Re: [jose] HPKE Compact JWE Demo
Michael Jones <michael_b_jones@hotmail.com> Sat, 10 February 2024 21:47 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74EC9C14F5E6 for <jose@ietfa.amsl.com>; Sat, 10 Feb 2024 13:47:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.232
X-Spam-Level:
X-Spam-Status: No, score=-6.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCuGTWjW1B8V for <jose@ietfa.amsl.com>; Sat, 10 Feb 2024 13:47:28 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2020.outbound.protection.outlook.com [40.92.19.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C925C14EB17 for <jose@ietf.org>; Sat, 10 Feb 2024 13:47:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lXCIjku+G7pcVz4d9UDncuKXJocT0E/HEHCoL5UWITlkjAfL1MgHtc/mP6IohWx1PKWjaw8qHhVZslREdnvkD43BYVgQ29/+by8AClEKAdEahyS9sKEceeDUZmibXVMXJkFKnrI0DW0gaEMJzzQzwIfDoOduorcIqKPvxKy8rT5BQqTlu5jfraI6TLL+T/mxahPjmQjY4mMB348jNXsQgFQkJY2vdTuczu+vIpgrqIKg8qsjDJ6nZ8rY72PLldtMAVBc7FNB3cukB4N5kntLhSYTV4WrmFiX4gW7lUtMheRBmUynm23SYp9sO3TqrmOj5sckWFZ8O4TFxbIhUZdJsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9vSoqyuz8U5nKZkYHSxW3T0OQpTCze59Qt3QF4zOCS4=; b=QOkiwqLmb7P84O188IzggXk5D2tY9K+Mu37sfDML2q+vBDPzOdO+o5D3wUfBaaVU0A0J+nSwgtZ5LN3ywXHApPc6tbbdwsEsNA0iDL7TW8ItjcD53jcFwF6u6ovYs77nPkyU4hVdRsbN2vKQHW27Pl5pSZDZsubulGkEyfSn5+ITjL4gjLDimhNe5oZG9AtvR7hfarZF8oe7lFn7m2snu+a3e/Qz3JTffDajs22x+nH9Mx8s12znuO7040PYkdmCsaEP1Xz4aCug9VgokNGzu/+sOP1Z4jOmGb8VM98ZXqtYAPTIExXF0boowRC/N7PSWqLhIOXhMnhov7B8ilkFFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9vSoqyuz8U5nKZkYHSxW3T0OQpTCze59Qt3QF4zOCS4=; b=uMaV3FfC2/hEOyejafi7YWvLJFqcQXtniIr5F9wG2FeNXxfGzcaqauFmJGZDUWQMe5Q6LferVmdHMNWPtcqqIyDNAusbwP1qoXnQXPLogUrLom7vuv8kDnSw4IWNYca+E6ITTRsiVufpBSwNAev5m35daeXLseVl2g3OxTlhCWcuxc/dNxaymKCAqMMPPt0O++McwZdYvaJAlCEgHGzuaWdjLraCqbwwblUdgwHf3LDHOFHFHbM6H8jB3al85Dnr3py9E1o+K0laRMbTcEzjCjL0Y2vhdVaueI/PeqxYsQs2Hp1jvj/t8nQeKYp8qsu+ZtbYp88X/ckhbREUnR3ZnA==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by BY5PR02MB6503.namprd02.prod.outlook.com (2603:10b6:a03:1dd::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.27; Sat, 10 Feb 2024 21:47:26 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::b780:7896:98b6:6345]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::b780:7896:98b6:6345%3]) with mapi id 15.20.7270.025; Sat, 10 Feb 2024 21:47:25 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Orie Steele <orie@transmute.industries>, Ilari Liusvaara <ilariliusvaara@welho.com>
CC: JOSE WG <jose@ietf.org>
Thread-Topic: [jose] HPKE Compact JWE Demo
Thread-Index: AQHaXC70ZRjfvd0AwECh9ca6VKWvurED1xOAgAA9BYCAAAjhoA==
Date: Sat, 10 Feb 2024 21:47:25 +0000
Message-ID: <SJ0PR02MB743955EB403791A1B04FB9FCB74A2@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <CAN8C-_KgcsaY9A4icRhjHAPnEVb8fYu3vzf0=mk_ODkGEVDDtw@mail.gmail.com> <Zce0L9JgcfA2CAE7@LK-Perkele-VII2.locald> <CAN8C-_+aK5U3iVLJxg4RFe09K+OmkPfboROjRJYViwoYzcywRw@mail.gmail.com>
In-Reply-To: <CAN8C-_+aK5U3iVLJxg4RFe09K+OmkPfboROjRJYViwoYzcywRw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [0pcCffMzq0TJmTDLviJHk4kgndtWsrIj]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|BY5PR02MB6503:EE_
