkilXS6phlP0uQB7T0fWb/I9XB81NxCgxKUd/m+yb9ZLXLuUhPdpi+nP742fMnSf/Qy2Wq6u55g5NU+ti/dJ32RwnrCEXGVyml9DoWZjwXmY9Dw9IIzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CH3PR11MB8212.namprd11.prod.outlook.com (2603:10b6:610:164::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.24; Tue, 17 Sep 2024 13:34:06 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702%4]) with mapi id 15.20.7962.022; Tue, 17 Sep 2024 13:34:06 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Neil Madden <neil.e.madden@gmail.com>, Karen ODonoghue <kodonog@pobox.com>
Thread-Topic: [EXTERNAL] [jose] Re: Call for adoption: https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/
Thread-Index: AQHbCOVHeOPScYkP3UCFtv2ns4HGgrJb+KkQ
Date: Tue, 17 Sep 2024 13:34:06 +0000
Message-ID: <CH0PR11MB5739794BC2CA6E60CC4CF3D99F612@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CA+mgmiN9t6mV=Anqc_kyzuyP__3C+FRSw2KF9jvDXOXPXB-c+Q@mail.gmail.com> <75602943-51B0-4691-9AE4-0A6E037C04DB@gmail.com>
In-Reply-To: <75602943-51B0-4691-9AE4-0A6E037C04DB@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CH3PR11MB8212:EE_
x-ms-office365-filtering-correlation-id: f7e979f3-c5ee-46fe-8286-08dcd71d66fc
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|366016|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: gDvkO8n5OP8PpFV/TqYv3hLAmrDEfmMdcn0DtPo3wuEbc2XwgCfHoDSYE8OYmc0pMPTkdm1kzYs9bCjhkUyh/9Do8LXKBdT9GZ4zLiXCxCNw2t4fUQUv4yNwYoA2TfBv6fMVzbn8FPNyPlKc9HwrrxLaDOKkJCmiQkYWlrKjONR2TJ5SS6icpXvxxcKaYkSpQqjsHaZUsBAbaNutIOrWO6mh4EAlZF86BoymZlR0AFPQS2Hz3URcXY7R4MCj1uk0VptZcME2fmsL6EX36rS/ufRslQvRqk4ATlS4h88Tol1v47YQJFOKgJ+6uT2f4Wi6SUpC6OQTa23/96hLk8kfKVHEjJPpba0/Nj8KYrII0l8lOBDEeGqSr7kbDBszGaKZ6/k12TYBt8ayveYjB5wiDhZPr2IDOl1cw1Del3SQRo0jhTOJT6RKA/dJz+MCwPArju4bLqJaxy6PovD5xRA26m1WxYpJkSm8K50wOh0qGISWgKKjlynS2K0plQ2Ueivl04SpCBgu1KJSi5AmsM8TZsn3b7Qv7kBmv8D1zOHSMrqigT2xvE4QKH8BHsCVHQVPO+rtUstttiE1UiQ2oCc5Yz9Boe3eJs2kQDaTNaaZ1nT6HUsOB4HVgr5PMfF0Msv9vLEp+Bk4n7sIyiLQswYVeBZCGwVFMZo2sNiIP2b7aC6OI+APQmXPi3TrDEc02U6pEbgbi/73ib5vkRJWslgvSAdMqTl/5QMbE62rZFmxi+NNPL9b9W5FEJfT4KsK+qKjdjB9NsTPFuv1ra5lyXTCCNXDYcov/DM3bfgwuHo+dVD3OJG+QbMJEcSPaXtd63DTVCL8ZI9PcpAb67PJCru0IehOqzRUfAYl1win0sZ6ZQTx2XuFjva1+O4LRRXWvouAn6QV1ItVXQ+WYn1lxBRdqfciOnNO/s/qN+ycI9Lt6qpMweKTgX9kSA4XbQ6GJXUsnZQ+mR3+t7hORe7ekxNw9um9FnvZRgydurpK1etdMBD9Up6a2eLvVVUN/3FP9SMSlnyf9G7MKpGwBhuThTMMyifhTDK/puYayE3IGiTgt0A883w+gm1j2t1kDv/XdxTVEgUEnedWabcqPYDX2jbhhHFX8y2G5Uvnx8/WwDHhfJZXYawj3vFDzt1Ub7D4wf875zJ4qLmIe4P9YssQ8h8mBIiTQX/UlhugVdqzhZS8sz7wLgHdyGdcLDuT/tCBRzp5W6zTMqUrSOs/wat/0RNUSTVUenm14bm3mcQEcd/pSsAXG2nXbeA/kJIG2fJghoT+kFHLKckq6f2IgbjM4SYQrI1wTAKiz3Lf9Xh3FHf4oIzCEBjP2uari7Z/DUT2vfsScbJCh7WQVi4tpifC9wPtDzainbwiHZVZUJuCMNZ2yR5wCy7Zs61oh8iHuW3CM36dgz2txNUoNYsIMNpK/7D/hg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR11MB5739.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GZr++NRL4QJsVTi9YGdiAUElxl8R7CNPDtpvqqppFVIQ2DXo767swmXRLasCraRg1xbEws2ZpW1rY0HSs/ghUdmslCgqxAHt0tdo3Gd4BCtSj9j1DDGhjhuVcIuCbGnvFLfEg+qu4CkXcOOwuKRVXY8GbsAQxg2/ekH2LwZzXNwAwWNOXbBaX46f39R3zG7lJGXRp+JaTV+Hebd4XwqvfiecTpo8zxXY33He/2pbAfFEG45W3tRJxLwA8U/TwW+GGqWqma+cWY+1LbeOTNzkoeQbLhhdbgimjUhmUS9fvY2/KfB83WqCSRVA5LwmC86vUPiF93TkIe4hGosFHg2jSnMndIauST1miogCIv+B3BN1MHef1/lNK2RPHC3MKbQ/8LIRqaPl2nbRNUuW2AGfW2pEbOVjSh27uvWQG48EFkTqjAuZI9RxY5hCLmTZBJGx89GthYEELk/zvjcHDKvKpAxxM1b19zpaLPljPi4OkjWdGLBa+ZEd9ii/kEYCmoA8+s1Lt5fsGjZ5Q/V8SVl+qX829/ZjE3NHaRMwZWrj09swrMs215dX12gTg9aikn3yz5NzVHZ3VmupkWCAkA6wXBQAP2EIBvuCY3J9A1g8+ouUTq3zwKl5Ywpt/4vBKp5M8r7JfxIqRAYxuplpbXUYgJJFeZ3Hp2Az0dlm6UwWWq7yj1JInWMpa3OnlfVJdWkbaawfCJ81j3kJFcaVSC6G6tj3+ebs+yPITYMqNxRNnO/eYJhga+x5UhAqbJSU4BtRcRy062oe4+YL3F7adCokuaOwYa/UqYSkKQb/pdRDJ9xSTCFc08r3tI1uzRnQL/9ozfacXCg/zejgHlEQ50ABZYCkITvnT/rQdxDnv3rDQgJInxcR0ZClWBIFbyYekVCZunF+q0FDkDM6qTxSsVHJ+3l7HBtHY7zKrkrhZX80hzA23supX1BvEPG2cKm3MPyePAPpIXT3YRkJdrjmSM6pUFT4UVMy/Is56WnoJa9jDxr4Tnp+7R2dwoBiFDA86W2jEutD9jyDjbWUYzPqtw7yfkw6o8Y2wEMTHn2R9M170KmJ7g5Z7wFjRZc8mEgxsqXBoVrWrbX1k75/Grncmy3ak2KHLujBN9nMoYt6MxxEqKRexU5+GTjE21juibRQAwMQWMF1RHHBxwkoqGrNT1bw7Ig2YzhSGmRfqAP8Gic+nAdqQ/UDQIIoaMSG9qVidXANbE6qyGEwp9kqXStFqO3trmQkxSoUhxP/1lJsIpNHYiQkdO6yQ3oZunJMqVWWYx8M/V2HovEOdLpK+E/U8SeV9i662wcKaTii33zNgWxjEg0yiFKm8U2fmFtJd/eaTaK0YRRvTTtfVInb8WOfZPD10kteBD43LR9+Mhs8h0ZuydJWXJ084+ZYUVnilY6oEapulb23AlSDaeYVVc/Wwd9HJQjSXYlAjsJ60UXBIwliRmPHlKzRLDw9eWGlzoyCQaEMwdWgTGxTQ+uuJQyZerpo+XCw4Zk5c78wcZ3M3Hnlzus8G5RcQOgm3O1UdMTyrnLhi4K0bNTMHh8KxU8z1xcpIahsqC4+0P/Pl/BU+GyFjYOlO3vBYKroCrEt9IKk93bF
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00AF_01DB08DC.5AEFBD90"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7e979f3-c5ee-46fe-8286-08dcd71d66fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2024 13:34:06.1483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ck1mlqEv2bxKfzOyuBnVhD/9/dqMSOKccSHrKzrFlbS4dlkxFUvNwe7BS54JVXR92krj2cwGuXnGa5WPi6KFaYoQ5yVXdiyY+EtsBafYalc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8212
X-Proofpoint-GUID: dwrhgFJ93Wkddij747LAczx2UIKWJd4f
X-Proofpoint-ORIG-GUID: dwrhgFJ93Wkddij747LAczx2UIKWJd4f
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-17_06,2024-09-16_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 malwarescore=0 spamscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 adultscore=0 priorityscore=1501 mlxlogscore=999 clxscore=1011 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2408220000 definitions=main-2409170096
Message-ID-Hash: RTBP3SG52D6A2UBKXW42QPD5MDOUGGCU
X-Message-ID-Hash: RTBP3SG52D6A2UBKXW42QPD5MDOUGGCU
X-MailFrom: Mike.Ounsworth@entrust.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: [EXTERNAL] Re: Call for adoption: https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/08gyE3VNx55rzbErjwsboxRAXSY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

