IETF Logo Mail Archive

[jose] Re: draft-ietf-jose-hpke-encrypt-01

Brian Campbell <bcampbell@pingidentity.com> Fri, 12 July 2024 23:02 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0BD4C14F69E for <jose@ietfa.amsl.com>; Fri, 12 Jul 2024 16:02:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmGYhsdYBXcA for <jose@ietfa.amsl.com>; Fri, 12 Jul 2024 16:02:24 -0700 (PDT)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC23C14F5F9 for <jose@ietf.org>; Fri, 12 Jul 2024 16:02:24 -0700 (PDT)
Received: by mail-il1-x134.google.com with SMTP id e9e14a558f8ab-36da84df7adso7385365ab.1 for <jose@ietf.org>; Fri, 12 Jul 2024 16:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1720825344; x=1721430144; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/KvCrH/dTTTeLvhzg/i8oJbRAlfeFJb+LgiOfFhDBic=; b=PESRLxZdSKg9lsF6fMthB/c8rX0QUOBmVbZWkOgqjqGGLdDUfGfp7NmM01Brn/fgSt dAwPJs89JDNp1XdoNOTaOloIMjdYtFF1MP2UGoG64dL/duPAegfvlzDWwoE3q69JClTI qrmPRKqbLkK8f87Oc3jy0i9CiuX2JZ1ypzwLJ/x02wFjg03JaN2pqJmBK8whjru19Kul XKlp6EeIdV2HSQeoBt6eZIBvRiYdnsEdz3iqjJoUbWZrIxeIlR/3E8bq9NBYAuL/NCv9 s3u2grPe8RvJhw3GZH6WyxZMQeEjndTvgimZ8M/5rT38zSlpOe5vEHKqyQNXQvs5L1jP mbUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720825344; x=1721430144; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/KvCrH/dTTTeLvhzg/i8oJbRAlfeFJb+LgiOfFhDBic=; b=kjdidbwCbe4bj9n1hpKKM9sgSske8IjIkNv8qKu7u4NFjiNlMQ6rN1rnIhWHuZ68Wm sBTF+33c4oYXQbtIP2v+8CVCBgAy+M13ILN8Rdj/V5ZSSPyP1lB2ZXJZsrIy+ZSqnaUZ gWQ/+fMTwWhRA9uhSd68s0X42uCVgpQU1kuVCzwh2qrPAjicDNj7dFSSTQ04c81OXcNT bSfWJK8FFL6c5B7wUWcJVcF3dh9pKXrXyyY7ROrRMfPT1Mr6+f7rb04RGF4Vkg9QlDKW kPFhRhFJpL03l62dxuPV5x0PMjD+3zgvRkkGKz6YUhgX79jT8huPM2sANcQ2Rrq+ZefL G01g==
X-Forwarded-Encrypted: i=1; AJvYcCVUtmMhaED1agvU6zvhWxq9u79LUNSfgMW3fs2dtPJn76j/dScBLnCvexn/F7xaMV9S+snpiwZUAt/nLd1f
X-Gm-Message-State: AOJu0Yy/oMF/8RSVVCOZa2NuU4TiP58KscNVkszcYaV0M692RKzzvr62 WEvA1waJZoiFgYURXM1BAW1PtzNfR7U98ZouUnPVTNWL2VGpygxXGMVsCT4MqH5Lg1lZXa1LR0k 9gs9Yfjj/rE68cHbUG1h7SKQGyTkcMj2OP0LiDVq6xp0ZLzcODALEL9N8cTsoHsJtc9KpSEmHSp LP+4682cPH
X-Google-Smtp-Source: AGHT+IHovhiqgjBVzBpp79+2xwWTs/8MsmL7ZsPcUhyGdzxbOUJ/bkb4cvl9HqUpXGOVM9ZqH9zZ6fT9DjAfgSLW8C0=
X-Received: by 2002:a92:c569:0:b0:381:17b4:763 with SMTP id e9e14a558f8ab-38e635c1a9cmr26013255ab.9.1720825343991; Fri, 12 Jul 2024 16:02:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CAN8C-_JyHsr07FcTMwA01+QTkzjxxqvv0fNpFthytSyyP+MgKQ@mail.gmail.com> <Zo1d2jNRtAjCGC4N@LK-Perkele-VII2.locald> <CACVbtYPOvYCQN85MAbEJJrnU-Hjz2dC3PKgfUfD2M3oDbaVspg@mail.gmail.com> <Zo5Bpib-sll_7MAF@LK-Perkele-VII2.locald> <CACVbtYNxbjsDnZ4jPqW1SfT06SSxgR4e1EJuBndVrst0b6A5Bg@mail.gmail.com>
In-Reply-To: <CACVbtYNxbjsDnZ4jPqW1SfT06SSxgR4e1EJuBndVrst0b6A5Bg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 12 Jul 2024 17:01:57 -0600
Message-ID: <CA+k3eCQDbm1Fb2yb_WQ4rsJNxaQASMHw7XXn+bo6EbgjspWXiw@mail.gmail.com>
To: Les Hazlewood <lhazlewood@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000059882a061d14df19"
Message-ID-Hash: 5JXC5ENORCYY42I3QR6WEDMNQZA5OLVD
X-Message-ID-Hash: 5JXC5ENORCYY42I3QR6WEDMNQZA5OLVD
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/25WSh0e0ChpqrmUFxydLruEor2c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

On Wed, Jul 10, 2024 at 10:19 AM Les Hazlewood <lhazlewood@gmail.com> wrote:

>
> > Any new specification that defines a single string cipher suite
>> definition
>> > should be *additive*, not regressive.  A new header could be defined
>> (e.g.
>> > `csuite`) and that can have that string for the times when it may be
>> needed.
>>
>> Or have "enc":"dir" and have that call into new algorithm operations.
>>
>
> This fundamentally changes the semantics of the existing headers.  In
> JOSE, for 10+ years:
>
> "alg" has always meant "algorithms used for producing the content
> encryption key"
> "enc" means "AEAD algorithm used to encrypt the content with the content
> encryption key"
>
> Changing these semantics has *significant* implications to existing
> libraries, especially typesafe ones that codify these concepts in type-safe
> APIs used by application developers (Key types, Interface definitions, etc).
>

 And I would respectfully ask that draft-ietf-jose-hpke-encrypt not attempt
to redefine, change, or update the JWE semantics.

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.39.1 | Report a Bug | By Email | System Status