x-ms-office365-filtering-correlation-id: f7b81a8e-6218-474b-5aad-08dc2a81ded0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4C4H25PFKw0LFKs5eATvhIap9GcUm3va+fnJEBWz8oqxsubHAKXbryXzrsvjv7XwbbMuanV2mRY6o7uqVFBTfZi8mr4Nie2QmvzTvC5++b/BzcIHs/GM9ni0+0nNdtNbvsQT3SKKLQypNTp3k40h4jkoly24VU3AUePho62Fzpzjqgoo08GS0agOAwc+EZtVOiLIjYNk5Y7TsuIRxIhAgEQdL2jcZMdM5Lp/Zp6X56KO8G2FiJu1cxRHAkHQogOAauVVaLFL5lKCofF5FbXRPCl1KGvifkFwK5ApbKSZ7PKq1dDt/UC6xGo4FE57lczDzDKGnVXbkAe5fMefEnaW+eg53EXslvIjZ0dn6on6Od/1+R8zuIPnPFfq4ItCd6JCufiuh88ymBDscOr/ShDq/5xu8M3f78gWo5b/WnH1ygWaAWifctwiWegpnrHjhlGoa+8AwVrmfXxcZE0Qt2BnPfs53Cp9IKGI9ILPb/xTgqYH5uiv6/zNgkzlqLCyXeiUskJjKp9CW74eA2q3lwUmQd056HUA7WYX2qT1wpu21FN0sq4L/Q9ma4VbvScTRxXohCmGrF7vHO3/IHp7bZSZaJBBiVyk5Tu1gebctk8UhXU=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SRy/Ahqp2QQE1X3Bs1nU8d2KRSZ68icJWN0rb9OL93IyPqT+78m7r0IjOivgZE0LXgo6FoGrGUDiN5WUb1FdXYlIrEo+6QMWDvIIYe1sPasQg52ZP2UKsx2yT5wHGCbBs0vJGQouS3AXxugQmLQC395e/WVp8BlQ9fgCxhPWY7VNDwFcM3TZyOwq1l9iUognVyONUI2uNZBaVWrSHamS8eGtP6jyLAaDdV0j1OfJRg2NQ8WLSH4NT6CGOJAlTkBxXhjlUaH5tnzBwboa64KPE9COUKhd5hK1bxwya19ZqJ7D/s4XLjjgHFZbbpH/+CUdeK+S6DdAXH5Zmp46Tkui0HfL2NW9KdKFOq9KV9bc7dFt6Dfk5vpAufMlbOW5iZazfEVABPLBsJ0NZb/E+10+VDqVHQA+VhQ6pP8A3wKkE9UgJxWC/OLeMA6HRUoVWTF+she2zVlp+am0284BqfWo5bSSzEH7DgFNKhPNXxUFph5/U/gEWVSVgnDgBFRHzHyp6xd9CD15JbNOm9BZgaX1fxlulXoO1aMZbg4RY4jjJTR5qDuHelXv47Zaor/UfPwWUpXUTv/+XuSQCZyr6/bd0shQ9OMknvuX/qHL9mTH+p1495dmKalDELMAX2d+7lr8Fpk02O0gxnluoYPNCOrDLsab3d7uYNjmWxR3TgeJmmujSjHEod+ixGR9uTM/cdv2EFJNhOsSFZt7PAHXXax3nv5dz9irTCviR1OtElZ8hGNlh9/ncuMJ2XZUI8OyssF01gT9BRnFHMMhEio8yidVXBZHAjNiwCzuJlcyRuPUAqhjOCIco2Qxn+nWQW6D9IDUECqBEqT25050YCn/Pvzl1K2O2o6xHNYzJnEDb0pUVnSeOJzAFKF3kf9wKFhZP/aUBJZpYwPEhgPYVWQtdlmh/5rPGjsg8tRbnKW5lA2BPmnv6sTmtLNGDAmbQjzbx/gsL0cwhlL8rO478YxVNQCXa02kaGIWCIkiSgHP9cx/zlx0X61QvBfugf7gpfT8h+dcbrnN/TgeZtL8GuAOoZw0IYryj2FxZSA6Mh2jZyZ5Km8hhsoP82sG2sToOOL39czmOnR0Cv8bfnkw6SB4j2P1a+0xv1cFFCE9xbwHgvNGhqDXneUJ3q9vuJK/5hresairGOYeT+GqjZzIMVAsMOCvJ9vWSzQJpMy/GGgEveOZOvxBR48UerQe0sF2OM+7YftaOUQDsGhHuMpMZAboiRmM8W5TqxorEMMCuws9wtZFWD8=
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB743955EB403791A1B04FB9FCB74A2SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: f7b81a8e-6218-474b-5aad-08dc2a81ded0
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2024 21:47:25.6843 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR02MB6503
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/a5r2IiYRQUc5NXeNXKEAIEDSISI>
Subject: Re: [jose] HPKE Compact JWE Demo
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2024 21:47:29 -0000
I support the design philosophy described by Orie below. -- Mike From: jose <jose-bounces@ietf.org> On Behalf Of Orie Steele Sent: Saturday, February 10, 2024 1:15 PM To: Ilari Liusvaara <ilariliusvaara@welho.com> Cc: JOSE WG <jose@ietf.org> Subject: Re: [jose] HPKE Compact JWE Demo This list feels like mostly complaints about JWE, and not about JOSE HPKE. With compatibility with ECDH-ES JWE shown, I feel pretty confident that the design is on a good track. If there are problems in the design we have now... those problems are fundamental to JWE. We are adding HPKE support to JWE not making an incompatible alternative to JWE, that only works with HPKE. Adding the ability to upgrade to HPKE without major breaking interface changes is the objective, and greenfielding alternatives to JWE just delays adoption of KEMs and resilience to harvest now decrypt later. The guiding principle is this: Adding HPKE based single