+1 to Niel’s question.

 

> " the general consensus in CFRG seems to be towards hybrid KEMs (eg some combo of X25519/P-256 + ML-KEM), so is there a need for a “naked” ML-KEM option?”

 

JWEs / CWEs certainly can be used to carry data with long confidentiality lifetimes (PII, financial data, etc), but can also be used for extremely short-lived data like auth tokens. But of those use-cases that I’ve run into in $dayjob where data sensitivity is extremely short-lived, the overwhelming majority are JWS (RS256 / HS256), followed by AES-only tokens (ie the server encrypts an auth token for itself). So I would be interested to hear from operators who:

A) use JWE asymmetric key exchange with short-lived data.

 

B) can’t tolerate the extra like 64 bytes for the X25519 / P256.

 

Those are the use cases that would make an argument for a naked ML-KEM option. Do any exist?

 

---

Mike Ounsworth

 

From: Neil Madden <neil.e.madden@gmail.com> 
Sent: Tuesday, September 17, 2024 4:38 AM
To: Karen ODonoghue <kodonog@pobox.com>
Cc: JOSE WG <jose@ietf.org>
Subject: [EXTERNAL] [jose] Re: Call for adoption: https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/

 

I’ll try and give this a proper read through today, but a couple of initial questions: - the general consensus in CFRG seems to be towards hybrid KEMs (eg some combo of X25519/P-256 + ML-KEM), so is there a need for a “naked” ML-KEM option?



I’ll try and give this a proper read through today, but a couple of initial questions:
 
- the general consensus in CFRG seems to be towards hybrid KEMs (eg some combo of X25519/P-256 + ML-KEM), so is there a need for a “naked” ML-KEM option?
 
- more broadly, unless we’re actually going to merge the COSE and JOSE WGs, it seems procedurally awkward to have drafts in the JOSE WG that dictate COSE algorithms. Is it really that hard to have two drafts?
 
— Neil
 
> On 14 Sep 2024, at 21:50, Karen ODonoghue <kodonog@pobox.com <mailto:kodonog@pobox.com> > wrote:
> 
> JOSE and COSE working group members,
> 
> The following draft has been submitted for consideration by the JOSE
> working group. The chairs agreed, at IETF 120, to issue a call for
> adoption.
> 
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/__;!!FJ-Y8qCqXTj2!cTqypVN0cPPcG9K-tOrwMuqDaPnjPspDsEq7itGEXZc0WSIaRgbBvPFWiPB3UjFdCSFhAKdhlfQFyoOND2mBaC75kWoE$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/__;!!FJ-Y8qCqXTj2!cTqypVN0cPPcG9K-tOrwMuqDaPnjPspDsEq7itGEXZc0WSIaRgbBvPFWiPB3UjFdCSFhAKdhlfQFyoOND2mBaC75kWoE$> 
> 
> Please review the document and indicate (by responding to this email
> and keeping the subject line intact) whether or not you think this is
> a good place to start the development of this document. Please provide
> comments.
> 
> This call for adoption will close on Monday 30 September.
> 
> Thank you,
> Karen
> 
> _______________________________________________
> jose mailing list -- jose@ietf.org <mailto:jose@ietf.org> 
> To unsubscribe send an email to jose-leave@ietf.org <mailto:jose-leave@ietf.org> 
 
_______________________________________________
jose mailing list -- jose@ietf.org <mailto:jose@ietf.org> 
To unsubscribe send an email to jose-leave@ietf.org <mailto:jose-leave@ietf.org>

v2.29.0 | Report a Bug | By Email | System Status