[jose] Re: draft-ietf-jose-hpke-encrypt-01
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 10 July 2024 08:09 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B64E0C14F5EA for <jose@ietfa.amsl.com>; Wed, 10 Jul 2024 01:09:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cc4TZFkrfyZy for <jose@ietfa.amsl.com>; Wed, 10 Jul 2024 01:09:16 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1b.welho.com [83.102.41.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD9A1C14E515 for <jose@ietf.org>; Wed, 10 Jul 2024 01:09:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id D5D6520811 for <jose@ietf.org>; Wed, 10 Jul 2024 11:09:11 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id hGNhoptj_H7K for <jose@ietf.org>; Wed, 10 Jul 2024 11:09:11 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 961ED2309 for <jose@ietf.org>; Wed, 10 Jul 2024 11:09:10 +0300 (EEST)
Date: Wed, 10 Jul 2024 11:09:10 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>
Message-ID: <Zo5Bpib-sll_7MAF@LK-Perkele-VII2.locald>
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CAN8C-_JyHsr07FcTMwA01+QTkzjxxqvv0fNpFthytSyyP+MgKQ@mail.gmail.com> <Zo1d2jNRtAjCGC4N@LK-Perkele-VII2.locald> <CACVbtYPOvYCQN85MAbEJJrnU-Hjz2dC3PKgfUfD2M3oDbaVspg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CACVbtYPOvYCQN85MAbEJJrnU-Hjz2dC3PKgfUfD2M3oDbaVspg@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: UMDWZUWN7LDMR7FZIESCOA3ZZH2XTCVB
X-Message-ID-Hash: UMDWZUWN7LDMR7FZIESCOA3ZZH2XTCVB
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ar5-UFh2DhLwMzG0D8o8I1aHjos>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Tue, Jul 09, 2024 at 11:11:19AM -0700, Les Hazlewood wrote: > > > > This is also prohibited by draft-ietf-jose-fully-specified-algorithms > > (It requires what alg to be independent of enc). > > > > Hi Illari, > > > Thanks for the explanation, I appreciate it. > > > However, I think this is a huge mistake. I consider any strong coupling between enc and alg to be a huge mistake. > The entire purpose of JOSE is to have a JSON-compatible metadata format for > message sending and receiving; with all the flexibility, convenience, > expressiveness and human-readability that implies, which is a really good > thing, and solidifies the ability to be flexible over time, which is ideal > for an RFC. Unfortunately, here one runs into limitations of JOSE: One would want to delegate bulk encryption, which is not something JOSE (or any trivial extension thereof) supports. > Respectfully, this is incredibly regressive. Data models *should* reflect > the best-case modeling scenario, with rich expression, modularity, etc. If > a new “single string alg” concept needs to exist for downstream > specifications and/or convenience, *those* specification working groups > should define such and not impose this on the JOSE/COSE specifications at > large. It’s crippling and will forever impact how any algorithms and their > potential parameters are defined in the future, and just doesn't make sense > to be forced on a general-purpose messaging format. Unfortunately here delegating bulk encryption does impose chagnes on JOSE specifications at large. (COSE is much more flexible, so no changes to COSE are needed.) > Additionally, such an initiative breaks the concepts of `alg` and `enc` as > they are defined today. They are and always have been separate > concepts. `alg` > is a *key* management algorithm, it is not an encryption algorithm. That > HPKE is composed of both operations isn’t a reason to force it into the > existing `alg` construct - that's trying to do too much and force things > that don’t make sense in a single header parameter that has been > well-defined for a decade. This is all manmifestation of the way JOSE is designed. > Any new specification that defines a single string cipher suite definition > should be *additive*, not regressive. A new header could be defined (e.g. > `csuite`) and that can have that string for the times when it may be needed. Or have "enc":"dir" and have that call into new algorithm operations. > Although anecdotal, I will say that not once in 10 years of maintaining > probably the most-used JOSE/JWT library for the JVM and Android has anyone > ever had a problem with separate `alg` and `enc` headers, and that includes > all the OpenID Connect scenarios I’ve supported both professionally and as > an open-source maintainer. JOSE is designed to work that way, so not really surprising nobody had problems. > > Or if a new header isn’t desired, there’s no reason an additive > specification can’t say “If you want a single string, combine the `alg` and > `enc` header with a hyphen, and that’s your cipher suite”. To say that an > implementation - which *must* parse the JSON header and lookup at least one > parameter (`alg`) anyway - cannot lookup another header and concatenate the > two before processing that value doesn’t seem to hold water in any scenario > I can think of. That’s all that’s needed for cipher suite negotiation for > protocols that need a single string. That is not injective. > I’m not saying that cipher suite negotiation isn’t valuable. I’m saying > it’s 1) only valuable to a relatively small set of use cases and 2) is > easily obtainable by looking at existing headers and 3) it’s fundamentally > regressive to a) shoehorn a new composite algorithm into a header that was > never designed as such and b) force *all* JOSE implementations to operate > with this concept when it’s not needed most of the time. The only constraint on negotiation from "enc":"dir" would be that Integrated Encryption must be supported for all or none of the supported algorithms (that allow IE). -Ilari
- [jose] draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Michael Jones
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 tirumal reddy
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Simo Sorce
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Les Hazlewood
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Orie Steele
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Brian Campbell
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 Ilari Liusvaara
- [jose] Re: draft-ietf-jose-hpke-encrypt-01 - Setu… Matt Chanda