recipient and multiple recipient support, with as few changes to JWE as possible. This constraint makes our job simple... What parameters go in headers? How can we accomplish what is needed with as few HPKE specific changes as possible. The current draft does the best at this so far, but it's possible in can be further improved. I don't think your suggestion to concatenate strings values for enc and ct is an improvement. OS On Sat, Feb 10, 2024, 11:46 AM Ilari Liusvaara <ilariliusvaara@welho.com<mailto:ilariliusvaara@welho.com>> wrote: On Sat, Feb 10, 2024 at 08:39:07AM -0600, Orie Steele wrote: > Hello Hybrid Public Key Encryption Enthusiasts, > > I feel JOSE HPKE is getting very close to stable, we have demonstrated > compact and json serialization, including key encryption with both HPKE and > normal ECDH-ES. I feel that JOSE HPKE is far from stable. I did start writing review of draft-rha-jose-hpke-encrypt-03, but never finished that because I hit just too many issues to properly write up. Very abbrevated list (some involve aspects of JWE I only learned about recently): 1) Key Management Modes are defined by JWE, not JWA. 2) Key Agreement has nothing to do with the way HPKE is used. 3) The mode descriptions are misleading. 4) Encapsulated key is neither a structure nor a public key. 5) Using header parameters for encapsulated key is problematic. 6) Using JWK for encapsulated key is too complicated. 7) "enc" existing does not mean it is Key Encryption, just not Integrated Encryption. 8) JWE requires serialization invariance, which precludes any requirement on serialization used. 9) JWE unions the recipient headers, which precludes requirements on bucket used for any existing parameter. 10) JWE allows "enc" to be in recipient header(!) if all recipients have the same value. *vomit*. This precludes requiring enc to be in any given bucket. 11) Using JWE aad for recipients will cause severe implementation issues. There is clear precedent of not doing that even with something AEAD-capable. 12) Mode_auth and mode_auth_psk with Key Encryption are insecure. Deviating from important JWE requirements with single-recipient mode needs to be done carefully, because doing so can cause nasty issues with implementations. Doing so in multi-recipient mode is categorically not acceptable. The simplest way to handle HPKE seal outputs is to just concatenate the two, no length markers. This would seem to work well for both modes. That is: JWE_ciphertext = hpke_enc || hpke_ct JWE_encrypted_key = hpke_enc || hpke_ct -Ilari _______________________________________________ jose mailing list jose@ietf.org<mailto:jose@ietf.org> https://www.ietf.org/mailman/listinfo/jose
- [jose] HPKE Compact JWE Demo Orie Steele
- Re: [jose] HPKE Compact JWE Demo Ilari Liusvaara
- Re: [jose] HPKE Compact JWE Demo Orie Steele
- Re: [jose] HPKE Compact JWE Demo Michael Jones
- Re: [jose] HPKE Compact JWE Demo Michael Prorock
- Re: [jose] HPKE Compact JWE Demo Ilari Liusvaara
- Re: [jose] HPKE Compact JWE Demo Orie Steele
- Re: [jose] HPKE Compact JWE Demo Ilari Liusvaara
- Re: [jose] HPKE Compact JWE Demo Orie Steele
- Re: [jose] HPKE Compact JWE Demo Ilari Liusvaara
- Re: [jose] HPKE Compact JWE Demo Orie Steele
- Re: [jose] HPKE Compact JWE Demo Ilari Liusvaara
- Re: [jose] HPKE Compact JWE Demo Orie Steele