Re: [jose] [COSE] Fwd: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 06 March 2024 09:09 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62E1AC14F5E6; Wed, 6 Mar 2024 01:09:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id twwclvIq4m1b; Wed, 6 Mar 2024 01:09:32 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2b.welho.com [83.102.41.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C826DC14F5E4; Wed, 6 Mar 2024 01:09:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 706D846CFB; Wed, 6 Mar 2024 11:09:28 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id 5_j5CeqGDAJh; Wed, 6 Mar 2024 11:09:28 +0200 (EET)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 2F1117B; Wed, 6 Mar 2024 11:09:26 +0200 (EET)
Date: Wed, 06 Mar 2024 11:09:26 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: cose@ietf.org, jose@ietf.org
Message-ID: <ZegyxtVIjQhZhYWi@LK-Perkele-VII2.locald>
References: <170944215832.65165.15558599263256086018@ietfa.amsl.com> <CAFpG3gdGiw2wap8C1H+AOWvEn1ewSjmtBmghKKAvNBmXnDmoYg@mail.gmail.com> <Zec4yMywy_v5bnUj@LK-Perkele-VII2.locald> <CAFpG3gfJDgO-yuk9B1-zic4ajAfO0w9aTwyUi72TdX8qC5xzoA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAFpG3gfJDgO-yuk9B1-zic4ajAfO0w9aTwyUi72TdX8qC5xzoA@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/c8cWj1ScKhRleEb1fFr0Ekl-Bds>
Subject: Re: [jose] [COSE] Fwd: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 09:09:34 -0000
On Wed, Mar 06, 2024 at 01:11:26PM +0530, tirumal reddy wrote: > Hi Illari, > > On Tue, 5 Mar 2024 at 20:53, Ilari Liusvaara <ilariliusvaara@welho.com> > wrote: > > > The way KEMs operate is extremely similar to how ECDH-ES works. So the > > way to add KEMs is to copy ECDH-ES (fully specified if needed) and make > > small modifications required for it to work. > > > > I think you are proposing the following changes: > > 1) Direct key Agreement: The alg parameter will carry the full specified PQ > KEM with KDF and AEAD (e.g., PQ-MLKEM768-SHA3-384-AES256). No need to > define "PQ-Direct" in this mode. Direct Key Agreement does not use AEAD for anything. If using a KEM, it just combines KEM and KDF (the existing ECDH-ES implcitly uses SHA-256). Moreover, there is no need for PQ, and usually with SHA-3, one uses SHAKE256 instead of >256-bit SHA-3. There is only ever going to be one variant, so might as well leave that out from the name. So something like "MLKEM768". "enc" parameter will retain its meaning specified in JWE. The way it works will be extremely close to how ECDH-ES works. > 2) Key Agreement with Key Wrapping: alg parameter will carry the full > specified PQ KEM with KDF and AEAD key wrap (e.g., > PQ-MLKEM768-SHA3-384-AES256KW). The "enc" parameter will be used as usual > to carry AEAD to encrypt the content. Again, per above plus some conventions, it would be "MLKEM768+A256KW". And the way it works is extremely close to ECDH-ES+A256KW. > > The two main modifications compared to ECDH-ES are: > > > > 1) The shared secret is generated by encapsulation/decapsulation instead > > of ECDH operation. > > 2) New header parameter for KEM ciphertext, as it is octet string and > > not a key. > > > > Yes, it is possible to introduce a new header parameter to carry the > KEM ciphertext. In COSE, one can reuse the -4 from COSE-HPKE draft as it has all the correct properties. However, JOSE needs a new parameter. -Ilari
- [jose] Fwd: New Version Notification for draft-re… tirumal reddy
- Re: [jose] Fwd: New Version Notification for draf… Orie Steele
- Re: [jose] [COSE] Fwd: New Version Notification f… AJITOMI Daisuke
- Re: [jose] [COSE] Fwd: New Version Notification f… Neil Madden
- Re: [jose] Fwd: New Version Notification for draf… Ilari Liusvaara
- Re: [jose] [COSE] Fwd: New Version Notification f… Ilari Liusvaara
- Re: [jose] Fwd: New Version Notification for draf… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… Ilari Liusvaara
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… Ilari Liusvaara
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… Ilari Liusvaara
- Re: [jose] [COSE] Fwd: New Version Notification f… Neil Madden
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy
- Re: [jose] [COSE] Fwd: New Version Notification f… Neil Madden
- Re: [jose] [COSE] Fwd: New Version Notification f… Ilari Liusvaara
- Re: [jose] [COSE] Fwd: New Version Notification f… tirumal reddy