IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Orie Steele <orie@transmute.industries> Fri, 12 July 2024 13:32 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AA7C151547 for <jose@ietfa.amsl.com>; Fri, 12 Jul 2024 06:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HrsCNyfJ-Os for <jose@ietfa.amsl.com>; Fri, 12 Jul 2024 06:32:55 -0700 (PDT)
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D64AC14F5E7 for <jose@ietf.org>; Fri, 12 Jul 2024 06:32:55 -0700 (PDT)
Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2c9d161affbso1515429a91.2 for <jose@ietf.org>; Fri, 12 Jul 2024 06:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1720791175; x=1721395975; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dPMXC47dTXxvK4achS91bbBndfQ2eA9o/C7jjJ9r5rE=; b=Tq4d0TTdXtjtA6yS42uQAo7VzUOgTX1LYao67BidExEUQZajWiQ0amnZuHiMFge7TR lbcsZIG4iW7MWoM4Kb0ISL/LxY0KhJ8Qb5cIThPhkY/KVLspn7Fg2ZMlIF+fW8O5OWeq V+c6EoIiFXbOfc0wWtgszxG00OTK3XAc7IjtZ81dBxConvV09S/vbPizzigYT9cs+8Wg 0NtLV4wB89Xrzstoij6WV1JTC0qTX233A59TDLfzmSNmqrc+q9Y/DvLt93r22CiadPKC K2qrTc/slYlacz8CBCWiM4LrGycZ1sj+48qKHn9Ga6xAGfp7y0CC3yYbZYowwhf21pX3 Gr/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720791175; x=1721395975; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dPMXC47dTXxvK4achS91bbBndfQ2eA9o/C7jjJ9r5rE=; b=quPiDETsN7n+8KewnhdBJW0lDclYpB1EOmWgr+nCNnSJRow7x5dtSfHgiC+waedEKz LnaAzvK4gzHu2/xiwQgAN2qOGIbNGbnodTbT/taBEP32eXZozMB6DgJLZEdPB9UciZE/ mKaGZ//wZON++yEnRNeSMgXH/lCBKWnWWLwNsailArOg1PvDPg2rOZa3ZEMEjMa9RLeb peXWxoI8+ev3icXevxqyevkzbvlquyE5CqmmFY9Iok2Uq5yde439OjiXO8NF3yB53ejW kTSge5xOj0y4ycDsikEIZZAUdJWeYVNDcfHU7+2Y1ZjgWn0xeu4ULdSPeUt6gqgal4Yu SbTQ==
X-Forwarded-Encrypted: i=1; AJvYcCVwWkwo30eGn/HhA8uER8lK13eqZUBBSVrWf59pJc68ebFnBshs/boBo9QqAHpAznkBJR7dQJ0i8YtBp3io
X-Gm-Message-State: AOJu0YyRcBXAGK+HkKSBFeDyOXpi+HyhlvNUPmABxyZkzKsb+9EEIkeI wgHupMq6hDC47IOOWIrc3Zz2IaVE5cWHcIE+dAIfTGQCIXheFxcA9kOoNxeSYnIDqBnvr4IKgFk s53B3Phy8EHdJeXRICzOY9yEhV7tBKboNeJ+uU1CJd8HT7wUWaRk=
X-Google-Smtp-Source: AGHT+IHo0GxrfTbBKQNfoZeKFTq5hw/HSyoVMrjSPGXq7hT6701YKAFpSdLp+SSNvopN+0Xwlg9M8nX5g8XCth5L0ik=
X-Received: by 2002:a17:90a:e54f:b0:2c8:e888:26a2 with SMTP id 98e67ed59e1d1-2ca35c291c0mr9029375a91.13.1720791174538; Fri, 12 Jul 2024 06:32:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com> <CAFpG3gctSyVhC4gFJ4f00YoRKT4AyiOm84oB3XntQCT43QxZww@mail.gmail.com> <Zo-M5079iwsR5G3v@LK-Perkele-VII2.locald> <CAFpG3gc-OmjdgPTmE73n9WFepnmOi3E=ZL+o-r9=qzO48Bw-6Q@mail.gmail.com> <Zo_XJ25UP0PgoGzM@LK-Perkele-VII2.locald> <CAFpG3ge1JjpeGO4cBY6bD4nfwWJwCjTRAa278BNnLbyzm9rGHQ@mail.gmail.com>
In-Reply-To: <CAFpG3ge1JjpeGO4cBY6bD4nfwWJwCjTRAa278BNnLbyzm9rGHQ@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 12 Jul 2024 08:32:43 -0500
Message-ID: <CAN8C-_LqCpvCE4EbxhQFccSnJMHB=FRj-rVUQk7yA3ysKxMwkg@mail.gmail.com>
To: tirumal reddy <kondtir@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b1186a061d0cea99"
Message-ID-Hash: PB5LO5LAOHR45QT36LGVHEBLUVPNHJIP
X-Message-ID-Hash: PB5LO5LAOHR45QT36LGVHEBLUVPNHJIP
X-MailFrom: orie@transmute.industries
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/YGlUkLr67tgjdE-B1a4f7Hl9Gw4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Can we take debate of "HPKE secret export" to a new thread? AFAIK it has
not been proposed to be used in either JOSE or COSE.

I'm adjusting the current proposals to match the comment from Matt Chandra
on the other thread:

## draft-ietf-jose-hpke-encrypt-01 call topic number 1 (Yes / No):

### For HPKE JWE Integrated Encryption Mode:

The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
The "enc" value SHALL be "dir".
The working group SHALL draft text explaining what "enc:dir" means, and how
it related to "alg".
The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
The hpke-aad SHALL from JWE Section 5.1 step 14.
*The hpke-info SHOULD be empty.*

## draft-ietf-jose-hpke-encrypt-01 call topic number 2 (Yes / No):

### For HPKE JWE Key Encryption Mode:

The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
The "enc" value SHALL be any registered AEAD here -
https://www.iana.org/assignments/jose/jose.xhtml, per section of RFC7518.
The hpke-aad SHALL be ECDH-ES FixedInfo  *(citation needed @ilari can you
provide a reference here please?) *

*The hpke-info SHOULD be empty.*
Changes are in bold.

There is also an issue to track applying this update
https://github.com/OR13/draft-ietf-jose-hpke-encrypt/issues/2

Regards,

OS

On Thu, Jul 11, 2024 at 9:22 AM tirumal reddy <kondtir@gmail.com> wrote:

> On Thu, 11 Jul 2024 at 18:29, Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
>
>> On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote:
>> > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <ilariliusvaara@welho.com
>> >
>> > wrote:
>> >
>> > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote:
>> > > >
>> > > >
>> > > > I would like add another option proposed below for HPKE JWE
>> Integrated
>> > > > Encryption Mode:
>> > > >
>> > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256".
>> > > > The "enc" value SHALL be " A128GCM".
>> > > > The hpke-aad SHALL be of the form "protected (.aad)", as described
>> in
>> > > Step
>> > > > 15 of RFC7516.
>> > > > The hpke-info SHALL be the same as is provided to concatKDF info for
>> > > > ECDH-ES, as described in
>> > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2
>> > >
>> > > JWE does not allow doing that.
>> > >
>> >
>> > Why does not JWE allow use of  {"alg" : "HPKE-P256-SHA256", "enc":
>> > A128GCM"} in case of direct key agreement mode ?
>>
>> That would preclude bulk encryption using HPKE and require using HPKE
>> secret export (SendExport* and ReceiveExport*) for generating CEK for
>> performing standard JOSE bulk encryption. More complicated to implement,
>> but does not need JWE extensions.
>>
>
> I don't get the complication, HPKE secret export is already used by
> protocols like OHAI.
>
> -Tiru
>
>
>>
>> When it comes to JWE modes, stuff either is or is not, there is no
>> "similar".
>>
>>
>>
>>
>> -Ilari
>>
>> _______________________________________________
>> jose mailing list -- jose@ietf.org
>> To unsubscribe send an email to jose-leave@ietf.org
>>
> _______________________________________________
> jose mailing list -- jose@ietf.org
> To unsubscribe send an email to jose-leave@ietf.org
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.37.1 | Report a Bug | By Email | System Status