IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Brian Campbell <bcampbell@pingidentity.com> Tue, 16 July 2024 21:16 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3CD6C151089 for <jose@ietfa.amsl.com>; Tue, 16 Jul 2024 14:16:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9GU2Oj6dnpf3 for <jose@ietfa.amsl.com>; Tue, 16 Jul 2024 14:16:00 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01FAEC151065 for <jose@ietf.org>; Tue, 16 Jul 2024 14:15:59 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-36da84df7adso613915ab.1 for <jose@ietf.org>; Tue, 16 Jul 2024 14:15:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1721164559; x=1721769359; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5EkKRaQV2J1cQVBdNLypTu2UaEBvh6TDs+6lVFRCThc=; b=HmA1yJFcdJ+y47ZcaWrM0jWjimTuhWS79bG4UwChVIj2SENCFODWun7zXtbMyZBEAh VgrTNVJn2rtJPqKQqObHtbz/+syhFgAUFHnRgWfbfDN4znW5OYK8nDq+g3+5m0lXwzVa qNbv4OuXA8wmzEPLx+Qt5Fr+sMh2F1abRbh8Yxw1qjYH3HT+aVQHOR5EvNT3eHlqrorj pzdlZCwaWkcFgOlZBt4SfT+QggChJv1gvUjdv6TO3rNNWHdAktwiOgtcomrdLCe5CT/c 0FabdlUVawzs64kSjDveQtI5e7AiUs6kUtNQdZ2w3UgbmVDIkF03AYUjWZn92f4eVYS6 keEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721164559; x=1721769359; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5EkKRaQV2J1cQVBdNLypTu2UaEBvh6TDs+6lVFRCThc=; b=H2Zu/z1LTlNqnVHGurUJIlPCXL6++5t+lLUUeY1Y7hg9vl2jx2KfdA6NRt3Bslrsi2 LtRXMCK7iSmNNIz5riBo3wS3/SGbHEAtJjzbXep5VCVMaTCfKd5qnW6llaThk25vT0O0 hFg6FNLi+X4kXhYuNxF45/rNVKMf8lKE5W1zB73pwT+pSO2yxzkxqNmyOyEQTK/t6o7j VPvYUaSccaamRl3Nwox1dWp7lKXKR7xCmdR/JSYuNwHJ8HD9hKzcOmnB1NgkilbJpfQg Sn7KBh+PF4ZzGs//sY6yI+ApS3gMv7HqQS8qo7S/TDI90T018B3MuQTw6M3m1ZF/niLc wMTg==
X-Forwarded-Encrypted: i=1; AJvYcCUxjkBzUPYQwPtg622V5RjQkCW1ChLxQwPsGeRq/6HMq8Apbr7c3ZeOg5Cm0ZQa4iFpEFNrYtOi2onZkD7c
X-Gm-Message-State: AOJu0YxDkQ5TswG+CjXqnTUovTlsIKlAPtrj/est0RiIDgIImVanN+07 sobe5/Yz0SIU4pyNQdsplFYgblFR8EKr6CpYPiVWL1kHf0AFTGbVgMid2D1425k8p+MY1nLl8ci w23I0b4fOrg9mDwBrPSd9Ab7Rx/JzyCIOI/upQtsYJpdeZCfbkIMJ4vSW5FHKsG1FMdNcST7z0G M1Nngjf/85/b+OppBAAeM=
X-Google-Smtp-Source: AGHT+IGhaleSAu1j4R5g+RDFw1bcEAtAFl/BfbY5lVrA4RNBUGiXDs/KJU8M3TOFUO9HJwbXuSTcN8bYwUjEeRi+Wa0=
X-Received: by 2002:a92:cd85:0:b0:377:3b34:17f with SMTP id e9e14a558f8ab-395143e682bmr3719145ab.13.1721164558799; Tue, 16 Jul 2024 14:15:58 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com> <CA+k3eCRWtTmP9ObFjQOvhrUh3yDXwXA8tRbzT1r_Z1Z2mnjuYw@mail.gmail.com> <PH0PR02MB74300975D1DEC40DB1CF1366B7A62@PH0PR02MB7430.namprd02.prod.outlook.com>
In-Reply-To: <PH0PR02MB74300975D1DEC40DB1CF1366B7A62@PH0PR02MB7430.namprd02.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 16 Jul 2024 15:15:32 -0600
Message-ID: <CA+k3eCRtzTc2WkxC3cB93jOu33Vhq8cmfktOZ70Fn3pBvVrqTg@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="00000000000020b9cd061d63da6e"
Message-ID-Hash: 45S6P7Z22JKNMWSYJEA3FZUOWVT2JIRD
X-Message-ID-Hash: 45S6P7Z22JKNMWSYJEA3FZUOWVT2JIRD
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Orie Steele <orie@transmute.industries>, JOSE WG <jose@ietf.org>, "jose-chairs@ietf.org" <jose-chairs@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/dXoicJ5LSjYywE14HweeGVzKYLA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Within the context of the overall direction that the draft seems adamant in
pursuing, yes that would be my position.

On Fri, Jul 12, 2024 at 5:51 PM Michael Jones <michael_b_jones@hotmail.com>
wrote:

> So Brian, its it then your position that JWE should support HPKE key
> encryption mode (which would use the AEAD algorithm specified by “enc”) but
> not HPKE integrated encryption mode, which operates directly on the
> plaintext without a separate content encryption key (CEK) – a mode for
> which there is no corresponding representation in RFC 7516 (hence some of
> the difficulties in this whole discussion)?
>
>
>
>                                                                 -- Mike
>
>
>
> *From:* Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
> *Sent:* Friday, July 12, 2024 3:11 PM
> *To:* Orie Steele <orie@transmute.industries>
> *Cc:* JOSE WG <jose@ietf.org>; jose-chairs@ietf.org
> *Subject:* [jose] Re: Strawperson consensus call for changes to
> draft-ietf-jose-hpke-encrypt-01
>
>
>
>
>
>
>
> On Wed, Jul 10, 2024 at 9:45 AM Orie Steele <orie@transmute.industries>
> wrote:
>
>
> ### For HPKE JWE Integrated Encryption Mode:
>
>
>
> The "enc" value SHALL be "dir".
> The working group SHALL draft text explaining what "enc:dir" means, and
> how it related to "alg".
>
>
>
> This doesn't work with RFC7516/JWE's definition of the "enc" header
> <https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2>, which
> states that the `enc` "(encryption algorithm) Header Parameter identifies
> the content encryption algorithm used to perform authenticated encryption
> on the plaintext to produce the ciphertext and the Authentication Tag. This
> algorithm MUST be an AEAD algorithm with a specified key length."
>
>
>
>
>
>
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.36.0 | Report a Bug | By Email | System Status