[jose] Re: [EXTERNAL] Re: HPKE and diminishing returns

Michael Jones <michael_b_jones@hotmail.com> Thu, 20 June 2024 17:49 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65461C14F69C for <jose@ietfa.amsl.com>; Thu, 20 Jun 2024 10:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.133
X-Spam-Level:
X-Spam-Status: No, score=-6.133 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8OBjJie8iGV for <jose@ietfa.amsl.com>; Thu, 20 Jun 2024 10:49:28 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11olkn2045.outbound.protection.outlook.com [40.92.20.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13729C14F697 for <jose@ietf.org>; Thu, 20 Jun 2024 10:49:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jPpNkAi4Gax8EhvMQ9UpOr7KtQLfUKsoMMwmTEwRojyecCU8NRL9zvbf2JgaYilQW7LPy8RdgWDBvMNW5aV2CRkxw9NNWi9b9vgxw4jBYdhTb/1eVXwp6eK4eib2zFWD4QQMw+/rfnCf7EBSODUmXA9FEazGhwcZjVM3zBSuVw3YfH6jLF4f8Q5PvmQpg6hNNYzEwpL0i6hmJXg02yjQUwg8/ZLV0wFdiDd5uMgjXqe7nH9PKkhAYZIYDys4UzPUlqYiqdxdfD7LjcBf/j9pg6sAOml1s46rrpM4eQDyYBTfeKtkOeJcuKORj0YzGl8ryGfampajR4c6ufGw+QhEvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4qRcc88WtgrPn6hTI3wWJX5MVSTcu0ZZcKeSL7skECs=; b=iGVKBIX2jleNUd9PnUD9PQQ5AC+vcXCOPcI6u7tofdNuqZGoHNb+Qq4LPsLnaSfuMXJ1NbStlP6KEarDSpVCbhMPYjbHLrM24v0zsXoBPfhk+724StzaBpDRTqxweVJUnDThpFB2Uf1Ftskay22wxYQn9uVWjSB2rdfZ45OUDubl3U+28HHQE3hraeYYawxd34BWK7db1xyvaoJZ/9uFFQk9XDj1EeugyYRqyq6oznRWUiFEeXU0qOhpQ2VozpCg1KqKYfiAIP/fa6pD+Z9R0ADEucYhYWxTLu4CZHVAPbtGkt6Ojj3qbOSHZEFPTCKzCFdMNaG7A/a/yZt80VRAGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qRcc88WtgrPn6hTI3wWJX5MVSTcu0ZZcKeSL7skECs=; b=n79UDFtriim6LWVZpTcm2YJj3Bvejk6Qfkr1f4hx1EiI9nGacnUJUu9GLaG0xRs2O9lY1lVwDh5BGzPCVDTLPwq7T0ztwTcY3DQaALuIhmJ80qXGMtgCa2zao33Bi2CfUYcDGeflv9wk7kPQXbqC+kH+Z5AK8WeRsFkF1qQbgpEnfDrFQxggKF5JORc00AC8EUrHDHsrw9nfFDNWjgFmX3aAu8YQw146ijSZynMwKqmGyygLZMaJd/WGSjaCZ9adyfUIgUsIfrB9eM5AcPDQOTItCjnILDOFqKZgxQkjnJS5+8G6sefMD4pdBf5cQpfuBvjxSrn8561Db04hB+52og==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by BL3PR02MB8963.namprd02.prod.outlook.com (2603:10b6:208:3b7::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.31; Thu, 20 Jun 2024 17:49:25 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a%5]) with mapi id 15.20.7698.017; Thu, 20 Jun 2024 17:49:25 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, JOSE WG <jose@ietf.org>
Thread-Topic: [jose] Re: [EXTERNAL] Re: HPKE and diminishing returns
Thread-Index: AQHawO7IjbdyqDcijE2MCg/DSpcRlbHNaoSAgAAdTQCAAB8HgIABT1+AgABC5ACAAXoIgIAAFygAgAAR7QCAABOUWg==
Date: Thu, 20 Jun 2024 17:49:25 +0000
Message-ID: <SJ0PR02MB743920E895F6A4B1C1A224F7B7C82@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <CAN8C-_+i4aEFvAFENmyJTzK-b2u_14hpBDeOGi1Nx6cCMyKxDA@mail.gmail.com> <CA+k3eCQo_NhKbZvKqc=rSCL8a8Jaj2PziQaxUriBV35cqE4a+g@mail.gmail.com> <CH0PR11MB573955429ADF7F9516A95DF19FCD2@CH0PR11MB5739.namprd11.prod.outlook.com> <ZnF1UfCv9iGrcwWr@LK-Perkele-VII2.locald> <CAFpG3geuPFMPMJdeD9yz=CxMgviZN7Nk=r8LfECDmBRhQk1+TA@mail.gmail.com> <ZnGn7eI6dKpfEUVA@LK-Perkele-VII2.locald> <CAFpG3gcT95i0DD11dUW37TN9ucfQVzYxMEkE8okiuFPzZAR=7w@mail.gmail.com> <ZnL5XmfTebPSltSE@LK-Perkele-VII2.locald> <CAFpG3gceD61PzG2VO3AD9E61ZUvjA+456CaihmQ3BgnBHzJEtQ@mail.gmail.com> <CAN8C-_LDFbA-UQV5RaER+_5Sqbhmp32QSQKdqu8s26iVQ7GHSw@mail.gmail.com> <ZnRY8mu_YFkbYH1m@LK-Perkele-VII2.locald>
