IETF Logo Mail Archive

[jose] HPKE PartyU / PartyV

Orie Steele <orie@transmute.industries> Tue, 27 February 2024 20:03 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8F32C151083 for <jose@ietfa.amsl.com>; Tue, 27 Feb 2024 12:03:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yw0utdV_ZVw for <jose@ietfa.amsl.com>; Tue, 27 Feb 2024 12:03:17 -0800 (PST)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE9DBC151088 for <jose@ietf.org>; Tue, 27 Feb 2024 12:02:28 -0800 (PST)
Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-1dc0d11d1b7so39446885ad.2 for <jose@ietf.org>; Tue, 27 Feb 2024 12:02:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1709064148; x=1709668948; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Av9RHatEdGtQxwThHqh4x3SzENyhwao7TTUDuhyVFSk=; b=VZCJy+OCFdYPSSdA7YAKkAptDpaxefYFRnKRU+uy+qLc407wrIqMF+zo45DzB2UBxz nvBtAdEzR6RNjV79wS098Rv64Py5sh6T3j/uKYpPCCbE0gWOSx9dXSvXmP6od0Jg8NjC K/mT6VNkvuwqoma6zIZiFwQZhHLHPkzBWddfh6wE5JIiBixCW916o8cGLIOR5ZVA9oZM fNUB0Y8lUTPrcs82oiB3E28lPFXe3ROHLX9GAqyZOS8WBq3DxN73Dzb5bbF12K/J9DF/ SjNyeQYbDtYJL/7BhWIe68XeS2mi68axCU1Chh0RDsBbxK/RjdEhz9XSBoixBT3fZH81 GNBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709064148; x=1709668948; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Av9RHatEdGtQxwThHqh4x3SzENyhwao7TTUDuhyVFSk=; b=qnea4xK1n55t/ndzQ1b7/zEOO99DmL3hTia2LdP6PEy9oyXEJhv86vMGrQXkZCgbCm 004cRg3d0iNVvzx+EYTw2JRoXLI42+8qPlLkAs5FJlApR25+lDy3ow4VTM3qnOOgHoCM jgmcQ68spyp/E8J020KDq6IfSXhcQNsoIhO06qrZrJAVEw6U+m/Kabs6MSgBFK0QMoe5 jspKcmCmU1ClVTt8dGH5pWIwmniQT4Pr1IhbyhyduLIHoJ1nCFD0eNFoZCEK97RxmwvN fyIDYWO7yd2Nr+cRHzc8qFlOpLnUySc7oeIP5s0aDUbAzXeCjL/AuTWCLoD2VQzJ9WQU 0w1g==
X-Gm-Message-State: AOJu0YyjXHS53u73euEP+CO3WvJESctz+XVEGIqUSmV2t7Ndj92+s6jm iT8NNwpTBlXlUmJFFj9dpkH2JfnMTK5BkTUb2fPOxLegQ7qErR8Y+3bn6q+A48//gVImmymTVhs JUaLR1qPc/IQ5TzF2Sc1T97a3XNRDLWyORcDVPl1xsXBKX3/Auh47lg==
X-Google-Smtp-Source: AGHT+IHW1OGwW1lhUaw6mguUkYHXDhOK6MxgVbVrX/zistqbzi8ZZiTIPyBVEfe0uOk9G7sYD4A+RnuHCuhr5/tvpzQ=
X-Received: by 2002:a17:903:2302:b0:1dc:b3ba:40aa with SMTP id d2-20020a170903230200b001dcb3ba40aamr5389583plh.47.1709064147599; Tue, 27 Feb 2024 12:02:27 -0800 (PST)
MIME-Version: 1.0
From: Orie Steele <orie@transmute.industries>
Date: Tue, 27 Feb 2024 14:02:16 -0600
Message-ID: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com>
To: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006aa15c0612628154"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/_bQA_zVydW0powZJtDMzyc_gZP4>
Subject: [jose] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2024 20:03:21 -0000

Hello OSE-Enthusiasts,

As we align JOSE and COSE drafts for adding support for HPKE, we've
encountered our old friends:

PartyU and PartyV...

JOSE has this to say:
https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.1.2

"""
   The "apv" (agreement PartyVInfo) value for key agreement algorithms
   using it (such as "ECDH-ES"), represented as a base64url encoded
   string.  When used, the PartyVInfo value contains information about
   the recipient.  Use of this Header Parameter is OPTIONAL.  This
   Header Parameter MUST be understood and processed by implementations
   when these algorithms are used.
"""

COSE has this to say:
https://datatracker.ietf.org/doc/html/rfc9053#name-context-information-structu

(TLDR... No MUST).

We have an opportunity to maintain parity here, and essentially
repeat the support for behavior we have in JOSE and COSE for
"ECDH-ES+A128KW", when PartyU and PartyV are present.

HPKE has support for enabling this consistently, and JOSE and COSE have the
structures we need to use, already defined.

My question is not if we can do this, it is SHOULD we do this....

I've always found this part of encryption in JOSE troublesome, why is it
necessary for HPKE to support this?

Are we passing up an opportunity to simplify things and remove an
unused/underutilized feature from being required in a new, and currently
not used encryption scheme (HPKE).

Is it time for apu and apv to be ignored when present and not understood?

Regards,

OS

-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email