IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 11 July 2024 07:48 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D246C151063 for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 00:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSIJCTaeLoET for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 00:48:26 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4b.welho.com [83.102.41.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11283C14F706 for <jose@ietf.org>; Thu, 11 Jul 2024 00:48:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 38F88683A2 for <jose@ietf.org>; Thu, 11 Jul 2024 10:48:23 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id zo2iYKInbcm2 for <jose@ietf.org>; Thu, 11 Jul 2024 10:48:22 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 9B7F03BA for <jose@ietf.org>; Thu, 11 Jul 2024 10:48:21 +0300 (EEST)
Date: Thu, 11 Jul 2024 10:48:21 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>
Message-ID: <Zo-ORUIGPXHhsa0G@LK-Perkele-VII2.locald>
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: UGGMH6VO7E2PVUTRJP2TW23GNRWFCOTG
X-Message-ID-Hash: UGGMH6VO7E2PVUTRJP2TW23GNRWFCOTG
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/MZs_SuWJ_vA14uGONzW4WEgcmIU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

On Wed, Jul 10, 2024 at 10:45:11AM -0500, Orie Steele wrote:
> Thanks to Ilari for capturing suggested changes to
> draft-ietf-jose-hpke-encrypt-01 for "alg" and "enc".
> 
> See: https://mailarchive.ietf.org/arch/msg/jose/AQPIjws_5cjnCb_3S7UR688W4uM/
> 
> ### For HPKE JWE Integrated Encryption Mode:
> 
> The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
> The "enc" value SHALL be "dir".
> The working group SHALL draft text explaining what "enc:dir" means, and how
> it related to "alg".
> The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
> The hpke-aad SHALL be of the form "protected (.aad)", as described in Step
> 15 of RFC7516.
> The hpke-info SHALL be the same as is provided to concatKDF info for
> ECDH-ES, as described in
> https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2

Maybe I was unclear, I didn't suggest using hpke-info, or modifying
aad for Integrated Encryption mode.

Even if implementation supports multishot (and thus allows using both
info and aad in the same message), there is still the 64 byte limit
for info, which is too small for ECDH-ES context.

 
> ## draft-ietf-jose-hpke-encrypt-01 call topic number 2 (Yes / No):
> 
> ### For HPKE JWE Key Encryption Mode:
> 
> The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
> The "enc" value SHALL be any registered AEAD here -
> https://www.iana.org/assignments/jose/jose.xhtml, per section of RFC7518.
> The hpke-info SHALL be the same as is provided to concatKDF info for
> ECDH-ES, as described in
> https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2
> The hpke-aad shall be empty.

Again, maybe I was unclear, but I suggested using hpke-aad instead of
hpke-info. The 64 byte size limit for hpke-info is too small.




-Ilari

v2.35.0 | Report a Bug | By Email | System Status