IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Orie Steele <orie@transmute.industries> Thu, 11 July 2024 13:33 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C38A1C1CAF4C for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 06:33:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qi1sqbYzeuPP for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 06:33:31 -0700 (PDT)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A7F6C169432 for <jose@ietf.org>; Thu, 11 Jul 2024 06:33:31 -0700 (PDT)
Received: by mail-pg1-x536.google.com with SMTP id 41be03b00d2f7-75a6c290528so567908a12.1 for <jose@ietf.org>; Thu, 11 Jul 2024 06:33:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1720704811; x=1721309611; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uwcoK0psSEW1uDBszRPOPS9/p6EFqz5D6hvnnwagtz4=; b=Fk6q6bgvXE1jSTmRVtTAqCkHmoTWWrK/b+fVQZny0X5GaX7i7u/elWzWfl9HJoSWXE XDdjhw8XAcpNj8EWZpWbBVS3kfaI5siB4U2Qgb5CvN5q2/Pm8n8qUMBZ2E9ZP7QUEDd0 44F2hplXr8dA1iSdA3743kJxFjXJrwFYTwBVCseXzxaAFMDR4omY/3DJI0NaeYy024St XgtP/euaXBSzk3ydjrZy1ZUaNlfuzd+YZLyo3sv8eR2G0BIFBV6s+U8evgO4OEfOxGI6 2vXP76hzk9Mb7wJ0rVMoLyp/5Ug+HIRSofRrws40jWqF7PoqWjSjmfRcfbwSiF+/ooEQ JukQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720704811; x=1721309611; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uwcoK0psSEW1uDBszRPOPS9/p6EFqz5D6hvnnwagtz4=; b=kVB/YlSGzqmHSaTI7WGfjGig9ErhaWDj6Q1ojCVCHuRRIpxoQGXZJk8d4/ggD8kPny zMoP8Y5zFCc6KO5oN3sAcOkdCQkmLmeFKTZeKKG+Augcx1yCapewkw/GL/wHMYXXDo7j AHSwHOa/4fhGQ4q2QI+fa7XTbC0W9VImzVbw0BnC9rZLzLPkhvAT7KVf0mB2NdY2yARW Drv+Y4MBJK/gFgkcCmxvnv4SMFagqPg1Qsb/ivOb1NWSZ6Bz5+UgS42/Ka4FPEYHX+P4 j8fu97x7sTGkK+QT+DLMIv77TWqmBEV2ex7mtX0W8Xwt1hG41dxcwdDPIoDJeCqyLMZ3 eRvA==
X-Gm-Message-State: AOJu0YxOPzNoo5t89QbIvGoXE6rmk/yORK3WlgO0py8BDS9JR+3qazwm m/nMi77MUtfT8f2TvtX97r2vss1oHv/cvFVRe9tGbZdwco2ddPqxpwx92n0x2o8zPParQwus3Hj YTEwnKK2yjT4YjlaYEjLY/xVeIkvn/GvBTJPyXHs9hjStPzlC
X-Google-Smtp-Source: AGHT+IEMeyDDTfLGVJm0PGIIAo9dasTPKvAmDW8S0tnUaFI5hcTozdREH+pPM/PPCeX0zbOiXc/b+pHcg8ueulz8eko=
X-Received: by 2002:a05:6a20:4322:b0:1c2:8949:5bc5 with SMTP id adf61e73a8af0-1c298205fa9mr10556176637.11.1720704810631; Thu, 11 Jul 2024 06:33:30 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com> <CAFpG3gctSyVhC4gFJ4f00YoRKT4AyiOm84oB3XntQCT43QxZww@mail.gmail.com> <Zo-M5079iwsR5G3v@LK-Perkele-VII2.locald> <CAFpG3gc-OmjdgPTmE73n9WFepnmOi3E=ZL+o-r9=qzO48Bw-6Q@mail.gmail.com> <Zo_XJ25UP0PgoGzM@LK-Perkele-VII2.locald>
In-Reply-To: <Zo_XJ25UP0PgoGzM@LK-Perkele-VII2.locald>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 11 Jul 2024 08:33:18 -0500
Message-ID: <CAN8C-_JcQV0m3oFOnc=JG_wU1yCbaJdy7R1=kYR+yCFYE6_-tw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="0000000000000066ab061cf8cff7"
Message-ID-Hash: CNDI5CL4XQSUBOQQCTR7NSOWWJUFZ6W7
X-Message-ID-Hash: CNDI5CL4XQSUBOQQCTR7NSOWWJUFZ6W7
X-MailFrom: orie@transmute.industries
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/YEkAuQYgyhUzJCE9miI5eRn5RKQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Ilari's how would you modify the 2 proposals?

Tiru, let's stick to the 2 I've outlined here.

There's been a lot of discussion, we've shown this list every possible
angle... We need to start eliminating variables not adding new ones.

We want this thread to focus on concrete refinements to these proposals, if
you object to text please offer a resolution, which could include simply to
remove the sentence from the proposal for now.

Our goal is to make sure that -02 has new text that the working group
agrees with.

Let's not argue over what is in JWE, let's argue over the text that will go
into the next draft version.


On Thu, Jul 11, 2024, 7:59 AM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote:
> > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <ilariliusvaara@welho.com>
> > wrote:
> >
> > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote:
> > > >
> > > >
> > > > I would like add another option proposed below for HPKE JWE
> Integrated
> > > > Encryption Mode:
> > > >
> > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256".
> > > > The "enc" value SHALL be " A128GCM".
> > > > The hpke-aad SHALL be of the form "protected (.aad)", as described in
> > > Step
> > > > 15 of RFC7516.
> > > > The hpke-info SHALL be the same as is provided to concatKDF info for
> > > > ECDH-ES, as described in
> > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2
> > >
> > > JWE does not allow doing that.
> > >
> >
> > Why does not JWE allow use of  {"alg" : "HPKE-P256-SHA256", "enc":
> > A128GCM"} in case of direct key agreement mode ?
>
> That would preclude bulk encryption using HPKE and require using HPKE
> secret export (SendExport* and ReceiveExport*) for generating CEK for
> performing standard JOSE bulk encryption. More complicated to implement,
> but does not need JWE extensions.
>
> When it comes to JWE modes, stuff either is or is not, there is no
> "similar".
>
>
>
>
> -Ilari
>
> _______________________________________________
> jose mailing list -- jose@ietf.org
> To unsubscribe send an email to jose-leave@ietf.org
>

v2.37.1 | Report a Bug | By Email | System Status