In-Reply-To: <ZnRY8mu_YFkbYH1m@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [v0e/PWTz7GPuPsYhX+JFnfs70NZ8wrha]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|BL3PR02MB8963:EE_
x-ms-office365-filtering-correlation-id: cfa1e875-c13b-438f-3298-08dc9151533e
x-microsoft-antispam: BCL:0;ARA:14566002|9400799021|461199025|4302099010|3412199022|440099025|102099029|1602099009|56899030;
x-microsoft-antispam-message-info: sFFmZEF3OSDRceym6EkUAWG4nFm7Sy3yGFmlPYZ5B1jKot4IoRGIydJVsJv7yikbzc+MO3HWW4q1H6HZunBH+3Q+Mbca6TeCACw6KY9Q6s22oYL0E97pXp642EiwoUVklxhosFXeEiE4g4XUvHi+yQ6RG1q983vhxQ6CRxNcUKyM7ADAhzmN4tbZLrUXrGGHmgc9PJquVdtqbV0r8d1pWM45XAsd2c5p3iF4voSrhx3/wH7YZj9BR4LpOywahSgug66hFPLVgEZyDBsJIWK5wqkATfgAW8Obid2QLkLOLIVJuB1tIjCtJo8+JqV8LmXpUfcrAOD3bvHW7bul9sUQw/EkKgngm2x8tjwrPqQwlRwtNfhf871cxJ4thGjqd90TguprYD0ijgxR3BoUGLLyW0SRglUMWjlXBzADhGbFWazHBAs15zoYDfPMhkcQnySNSgc9RCouNhriXRxDJo1eR76nqk2qrPmNcNsKdXDLGNbEaVd/O8C0+WyB1h8n9EGONjOQytnEN2f7TwyX9g+a/tigmz3YTryZTBSK+jZOLSBk2gk/bfzZaa/bS9UtF3DH1d5u2n1cP233Jajfc2Pu9pPHTxkFGc1N+JSbHdKpCY14WE3jMgb73Cy96l7KCPTQZIeA6SefTZ7XNnHfurfSxntd2RMTS+aFfRGPotpMlFyqmia6oPfOA/vk69OXSEZvcJElprsL1fjhDtqHSV0lqHQpD1hVO1Nif1LwB5MFo0s=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: i25h7OGy2YWJai7OF/BFRi6fEkO1sVmGCMTgJInysxunHg4ofcVOyrUM51PuIlSZM0hs7UxT2xHAWAs2FSbvEGLQxhpSLG5RKxC3Wvc6fqXVNYecimifDwEc2EM8QUnqM1t2Xl8F/Z1gnclf+jWk23HUO692NxI94ytflJ1GyTSCBVtTea96bv7rce537Cawh4pclyur3pYIZn9grtmteTJ81eQaipyjH4M064/1uxFsDNUdx48aIrDaAj2Onv4wGLE7l0mNy/Eh85P8BUEtusqvehSLBNtIojUIvfCaHDACQvUi2yD9gZQX7eHpQazt58n4JY7vDZy4mq2yzuJhioW0she6wn/6ybD4n1qyTWBztGgEHy3nXaOIcTbFzRk5HdE9qI02IwKVfbPBOxgxwN2vej3C71B8yXZ2uxPu7zwZKOOK+vvUIn5xFG7s52Hbohn/fEkCUTgq6NRYz7+I194v833YcdiAdpKFxKE98DtBW2sw0EDzp3StH/KN9oouN/rWWPQzpL9mtut707+/S6tpoLhiLb5jeVSGg64hM17PAZLrdrMOtBnbtS2vYQpZTdyUjUcDc8kIVn4S7bi3Hv9sDTI+RbtY48hLLRgJMvzPA0JxXJooHn7hwwTxQjk4ZvVJqEydi/ceKj6rtPUILYM9memOTMBWRZnLsifjkVdKJreoUzu7XwMuN8gMK9RcizWhneAKTR4Bhm+AyzIKXXPTDE2WWJdMUOZ4UFETS80ABhk8TusAM0suL7IyElwjoqstmPgV7xrWL61Js5MQcLXGr6A/3ugwiJGwCW3KmfaH+qPo9q73AS8UD1TgbJb/85PIosjT73d/+APg5q2wEDoWp2gWh7440YAtdxUkfdA26tH0rCk4g8gzq9buYrgrBEys7UqpYrZLAJwsPLhf5QfgAtNnaRnFA2lvkypB3rRALroZ7d+CsXLlbN/08xo4QbVrUhOa9IlzHqN2jtollNujic74R72/ZyrPLgLUa8P+vo3badGKCvFgArgiWOV6w0kBvVQWgkSNVeSk77wpjmxnigi9iyOJaBD0LgeRxZtHlW2fcOOVyRCNUC+YQzBgPTU5nDpvsupfNoAfnHRy+5s7vaK218DQ/nZx55hiM6SwyZf+6lrbCDGX15Hqbda89DnyvFVvkC2If2wCmHyYRB89HjkBe7ipx2wzuakZWug+25m7zVkubxQI5TD9/W7b4Q/YS5ZhaHj21kR3H3T+vwV8tdNyB64oq/PAnwv43DQ=
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB743920E895F6A4B1C1A224F7B7C82SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: cfa1e875-c13b-438f-3298-08dc9151533e
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2024 17:49:25.4251 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR02MB8963
Message-ID-Hash: 72NHVCOPSDGETMEXJOHU5M4AVZPR5MES
X-Message-ID-Hash: 72NHVCOPSDGETMEXJOHU5M4AVZPR5MES
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: [EXTERNAL] Re: HPKE and diminishing returns
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/i-ECwUDXlyqPNSQyTLYzrc6HSVM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Orie is correct when he writes:
> It seems ok to know that you need process parameters differently based on the algorithm that is chosen.

