IETF Logo Mail Archive

Re: [jose] [COSE] HPKE PartyU / PartyV

"lgl island-resort.com" <lgl@island-resort.com> Sun, 03 March 2024 18:42 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BDD2C14F610; Sun, 3 Mar 2024 10:42:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id faYyMWM6OZX3; Sun, 3 Mar 2024 10:42:45 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D72C14F60E; Sun, 3 Mar 2024 10:42:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fubmw2ZaEw04K5VWXgd23/k+tQ/ZvULi/Ju782f7YiYERh8RdWKu8vQQE3NuXQDpTBlRQ2WcxefzNDByV+dsUPvRwM3Bx/X2SeLTR246/2/gVe0H/IKGPqDQM9IvNvDmWLpH6Jftp9EIc6iejxcRbBohs0zsdM6x/PGpBPvFsqbBQgLX5a+88se0eTbaCVdlQuzccaR1WoRtsVAuSpV9/daT8GZukdhp6p6U7yTmTVpNnOk+m8bN+ccdTSd5ljceo/oRzmeDZvIUAOjx8yOBC5F9cdfU6xDHqA5bXT/NZ17FfiL44ivhhNgynytitqPrPMiwMEH91NCjlZILjZDDBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QcrzndgsdIGbqAWpPuTaTN8E0N19zZXDs/NYwDgsi1c=; b=FzITbAIFkVK11ryffztdHq3sOnR+830wbUxUJq/jxR8EpFV/Vmqrr4g1M8tlt3CZA1HdfiJKngK+X5xsoYeWrSKj4dA57u4VpoqTfcvuJmJWOr4gaTR5WfnmqEPrLugRxeng04MjwEmn4rCHiSOzQYkqDviFVzKphDAlI99NfNf1aTZaBwCp5Wq87ppuU50FdH7Ft/6J11iwUpCabPf2Tv3UMOOTWRhKXoi0yALRAZcD9MfiyWAz2eYDaPYvFGZn1Mi/xW7cpLAQI+0Mhvrp7yj9LDWmCZWhSSJu2WgeIxE4NCPTniZ6tmusnxOO7fmSsyakw4fOn6I47XK8WfZm/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SA1PR22MB4746.namprd22.prod.outlook.com (2603:10b6:806:3cf::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.34; Sun, 3 Mar 2024 18:42:42 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1cab:7344:221c:bb8e%5]) with mapi id 15.20.7339.035; Sun, 3 Mar 2024 18:42:41 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: AJITOMI Daisuke <ajitomi@gmail.com>
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Thread-Topic: [COSE] [jose] HPKE PartyU / PartyV
Thread-Index: AQHabUWS3Sf94G1LB067zHxf9fcorrEmWo2A
Date: Sun, 03 Mar 2024 18:42:41 +0000
Message-ID: <2CDCCF72-F32D-410D-8BB3-7984D38104D3@island-resort.com>
References: <CAN8C-_LUMe09=WbkwT-RckhR8+LYCQMw8XWnwmDLE5riYjd7pg@mail.gmail.com> <Zd749IrwWC2hI6yX@LK-Perkele-VII2.locald> <CAN8C-_J+mMABCa2HPWv5zJ=u1HSb+saq_mn5kB0Wq5upWUyM9Q@mail.gmail.com> <Zd-NRA2kH4fc_d-X@LK-Perkele-VII2.locald> <CAN8C-_+tG9845bn986Anr89ObNpUCzOAuiEJMPh4KGK3ixB+uQ@mail.gmail.com> <Zd-colj_jF47gLQP@LK-Perkele-VII2.locald> <CAN8C-_Jw2J6OY6N7gRVepVuHiC5NqgH36dXQ6krZ1U-Spqq7fQ@mail.gmail.com> <ZeCZJK76cQNZp7q9@LK-Perkele-VII2.locald> <CAN8C-_+_nzGCWV6zNny1j_9TTikW8rBtw9388YB7UGzSwEzoTw@mail.gmail.com> <ZeDih4he5eZ1y3PO@LK-Perkele-VII2.locald> <729F40F3-B0EC-41EF-A0D2-FD8EDEA39D56@island-resort.com> <CAFWvErWwfkT7cz4R-jMt+3-54ywyVwBjE=Lita7TwsQEi04TTw@mail.gmail.com>
In-Reply-To: <CAFWvErWwfkT7cz4R-jMt+3-54ywyVwBjE=Lita7TwsQEi04TTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|SA1PR22MB4746:EE_
x-ms-office365-filtering-correlation-id: 6dd2ba16-06d6-41f1-edbb-08dc3bb1b55e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zy3HLxdQ1c3JuG7n5DXwKxAu1mlcvpzC0sUB4LFZun0WZmI1GX6uoW7FQZ0LdbVnZRw+rtHbMvvTWujr/6AjcxSj0jitvRSq9ypFgV9DredXxbP5Qn18+RANvGKcp424Mlpp0+h20VRzdVlMGCKW4zy2XrmKRfj/tvOzOxOYYviIhNlnxZ8Gm0cB/ZDK5EppeY59/qi0Tvc2LtTnMdlM+R7RR8c6wSK/8MyzHWwytim/MvfrN7oi8tyuPmpAqmNxoQvW4w7PgAruzlQADmeGk5RTwkfpGk9UrFhrOy8Cosj6IwgZIYoJKG8+hQB/h9kP4LYPubt1ky5nbdl6k1w0ARewpzFcZ1SwfQnbcu1fIhbu9C6YnsgPz9Bw061NweN2h2EwNIY9Cang8Gj+E2Q+n+LgRvtOS4PvW7rP6xuQBwlHmrtaACK7E6KBBSqBRJGDVc5+vMdufVH66pUxjoQNhU6RBV5+1MAIGI5182mvHAPGWQ7NJq1OYsQPKIXDh++W1qp4xUtQY8ZbUlYftE5lgOsD1sw1V1Lrk34T8u0HpKuF0goM77APlZ3ggSfNF50up3DQ8OXUuUbpHWXoIyyGNXEvt9h6rfUNmHZQYftw9iZlZ4hoPQS7KGewkBuqmVdgYXViHj/bW1cAO/HfjpmCku5vfYS73xhx5lyWI5wqwcI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Os1U1HvF9UPofLwFof9YyTKQxi+J/4xNI/WwXY4nm0vFp4wjLP7Y+qYh1Fbo6Ml5XMDPZG5Dr9N4x2EH1NNgFPgiJNeGr5BAPHVFoMZ3JHTHDN20avu9IffuB6jnxVGlBiCDUQjlOmdn7gpt31Hy8HeGiRFEcpIXRAq596esTo+h/vSQQ1utSZhfoB/8IzklBDueg0nSQyTCGA3blimNCghNhx3ZnP+9o7SveUlWeuzdIlfswSlmpoX/CfoluXwmvCVUNqKZgB7ALbeHpslimjmJlCovnnblw7HSjZEWaAaPPQMA4Zdzxxc1fErdcUxs+XmCWMxVr8xCHLQun4SnLi8MvmxDmq/UvHZnWUPX/8DK+VoppZq+NUVduq/5X6bQom8WBrmNP+WdOE/p9wZz7H3iBJcCTPWtR/6L29Nq9XZvv4X1W/rxpwbPwbguRZHJxu+Rzja3Fs07OAK+/wrHEpLPCAAHLMMw34Pz2TLKsHsJR5J4L7iX/77/+q5gG/+a7U9cn1ZPvNCxfJyznBCrtgUh44/fVLLrLS0x1shfNW94Sc79uCadhPp2W3QCzn9fNAsURoEaNcrEH2VaCXwIrdR1iEcpxdqHfuFw6hyvn82/zFwAhb7xVGWQ1zMFtQ3YLdkfvtvH+DgnYaGMzOrLwAPqpzGotPUNmFhCq6ai9pGynZvwxzHZT27ZPdMf93WU4tn+Bd7eFY+t3/ZV4A1v+W5CZaBJ2WFE2ka8E441XPcqx2PBdishM7jagOVDioG3cZ/TMAKW4LOxDzQ5SWth8NuRm7Yj0zYix38na0Sb2kon09Go1vp5giYJBaWoFxOSAzyM/5BvarJOh2qxMx0cX/RRkbw7kctwf/38gwBrnVVqsiVOqgBmNmUUj+uoBlFjKIQW4QxzaQxmaR/KSsmGWTAfcbmStV3b0COu2uiGGjm1Et9izMSYGYP7vDo2ildWC2yDXbK3kl6lzS7eSZX8wTuGgnoSbsbZXvRdzPwXtgTZ7wwlBf2hJqZs1it9UXKm2OBFLOiA95VqTnPCHDjWLKjiVCe6bes7/cGlQkeWjl5Bm9alCP573SOwdqgp5sffcyxAzlwOc+tNoeM4Cj7yCI5sV2G9hZfhngvI8XoSWxWXEBLt9r5Qbrp9+AKNbDpjMTPIJouGasFUs64WRHhxU8Ma9OtOIRBrB3nIx13eqQCGBB+bb+C229Tm0OTa6uxFDJLvUWKkDfglyDIhTOktj1Fe8FRMS+gqrCgykHteY569s51JphOzxiEhN7dxnslgFN0Ysm2hvI7BNXN/rVYjafxahHKasT8HsPRR885tiyXNljHZ9yKJEEf4at4K6g5mF/AURWzwjew/aOooYBGYeN9pJPMW52dAWsZ70kJnt8Nc9k8fyiR06ZJAmyHI3yCyY/StNihdtpz9q84gu3eWKuTiFN4GngcnlZJv06Y/AXYArAgD0P9PG8es8b1ZvBpQ1snaa1aP4RTO6/ctoauH8oynvfDVgOE+XcKU0oktIXyt7p9fuKcs3ZbhGSiueHI0tX08AVpgfOEL8o3PNLmFabvrLn7ZNUzxP2pX9xxzCY7mS1DCoPCLIlh6v1Ox0TDwPtueqgLiqie09ofDA300vg==
Content-Type: multipart/alternative; boundary="_000_2CDCCF72F32D410D8BB37984D38104D3islandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6dd2ba16-06d6-41f1-edbb-08dc3bb1b55e
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2024 18:42:41.7697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TqecLq/WVg5eWqQcGvy2asj3qN6E9QnoC7F8hMGl+HkIxg2eoJkleIa9YH1oQZBhz120cKv85Mv5qVRY5fOe9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR22MB4746
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/xy-OYtixBgewIQ8HLAFA3vK4xxU>
Subject: Re: [jose] [COSE] HPKE PartyU / PartyV
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2024 18:42:50 -0000

That’s helpful.

If you read the paragraph before you get more context and more understanding why there’s both. Seems more like efficiency / economy trade-off. You don’t really need both. There’s no security reason for one or the other.

Using aad like Ilari said, seems good to me.

LL


On Mar 3, 2024, at 1:33 AM, AJITOMI Daisuke <ajitomi@gmail.com> wrote:


I haven't been able to read through all of the long discussions so far, but ...

Ilari, even if you can’t say why, can you tell us where the text that prohibits use of both INFO and AAD is?

I think this is about the following in Section 8.1 of RFC9180:

Applications that only use the single-shot APIs described in Section 6 should use the Setup info parameter for specifying auxiliary authenticated information. Implementations which only expose single-shot APIs should not allow applications to use both Setup info and Context aad or exporter_context auxiliary information parameters.

It's not prohibited, but it says "should not''.

This essentially means that, in HPKE, In HPKE, both INFO and AAD serve the same role of binding information from the application layer to the HPKE process and the difference between INFO and AAD only comes down to whether the same can be used across multiple EncryptionContexts (INFO) or not (AAD).

I believe that at least the authors of HPKE regard both in this way.

Best,
Daisuke

2024年3月2日(土) 4:23 lgl island-resort.com<http://island-resort.com/> <lgl@island-resort.com<mailto:lgl@island-resort.com>>:

On Feb 29, 2024, at 1:01 PM, Ilari Liusvaara <ilariliusvaara@welho.com<mailto:ilariliusvaara@welho.com>> wrote:

On Thu, Feb 29, 2024 at 11:04:57AM -0600, Orie Steele wrote:
I think we actually agree here.

The remaining point is just what to do in HPKE.

1. New header parameters, mandatory processing rules, mix
content encryption algorithm into the KDF (via HPKE INFO).

HPKE does not allow using both INFO and AAD for one message (I do not
know why), and INFO has a short length limit (because it is used in
ways that pretty much require buffering).

So only AAD can be used.

Illari, even if you can’t say why, can you tell us where the text that prohibits use of both INFO and AAD is?

Note that COSE -25 and -29 allow the input of a salt into the KDF outside of COSE_KDF_Context. If we wanted to do similar in COSE-HPKE, use of the info parameter is the obvious place.

I can’t see any technical reason that both couldn’t be used and I wonder if there is some reason we might want to allow COSE-HPKE users to be able to supply inputs to the KDF function.

Or asked another way, what are the security trade-offs between AAD and INFO? There’s lots of security considerations in RFC 9180, but none seem to discuss this.

I don’t see an issue here, but it would be nice to understand.

Thx!

(RFC 9180 is impossible to search because the variable names used in the Python code are so short. “info” occurs almost 200 times)

LL
_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email