[jose] Re: draft-ietf-jose-hpke-encrypt-01
Les Hazlewood <lhazlewood@gmail.com> Tue, 09 July 2024 04:09 UTC
Return-Path: <lhazlewood@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3383C1F6C8A for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 21:09:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QqS-3iIgR75A for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 21:09:19 -0700 (PDT)
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586B8C1F58AB for <jose@ietf.org>; Mon, 8 Jul 2024 21:09:19 -0700 (PDT)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-64d408a5d01so43282057b3.1 for <jose@ietf.org>; Mon, 08 Jul 2024 21:09:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720498158; x=1721102958; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kaZSFNYbgrFkq2KQsaTtcbB5iK8lRZN+zK4PuLOC+PI=; b=Mxi/hudqHSP5Mj/ZRx4BC/9UfTUm+Q2Xby8uVP1l+y6gzbHSavVAZ6p0OH67xDQXQB By9frJ0bEdI81zVCWubwD9nlXh1UhL6ZMe3abCn+U/0u5fzrBsPlQfGo6VMJSH0dwggf NCdfD+WilCADLeFEryKB57v5f1j1/8DeEFHRDUKRNncUHyVjiFZCu7p16ifnvcNwojdH WcjU+y9x69zEo6AUml6Te2/uJ6zxKeZmfS6cqcUjQ9TZK9qO6xOBvzvS+BMa+5dANGl1 at3PJKeeLbAktKPZr3f1yJp3iVxdv/Alsvd8eGhn+1Wom6C9we5YYVRxGMiXCaPjfjyz Yc8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720498158; x=1721102958; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kaZSFNYbgrFkq2KQsaTtcbB5iK8lRZN+zK4PuLOC+PI=; b=xOW77ur08Wtl0aGKxkiRBiFPW9Mmy7LGq8TcK329Efy48xAlB2g5dIQUXAxLCG41RC YmrKzqxF76KqgHeSKIUA2ElRl5x1clQj5s4y/ZKknGH64fKnqFW9VYOK1oXdUJmbZSnQ 6vwS163pbnpeU58KAOlo09Wgwn1l3uRRRgboXcM+LYYMXSl+SWCK6KCR7XNDPMc1qhMn DhLRokI6gVA1DHqTSGvjgvxZD4JDgx4vE2J8GT+6PWQVBNFSPnkPJ0m4KwRMUYqUbKQ2 vk8xjyZTGGz8N5Ovg3wilmajNow1iWzcL4bJYojiqHB+Q33SVJmeFpYpp1TjhFdd2HDB kIig==
X-Gm-Message-State: AOJu0YziRaIRrQr6LBVa2IyAu9h34wH5Xxdc7hhWo8Dsxw/hvuaJ17Fk Km333lmvCTbZBx0zXNzR8/qAV4V/+34wOguK0XZnMps0aiAiXfkVkKmCkpCE1ZRL3AGN3/ylARF bediLKCVn2kgmAh0YCQm1Hb5WfwM6E3QJ
X-Google-Smtp-Source: AGHT+IEQZek3TW6noF5e1h7+ghzKg6QMd+SBIn7Pzvbs7mkdP9t/sEj//lFjFrmBZbGwUIcjFFTEftU20u/F+WVrwX8=
X-Received: by 2002:a81:fe07:0:b0:632:12b:8315 with SMTP id 00721157ae682-658eed5ea7dmr17136567b3.22.1720498158100; Mon, 08 Jul 2024 21:09:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CACVbtYOKCrqs_tf2QUqJ1P-WWd7WeKw_VMzqgCyCvaaXmqTppA@mail.gmail.com> <CAN8C-_JrUM_uiVAprfFf_-ZnZcy86-hm6t5KWp5_2qavn0+zUQ@mail.gmail.com> <CACVbtYNeo6m9wnuE3utgG5+j63EiUjHV96QFcdzp6-sVsCmuVQ@mail.gmail.com>
In-Reply-To: <CACVbtYNeo6m9wnuE3utgG5+j63EiUjHV96QFcdzp6-sVsCmuVQ@mail.gmail.com>
From: Les Hazlewood <lhazlewood@gmail.com>
Date: Mon, 08 Jul 2024 21:09:07 -0700
Message-ID: <CACVbtYMWgfVLiiKz9HB9M58E2gd6SmR6srzLA3kaV8yq4JMHJA@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Content-Type: multipart/alternative; boundary="0000000000008ce89a061cc8b170"
Message-ID-Hash: CPRUDISMLUQMDLPIEVSHB6RTGJFMZKU2
X-Message-ID-Hash: CPRUDISMLUQMDLPIEVSHB6RTGJFMZKU2
X-MailFrom: lhazlewood@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/L-sJC6GnzZnH6gJfaCRUUp9vpDs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
I spent some more time thinking about this and diving in to implementation code and thinking about options, so for fear of being too noisy in this thread, I'll wrap up my final thoughts about this if it's helpful: I *really* like how clean the following works from an implementation perspective - it makes it very easy to lookup and compose behavior as well as parse and produce HPKE string IDs: "alg": "HPKE", "kem": "P256", "kdf": "HKS256", // to differentiate from JWS mac identifier HS256 and avoid confusion "enc": "A256GCM" I personally appreciate how, for the union JWE JOSE Header, there is always an `alg` and `enc` value as expected, and the `enc` value retains the exact same semantics as existing JWE RFC values (i.e. an AEAD content encryption algorithm id). There are only new additions, no semantic changes. No confusion. With regards to key encryption/wrapping, you could have "alg" be any of the following: HPKE // integrated encryption, all others below are key encryption/wrapping HPKE+A128KW HPKE+A192KW HPKE+A256KW HPKE+A128GCMKW HPKE+A192GCMKW HPKE+A256GCMKW HPKE+... This has a few benefits: 1. The differentiator between integrated and key encryption is clear - either HPKE only or composite of HPKE + a key wrap/encryption algorithm 2. Wrap algorithms are the same as already defined in JWE/JWA 3. As you point out, ECDH-ES* already works the same way, so it's familiar. Taking this even further, to again avoid permutation registrations and easily support future wrap algorithms, this could all be represented as: "alg": "HPKE", "kem": "P256", "kdf": "HKS256", "kwa": "A256GCMKW", "enc": "A256GCM" where `kwa` (or similar) simply means the key wrap algorithm applied to the kdf output producing the cek ciphertext. No `kwa` parameter always means Integrated Encryption and thus no cek ciphertext. Anyway, I think I fully understand the design challenges and how they could impact implementations, thanks so much Orie for your time and explanations! Cheers, Les >
- [jose] draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Michael Jones
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 tirumal reddy
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Simo Sorce
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda