[jose] Re: draft-ietf-jose-hpke-encrypt-01

Les Hazlewood <lhazlewood@gmail.com> Tue, 09 July 2024 03:12 UTC

Return-Path: <lhazlewood@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01254C1DA1EC for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 20:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uER7kEklxJxq for <jose@ietfa.amsl.com>; Mon, 8 Jul 2024 20:12:03 -0700 (PDT)
Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2445DC180B68 for <jose@ietf.org>; Mon, 8 Jul 2024 20:12:03 -0700 (PDT)
Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-650b8e0a6ceso46973627b3.3 for <jose@ietf.org>; Mon, 08 Jul 2024 20:12:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720494722; x=1721099522; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Wxs4ouEC+mPF83sNTVIpDoWWDKQmdEUfJVDcfoUXe3o=; b=DhHN+lSDB/AnXLsIaEd2FZtL+KxTZHWWaYO/WZW726ACAlPwsn0H/ZZMAALJ3iIw/L d4EonAJH5oZHkC8zQrbeB7mhwEmEaUZc46il42c6EeEBg6K2m1fbWXPpNt12Hxc2mlNz IISooAfB1hDG5+XqLmWEGf5DRrHr9xCCW3qZY9oSOvvvNpoygBjebT9L5vJTyDScC0du 8ejfiZgpZxBansw7TkxKheADAul8JyPxZpRTDgg48ZLWC7NdNbn+pi7wkdhK2LLseiqH Q5X4uKc4MApaJibb6lNyC56y1KTgsCoGhuNTQjh0EI1H+lzD7yU0U51uG4d2svWD6Ish B17Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720494722; x=1721099522; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Wxs4ouEC+mPF83sNTVIpDoWWDKQmdEUfJVDcfoUXe3o=; b=F8yzfzwB1TYXnUP8KgssdBQApnVx1bRRB9sQ3Y6dJ0s2vs7SgqLy0+DgMzk0Yn47jz jEOYUmpZCCWUZXtG/xKDoIropJhqXztfVpaPr38nLr2ulsLyvHK/A/F7DNvo8dcBdckc kJr3SK78QGcH1v0hcR+kjfIb6u2hTVDrETPqncDWCJWMF/1egXiwCAWtVTG9yiHxcnsH ABAz4hmhwB6hbAe/hmfyXYRD/SpYPdylcb3x3az8/wPEv00YnBsJS+y5VvQ3FlQVyN0B GPYjydqsuZkuuhQqlWh06EDw1Qlsqq4b5B262X0/6bdeA4XpfRxJAyoNu6E9FxtnRhfy EG2g==
X-Gm-Message-State: AOJu0YyshSOtfvk0XW5zvjurPHElCqLozkOyKTMlT/C4/PGtGr6K875H ega/5y5Dq2fFJUZT0P8qcVgcVZxtr3vurOhqCzQes/+7CR7LB82hxKHgTXmae7efW4Mi8tRz3C9 UZ1MnQ58A6NpikaC4F6AtbiAm80TVFdFV
X-Google-Smtp-Source: AGHT+IEiyWDdYaSUKn48Hnt4Zp7mjr6+WrbNi3CJfIHSDW8oX3ZnvQhPiWOhzVi8hid+Y4s4vXTc5eanSIh793dvVeg=
X-Received: by 2002:a0d:c885:0:b0:64b:ead:3e3f with SMTP id 00721157ae682-658eed5fbdcmr16478237b3.22.1720494722153; Mon, 08 Jul 2024 20:12:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KMx_M9vL3kwoohkiVrndU_MohxdGC_vLkBo7R_+-6T2g@mail.gmail.com> <CACVbtYOsf7MkHPOzFgE14JhKrSzAd8EkZ0Sr4X0XRMzdCUtbkA@mail.gmail.com> <CACVbtYOOpwTKZt7dH7JV983SmU7gRbsaXY8ru4Ty-+S081oTEQ@mail.gmail.com> <CAN8C-_Kb9ZOec8SXUkqqd3P7VnEYSDukVm56kpdx+fVEw4KHag@mail.gmail.com> <CACVbtYPauBzeSmXPr8Fyb7Jh3u7ydJgX632B0Fwdn4UPgAfQBg@mail.gmail.com> <CACVbtYOKCrqs_tf2QUqJ1P-WWd7WeKw_VMzqgCyCvaaXmqTppA@mail.gmail.com> <CAN8C-_JrUM_uiVAprfFf_-ZnZcy86-hm6t5KWp5_2qavn0+zUQ@mail.gmail.com>
In-Reply-To: <CAN8C-_JrUM_uiVAprfFf_-ZnZcy86-hm6t5KWp5_2qavn0+zUQ@mail.gmail.com>
From: Les Hazlewood <lhazlewood@gmail.com>
Date: Mon, 08 Jul 2024 20:11:51 -0700
Message-ID: <CACVbtYNeo6m9wnuE3utgG5+j63EiUjHV96QFcdzp6-sVsCmuVQ@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Content-Type: multipart/alternative; boundary="000000000000c0882f061cc7e4f6"
Message-ID-Hash: XZVOORBMSEK7ARVAM7V56KQHS6A4OGF4
X-Message-ID-Hash: XZVOORBMSEK7ARVAM7V56KQHS6A4OGF4
X-MailFrom: lhazlewood@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/gIxcJODGBmEB8YyDhB5AMCG98AU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Thank you Orie, your last two replies are really helpful!

If flexibility and some degree of future proofing are desired, without an
explosion of registration permutations, would it make sense to support the
KEM and HKDF identifiers as separate header parameters?  For example:

"alg": "HPKE"
"kem": "P256"
"kdf": "HKDFS256"
"enc": "A256GCM"

Then these would be pluggable as desired, so long as strength requirements
are maintained between inputs/outputs.
And the number of registrations for each respective header would be easily
constrained to have a 1:1 correlation with the 3 functions in RFC 9180
(KEM, KDF, AEAD triplet), as well as those in
https://www.iana.org/assignments/hpke/hpke.xhtml

I'm not sure if this opens a can of worms or not, but it seems relatively
elegant on the surface.  Thoughts?

Kind regards,

Les

>