IETF Logo Mail Archive

Re: [jose] HPKE PartyU / PartyV

Neil Madden <neil.e.madden@gmail.com> Wed, 28 February 2024 14:10 UTC

Return-Path: <neil.e.madden@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE472C14F695; Wed, 28 Feb 2024 06:10:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.193
X-Spam-Level:
X-Spam-Status: No, score=-1.193 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dggu3-mwlmVU; Wed, 28 Feb 2024 06:10:24 -0800 (PST)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4244DC14F680; Wed, 28 Feb 2024 06:10:24 -0800 (PST)
Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2cd3aea2621so25017761fa.1; Wed, 28 Feb 2024 06:10:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709129422; x=1709734222; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=7XcJq8gy9ed0lAevYSywzXi6y64BejN43mxAWCJDSOE=; b=gWcnmp2JTlQnEIOpO5YO6OflGzcTCNUttOksfiUt5DXkMxWNyc0YzvNQdMO2TgQcBd PxAKu/DGs0Aa9mGXS6Q/rBzKrdecnqSwn5GQ/8noFAgoF+LQlA0hLfRdkB4pEZrqfIV7 pfQihUXToiYNKeQPGec3tMAjVcREZiDU2dArfJcyYwlcT62FgQItUVwdAH6cRrSnpEpE ugIC1Vg0u4e7WQokzlVwnSIGkgpHVuywYhYtcjYov5J8IANsINP+ohvNGLKopwn9cmFn FWfZfaEPlSCcWd/PL4ksJENlyHqAOaZ9cagnD3GpcJx6f9a4/hIVjpGmcchGEWhnA+0F L+xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709129422; x=1709734222; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7XcJq8gy9ed0lAevYSywzXi6y64BejN43mxAWCJDSOE=; b=o6O2YPC9eiy9ucInQDYNb4ZcSQLAfwZxvuK9gG3MoLSanhWU7BBifo3aHnne/MEku4 XwoQApQO5wm4MrI1gtxcle3fT5j5MW0muEWX1ZEIq1yE7N+RpGMXiFk9JnbrSTSUh97g 6g0Z9FMmgtq7Pyd0MEXFYtOKU5DvtydIpCfROyuU6Iz/k+QiQ1X6cDwfF8H4VDsZx5+L R1D9QbQSI+nNB/FfjoZkdPGnxOeTJ9CHTQnTwPs7rOOEh6ft0ypstU3KenSoUY/w1woA igrD20cttD/y07Kwac0fNgt2rVehg5HXm1KMk+RTFBe/Pva4an7cczrzwUMDPiCx8uSH pybA==
X-Forwarded-Encrypted: i=1; AJvYcCX/5+PElB2jruW2pYE04MtMSoNzzVQK2s2uQ3mgt6lfgS+3/cWviAGDYAVkdC85TdsslyqEpeuXwds0/VmX
X-Gm-Message-State: AOJu0YzgFKh8pr9FXTIp/NIC03eeT80Vp0cSX88AMewnouoLmOgUYZU8 nu/tpSf5k4tk41U0aytBWMLg0eU/ckbRFzcwSymE+ilQpTzshEPmKnEQjZqz
X-Google-Smtp-Source: AGHT+IESfcOjJZXE25G3C/1ZzVmzAMVLDMePcmqAZPEvqeZZNxCPHK/OL9Rn4Efm6+2ugcAaBKCIDg==
X-Received: by 2002:a2e:b0c6:0:b0:2d2:51ec:6fff with SMTP id g6-20020a2eb0c6000000b002d251ec6fffmr7556656ljl.2.1709129421495; Wed, 28 Feb 2024 06:10:21 -0800 (PST)
Received: from smtpclient.apple ([213.31.218.202]) by smtp.gmail.com with ESMTPSA id l18-20020a05600c1d1200b00412a30cd127sm2340706wms.7.2024.02.28.06.10.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 28 Feb 2024 06:10:21 -0800 (PST)
From: Neil Madden <neil.e.madden@gmail.com>
X-Google-Original-From: Neil Madden <Neil.E.Madden@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-F50F1990-9FBF-483D-A244-4F358C70DBA4"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Date: Wed, 28 Feb 2024 14:10:10 +0000
Message-Id: <ED555D3D-6C43-4F5B-A87A-11A03230990A@gmail.com>
References: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com>
Cc: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
In-Reply-To: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
X-Mailer: iPhone Mail (21D61)
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Uo4kuen-ItXWHaaUKf6BocBrbH4>
Subject: Re: [jose] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 14:10:27 -0000

From a JOSE point of view, I would ignore them. I have used these fields, but only to put a hash of the public keys into to ensure non-malleability and proper identity binding. HPKE already does that. IMO it would be nice if JOSE had a way to inject such contextual information *without* putting it in a header, but it is what it is. 

PS - I’m not sure how useful it is to cross-post these questions to both JOSE and COSE groups. In my experience, they are very different standards, with very different use-cases. 

— Neil

On 27 Feb 2024, at 20:03, Orie Steele <orie@transmute.industries> wrote:


Hello OSE-Enthusiasts,

As we align JOSE and COSE drafts for adding support for HPKE, we've encountered our old friends:

PartyU and PartyV...

JOSE has this to say: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.2" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.2

"""
   The "apv" (agreement PartyVInfo) value for key agreement algorithms
   using it (such as "ECDH-ES"), represented as a base64url encoded
   string.  When used, the PartyVInfo value contains information about
   the recipient.  Use of this Header Parameter is OPTIONAL.  This
   Header Parameter MUST be understood and processed by implementations
   when these algorithms are used.
"""

COSE has this to say: https://datatracker.ietf.org/doc/html/rfc9053#name-context-information-structu" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc9053#name-context-information-structu

(TLDR... No MUST).

We have an opportunity to maintain parity here, and essentially repeat the support for behavior we have in JOSE and COSE for "ECDH-ES+A128KW", when PartyU and PartyV are present.

HPKE has support for enabling this consistently, and JOSE and COSE have the structures we need to use, already defined.

My question is not if we can do this, it is SHOULD we do this....

I've always found this part of encryption in JOSE troublesome, why is it necessary for HPKE to support this?

Are we passing up an opportunity to simplify things and remove an unused/underutilized feature from being required in a new, and currently not used encryption scheme (HPKE).

Is it time for apu and apv to be ignored when present and not understood?

Regards,

OS

--


ORIE STEELE
Chief Technology Officer
www.transmute.industries

https://transmute.industries" target="_blank" rel="nofollow">https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc">

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email