I suspect that will come into play for HPKE.

This is completely parallel to “kty” in JWK and COSE_Key, where the interpretation of the key parameters depends upon the key type.

                                                       -- Mike

________________________________
From: ilariliusvaara@welho.com <ilariliusvaara@welho.com> on behalf of Ilari Liusvaara <ilariliusvaara@welho.com>
Sent: Thursday, June 20, 2024 9:29:38 AM
To: JOSE WG <jose@ietf.org>
Subject: [jose] Re: [EXTERNAL] Re: HPKE and diminishing returns

On Thu, Jun 20, 2024 at 10:25:28AM -0500, Orie Steele wrote:
>
> On Thu, Jun 20, 2024 at 9:03 AM tirumal reddy <kondtir@gmail.com> wrote:
>
> >
> > This complication can be avoided by defining {alg:
> > "HPKE-Base-P256-SHA256", enc: "A128"}.
> >
>
> Yes, and this is why we are coordinating with COSE, because we want to
> align on this sort of thing.

I would not want to align on this, because it would make COSE part much
more complicated (anything is more complicated than what COSE part is
currently doing!).


> > I think you mean a) Direct Key Agreement b) Key Agreement with Key
> > Wrapping.
> >
>
> Just to clarify the current source of this confusion.
> Both JOSE and COSE drafts use "HPKE-Base-P256-SHA256-A128GCM" for the case
> where you are logically doing this:
>
> alg: HPKE-Base-P256-SHA256-A128KW, enc: A128GCM ( 2 layer / indirect )
>
> alg: HPKE-Base-P256-SHA256, enc: A128GCM (1 layer / "integrated" )
>
> The hope is that by coordinating between JOSE and COSE, we pick algorithms
> that align, and we use them in headers and keys in a consistent way.

That is not what the COSE draft is doing. What the COSE draft is doing
would essentially be:

1) alg: HPKE-Base-P256-SHA256-A128GCM, enc: A128GCM
2) enc: HPKE-Base-P256-SHA256-A128GCM, no alg!

The second is very illegal in JWE (zero recipients and asymmetric enc),
but allowed in COSE.

(It is actually not trivial that the first one is allowed in COSE, but
ultimately it turns out all assumptions do line up).


> So far, both groups have been saying "HPKE-Base-P256-SHA256-A128GCM" works
> for both cases.... which seems to have confused people in both working
> groups.

HPKE-Base-P256-SHA256-A128GCM is fine for both 1 and 2 layer in COSE,
and 2 layer in JOSE. It is not fine for 1 layer in JOSE.


> The reason for this comes from HPKE:
>
> """
> All the algorithms also take an info parameter that can be used to
> influence the generation of keys (e.g., to fold in identity information)
> and an aad parameter that provides additional authenticated data to the
> AEAD algorithm in use.
> """
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9180%23section-5&data=05%7C02%7C%7Cef2a87382c234d52623b08dc914634ff%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638544977921157410%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MSqU6IQ9VW6VnuEqrWWJdYWu9QNsSfrtqdurIQ14Q2M%3D&reserved=0<https://datatracker.ietf.org/doc/html/rfc9180#section-5>
>
> ^ This sentence is what implies "alg" values like
> "HPKE-Base-P256-SHA256-A128GCM" instead of "HPKE-Base-P256-SHA256" (since
> this one has no AEAD, and therefore no aad parameter).

HPKE has special AEAD id 0xFFFF for no AEAD.

The only thing it allows is using secret export, which has context
parameter (in addition to info).

HPKE Secret Export can be used to construct Direct Key Agreement.




-Ilari

_______________________________________________
jose mailing list -- jose@ietf.org
To unsubscribe send an email to jose-leave@ietf.org