[jose] Re: draft-ietf-jose-hpke-encrypt-01
Les Hazlewood <lhazlewood@gmail.com> Tue, 09 July 2024 18:11 UTC
Return-Path: <lhazlewood@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF373C14F6A8 for <jose@ietfa.amsl.com>; Tue, 9 Jul 2024 11:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p1I6NgIHy_nh for <jose@ietfa.amsl.com>; Tue, 9 Jul 2024 11:11:31 -0700 (PDT)
Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C257C14F698 for <jose@ietf.org>; Tue, 9 Jul 2024 11:11:31 -0700 (PDT)
Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-6561850a7bcso28687947b3.3 for <jose@ietf.org>; Tue, 09 Jul 2024 11:11:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720548690; x=1721153490; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZT5vicU0PHlshu+1SMG+locJ3dxikG9CaaNJDRX6pLA=; b=czxFhSb9R8WnQQmi5KJzvc9RX13EdPHsuvZoUI0RhPIwpoDmixSxNpoFlDm3oMBvoY /AazE5I219qPb+Bfc0jbyeUWkanvWU3yN8eu2yide6EOIj9zfwJC7e5RAsWslq9DVAhi i3HyvohoSrTBIjG9Fun+pceD6Adqi+0f5TdoD8dqbez3I2rSeotkn1Kms6bTJm4CpgSj +smKvzuRO+y2jSAvaiNa5TwnRAtD0yrnXf+TmjxwBu9czecePKRUgiP6poIWGiO4aC67 eWUAgkPsSR3XtOser93K/WVhk/7j+X5cbZH9iA+TTctLyBVuimdykiPFf1FEbsF0HCKD 7iNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720548690; x=1721153490; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZT5vicU0PHlshu+1SMG+locJ3dxikG9CaaNJDRX6pLA=; b=VfLJBj5MFYlI0HRYAlOYpZwIj8MYnd+Avdo0zULr4k/hl7boT2VbQ6ODZuTZtB7uQq 2F5oLPEPR3PWAaFqgoi7I3md/bWIr/dxzrdOvuWawWoethbeNJThW0wWQnTcL+RflwK1 RbXM5sXhM71cZ9vk0GycqWDOqMod20Ab0UyHvVXcoWa1Q3MoKiHIGW9srp4NsOFlB6KL J44uKgSALsHr2JIYq/yHFQ7wdlcD4Pkf/hANCpvAK7H0wEniEY3pH8T8D+j4uGSBaN3K wdkvf1FPkNV4YEhREWN+BvONbDhd7dTefDoOOSKEHe4fcwnM7n1CdBHToUMcP6Wwuux3 LmNA==
X-Gm-Message-State: AOJu0Yxus7Ppyfj7qRFx1RptQkqImXMbH7na8NzBKFAqD4jvaPOdadv1 X/5ByoleZ991jFMa1rzh3pEWAmu4LwKBMr6CbBzp4y/b0bwzaNO1tz2kQVdCMKMJdSZOdFJgFV2 9klnBindYCd2QcBb6srzeX1qEMrtEj7tb
X-Google-Smtp-Source: AGHT+IG+H8Ejr0FaYq3AmBTksri4sBSVxLcgBnBul1kq4qJ8Lu6j8Eb9jbjoPn8DN2j7BsoHgqyrwybqpM+3bDo7N2s=
X-Received: by 2002:a81:8d4d:0:b0:643:bbee:be26 with SMTP id 00721157ae682-658ee790b76mr38449107b3.5.1720548690221; Tue, 09 Jul 2024 11:11:30 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CAN8C-_JyHsr07FcTMwA01+QTkzjxxqvv0fNpFthytSyyP+MgKQ@mail.gmail.com> <Zo1d2jNRtAjCGC4N@LK-Perkele-VII2.locald>
In-Reply-To: <Zo1d2jNRtAjCGC4N@LK-Perkele-VII2.locald>
From: Les Hazlewood <lhazlewood@gmail.com>
Date: Tue, 09 Jul 2024 11:11:19 -0700
Message-ID: <CACVbtYPOvYCQN85MAbEJJrnU-Hjz2dC3PKgfUfD2M3oDbaVspg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="0000000000007fe5df061cd475f2"
Message-ID-Hash: 7BCZLNJG4GS5XFWWLL7XINADKC7NRU4Z
X-Message-ID-Hash: 7BCZLNJG4GS5XFWWLL7XINADKC7NRU4Z
X-MailFrom: lhazlewood@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/VeKzS8IT0sJxtxjrWvKAhosrgYo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
> > This is also prohibited by draft-ietf-jose-fully-specified-algorithms > (It requires what alg to be independent of enc). > Hi Illari, Thanks for the explanation, I appreciate it. However, I think this is a huge mistake. The entire purpose of JOSE is to have a JSON-compatible metadata format for message sending and receiving; with all the flexibility, convenience, expressiveness and human-readability that implies, which is a really good thing, and solidifies the ability to be flexible over time, which is ideal for an RFC. But then to have a new specification that constrains the most important security aspect of this down to a single string? For a few downstream specifications that don’t represent the bulk of JOSE/JWT use cases? It’s saying “all the reasons we’ve chosen JOSE headers parameters, and all that implies - we’re going to ignore that and force-stuff it all into a single value for the convenience of *some* downstream specifications, all the while imposing this new inconvenient reality on ALL JOSE/JWT scenarios.” Respectfully, this is incredibly regressive. Data models *should* reflect the best-case modeling scenario, with rich expression, modularity, etc. If a new “single string alg” concept needs to exist for downstream specifications and/or convenience, *those* specification working groups should define such and not impose this on the JOSE/COSE specifications at large. It’s crippling and will forever impact how any algorithms and their potential parameters are defined in the future, and just doesn't make sense to be forced on a general-purpose messaging format. Additionally, such an initiative breaks the concepts of `alg` and `enc` as they are defined today. They are and always have been separate concepts. `alg` is a *key* management algorithm, it is not an encryption algorithm. That HPKE is composed of both operations isn’t a reason to force it into the existing `alg` construct - that's trying to do too much and force things that don’t make sense in a single header parameter that has been well-defined for a decade. Any new specification that defines a single string cipher suite definition should be *additive*, not regressive. A new header could be defined (e.g. `csuite`) and that can have that string for the times when it may be needed. Although anecdotal, I will say that not once in 10 years of maintaining probably the most-used JOSE/JWT library for the JVM and Android has anyone ever had a problem with separate `alg` and `enc` headers, and that includes all the OpenID Connect scenarios I’ve supported both professionally and as an open-source maintainer. Or if a new header isn’t desired, there’s no reason an additive specification can’t say “If you want a single string, combine the `alg` and `enc` header with a hyphen, and that’s your cipher suite”. To say that an implementation - which *must* parse the JSON header and lookup at least one parameter (`alg`) anyway - cannot lookup another header and concatenate the two before processing that value doesn’t seem to hold water in any scenario I can think of. That’s all that’s needed for cipher suite negotiation for protocols that need a single string. I’m not saying that cipher suite negotiation isn’t valuable. I’m saying it’s 1) only valuable to a relatively small set of use cases and 2) is easily obtainable by looking at existing headers and 3) it’s fundamentally regressive to a) shoehorn a new composite algorithm into a header that was never designed as such and b) force *all* JOSE implementations to operate with this concept when it’s not needed most of the time. Implementations do not need to be forced this concept on a general-purpose messaging format which has many more implications than OpenID Connect and a few other downstream specifications. Most respectfully, and gratefully, Les
- [jose] draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Michael Jones
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 tirumal reddy
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Simo Sorce
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda