[jose] Re: draft-ietf-jose-hpke-encrypt-01
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 09 July 2024 06:22 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AB15C1CAE93 for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 23:22:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTfdK2dDHeAJ for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 23:22:42 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9EE2C1CAE92 for <jose@ietf.org>; Mon, 8 Jul 2024 23:22:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id B5BA8140A8 for <jose@ietf.org>; Tue, 9 Jul 2024 09:22:38 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id bIzwOYU48CJY for <jose@ietf.org>; Tue, 9 Jul 2024 09:22:38 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 83A852323 for <jose@ietf.org>; Tue, 9 Jul 2024 09:22:37 +0300 (EEST)
Date: Tue, 09 Jul 2024 09:22:37 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>
Message-ID: <ZozXLZ8GWUhG1yFY@LK-Perkele-VII2.locald>
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CACVbtYOKCrqs_tf2QUqJ1P-WWd7WeKw_VMzqgCyCvaaXmqTppA@mail.gmail.com> <CAN8C-_JrUM_uiVAprfFf_-ZnZcy86-hm6t5KWp5_2qavn0+zUQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAN8C-_JrUM_uiVAprfFf_-ZnZcy86-hm6t5KWp5_2qavn0+zUQ@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: C4ZUPB5BRNURO5S3QPU7IFHXJWMYJMRX
X-Message-ID-Hash: C4ZUPB5BRNURO5S3QPU7IFHXJWMYJMRX
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ZuC-41hSqWs0kZ-9WTMFCAaglU0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Mon, Jul 08, 2024 at 09:51:58PM -0500, Orie Steele wrote: > Thanks again for your comments. > > You have highlighted that choosing a different encryption algorithm for the > content encryption could make the examples clearer. > > You have also generally captured the intention of the 2 modes. > > If we were to register HPKE-P256-SHA256+A256GCM and HPKE-P256-SHA256 > > It would be essentially the same as ECDH-ES and ECDH-ES+A256KW. This assumes that HPKE-P256-SHA256 works as Direct Key Agreement (like ECDH-ES is). This is technically possible via HPKE Secret Export API. > Arguing against fully specified encryption algorithms for a moment... We > might drop the curve and kdf parts, and set the kdf to be always sha-256 > for JOSE. > > This would reduce number of registrations. > > alg: HPKE, enc: A128GCM > alg: HPKE+A256KW, enc: A128GCM > > However, we would now not be able to negotiate for post quantum encryption > by algorithm alone. There is another problem: In some cases it is not possible to tell which KEM was used. Currently, the KEM used is always unique (even with things like P-256 versus CP-256), but in the future that might not always be the case. > Key generation would need to be aware of kty and crv... We might not have a > way to easily distinguish between ML-KEM-768 and other KEMs for the same > kty. ML-KEM-768 and other KEMs is easy, those can be told apart from the (horribly named) crv value. And even stuff like P-256 versus CP-256 can be told apart from the length of the encapsulated key (65 bytes versus 32 bytes). Where one gets into trouble is KEMs that only differ in internal KDF. Currently there are none, but that could change. > A benefit of fully specified HPKE algorithms is that negotiation is > simplified, and key generation can be aligned to what can be negotiated. > > If it's important to be able to negotiate for integrated vs key encryption, > it is important that they be implied by the algorithm registrations we > request. Yes, fully specified algorithms is about interop, not about security. -Ilari
- [jose] draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Michael Jones
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 tirumal reddy
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Simo Sorce
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda