Re: [jose] Fully-specified ECDH algorithms

[Michael Prorock <mprorock@mesur.io>]

Thanks Mike & Orie.

This looks very sane.

Mike Prorock
founder - mesur.io

On Wed, Apr 10, 2024, 09:21 Michael Jones <michael_b_jones@hotmail.com>
wrote:

> At IETF 119, we’d been asked to describe to the working group what
> including fully-specified ECDH algorithms would look like.  Please let us
> know if you’re in favor of addressing this in
> draft-ietf-jose-fully-specified-algorithms or not, and whether you agree
> with the characterization of how to do so below, or if there are specific
> changes you’d suggest.
>
>
>
> These registered JOSE algorithms are polymorphic, because they do not
> include the algorithm to be used for the ephemeral key:
>
>
>
> ECDH-ES
>
> ECDH-ES using Concat KDF
>
> ECDH-ES+A128KW
>
> ECDH-ES using Concat KDF and "A128KW" wrapping
>
> ECDH-ES+A192KW
>
> ECDH-ES using Concat KDF and "A192KW" wrapping
>
> ECDH-ES+A256KW
>
> ECDH-ES using Concat KDF and "A256KW" wrapping
>
>
>
> Fully-specified versions of these algorithms using combinations that “make
> sense”, per Brian Campbell’s suggestion
> <https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/>,
> would be:
>
>
>
> ECDH-ES-P-256
>
> ECDH-ES using Concat KDF and P-256
>
> ECDH-ES-P-384
>
> ECDH-ES using Concat KDF and P-384
>
> ECDH-ES-P-521
>
> ECDH-ES using Concat KDF and P-521
>
> ECDH-ES-X25519
>
> ECDH-ES using Concat KDF and X25519
>
> ECDH-ES-X448
>
> ECDH-ES using Concat KDF and X448
>
> ECDH-ES-P-256+A128KW
>
> ECDH-ES using Concat KDF and P-256 and "A128KW" wrapping
>
> ECDH-ES-X25519+A128KW
>
> ECDH-ES using Concat KDF and X25519 and "A128KW" wrapping
>
> ECDH-ES-P-384+A192KW
>
> ECDH-ES using Concat KDF and P-384 and "A192KW" wrapping
>
> ECDH-ES-P-521+A256KW
>
> ECDH-ES using Concat KDF and P-521 and "A256KW" wrapping
>
> ECDH-ES-X448+A256KW
>
> ECDH-ES using Concat KDF and X448 and "A256KW" wrapping
>
>
>
> These registered COSE algorithms are likewise polymorphic, because they do
> not include the algorithm to be used with the ephemeral key or the static
> key:
>
>
>
> ECDH-ES + HKDF-256
>
> ECDH ES w/ HKDF -- generate key directly
>
> ECDH-ES + HKDF-512
>
> ECDH ES w/ HKDF -- generate key directly
>
> ECDH-SS + HKDF-256
>
> ECDH SS w/ HKDF -- generate key directly
>
> ECDH-SS + HKDF-512
>
> ECDH SS w/ HKDF -- generate key directly
>
> ECDH-ES + A128KW
>
> ECDH ES w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-ES + A192KW
>
> ECDH ES w/ HKDF and AES Key Wrap w/ 192-bit key
>
> ECDH-ES + A256KW
>
> ECDH ES w/ HKDF and AES Key Wrap w/ 256-bit key
>
> ECDH-SS + A128KW
>
> ECDH SS w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-SS + A192KW
>
> ECDH SS w/ HKDF and AES Key Wrap w/ 192-bit key
>
> ECDH-SS + A256KW
>
> ECDH SS w/ HKDF and AES Key Wrap w/ 256-bit key
>
>
>
> Fully-specified versions of these algorithms, again using combinations
> that make sense, would be:
>
>
>
> ECDH-ES-P-256 + HKDF-256
>
> ECDH ES using P-256 w/ HKDF -- generate key directly
>
> ECDH-ES-X25519 + HKDF-256
>
> ECDH ES using X25519 w/ HKDF -- generate key directly
>
> ECDH-ES-P-521 + HKDF-512
>
> ECDH ES using P-521 w/ HKDF -- generate key directly
>
> ECDH-ES-X448 + HKDF-512
>
> ECDH ES using X448 w/ HKDF -- generate key directly
>
> ECDH-SS-P-256 + HKDF-256
>
> ECDH SS using P-256 w/ HKDF -- generate key directly
>
> ECDH-SS-X25519 + HKDF-256
>
> ECDH SS using X25519 w/ HKDF -- generate key directly
>
> ECDH-SS-P-521 + HKDF-512
>
> ECDH SS using P-521 w/ HKDF -- generate key directly
>
> ECDH-SS-X448 + HKDF-512
>
> ECDH SS using X448 w/ HKDF -- generate key directly
>
> ECDH-ES-P-256 + A128KW
>
> ECDH ES using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-ES-X25519 + A128KW
>
> ECDH ES using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-ES-P-384 + A192KW
>
> ECDH ES using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key
>
> ECDH-ES-P-521 + A256KW
>
> ECDH ES using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key
>
> ECDH-ES-X448 + A256KW
>
> ECDH ES using X448 w/ HKDF and AES Key Wrap w/ 256-bit key
>
> ECDH-SS-P-256 + A128KW
>
> ECDH SS using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-SS-X25519 + A128KW
>
> ECDH SS using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key
>
> ECDH-SS-P-384 + A192KW
>
> ECDH SS using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key
>
> ECDH-SS-P-521 + A256KW
>
> ECDH SS using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key
>
> ECDH-SS-X448 + A256KW
>
> ECDH SS using X448 w/ HKDF and AES Key Wrap w/ 256-bit key
>
>
>
>                                                                 Thanks all,
>
>                                                                 -- Mike &
> Orie
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>