Re: [jose] [COSE] HPKE PartyU / PartyV
Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 04 March 2024 08:40 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E230CC14E513; Mon, 4 Mar 2024 00:40:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRXYgNFPDwzP; Mon, 4 Mar 2024 00:40:00 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78580C151079; Mon, 4 Mar 2024 00:38:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id E69CB128D2; Mon, 4 Mar 2024 10:38:29 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id Wq9q9L3RR0Ja; Mon, 4 Mar 2024 10:38:29 +0200 (EET)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 185DC73; Mon, 4 Mar 2024 10:33:04 +0200 (EET)
Date: Mon, 04 Mar 2024 10:33:03 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Message-ID: <ZeWHPzzRfNtSIlo5@LK-Perkele-VII2.locald>
References: <Zd-NRA2kH4fc_d-X@LK-Perkele-VII2.locald> <CAN8C-_+tG9845bn986Anr89ObNpUCzOAuiEJMPh4KGK3ixB+uQ@mail.gmail.com> <Zd-colj_jF47gLQP@LK-Perkele-VII2.locald> <CAN8C-_Jw2J6OY6N7gRVepVuHiC5NqgH36dXQ6krZ1U-Spqq7fQ@mail.gmail.com> <ZeCZJK76cQNZp7q9@LK-Perkele-VII2.locald> <CAN8C-_+_nzGCWV6zNny1j_9TTikW8rBtw9388YB7UGzSwEzoTw@mail.gmail.com> <ZeDih4he5eZ1y3PO@LK-Perkele-VII2.locald> <729F40F3-B0EC-41EF-A0D2-FD8EDEA39D56@island-resort.com> <CAFWvErWwfkT7cz4R-jMt+3-54ywyVwBjE=Lita7TwsQEi04TTw@mail.gmail.com> <2CDCCF72-F32D-410D-8BB3-7984D38104D3@island-resort.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2CDCCF72-F32D-410D-8BB3-7984D38104D3@island-resort.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/tdmbiPEcHAmigLA9D056U6JN3z0>
Subject: Re: [jose] [COSE] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 08:40:05 -0000
On Sun, Mar 03, 2024 at 06:42:41PM +0000, lgl island-resort.com wrote: > > If you read the paragraph before you get more context and more > understanding why there’s both. Seems more like efficiency / economy > trade-off. You don’t really need both. There’s no security reason > for one or the other. With single message, it seems like a bad trade-off: - aad is faster, as it is polymac instead of full-blown hash function. - aad is much easier to implement without allocations, as it is not part of some larger structure. - aad is trivially secure from definition of AEAD, but security of info does not trivially follow. With multiple messages, there are reasons to use both, but I can not come up with any actual reason to use info with a single message. -Ilari
- [jose] HPKE PartyU / PartyV Orie Steele
- Re: [jose] [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [jose] HPKE PartyU / PartyV Neil Madden
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele
- Re: [jose] [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [jose] [COSE] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [jose] [COSE] HPKE PartyU / PartyV lgl island-resort.com
- Re: [jose] [COSE] HPKE PartyU / PartyV AJITOMI Daisuke
- Re: [jose] [COSE] HPKE PartyU / PartyV Ilari Liusvaara
- Re: [jose] [COSE] HPKE PartyU / PartyV Orie Steele