IETF Logo Mail Archive

[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

Orie Steele <orie@transmute.industries> Thu, 11 July 2024 13:48 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 285DAC15106A for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 06:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrxgpYJM_Yle for <jose@ietfa.amsl.com>; Thu, 11 Jul 2024 06:48:34 -0700 (PDT)
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5EE4C151552 for <jose@ietf.org>; Thu, 11 Jul 2024 06:48:34 -0700 (PDT)
Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-70b5117ae06so722167b3a.2 for <jose@ietf.org>; Thu, 11 Jul 2024 06:48:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1720705714; x=1721310514; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=k9Uk+b4bgJfzjOwJnDZlNaC9SUcgyo7TCkc9KoVxgvg=; b=Dctz/UMGNU1rD1Sbl1YnIlxxkunfXMPACS34b8gGzRLPEoSDFuUP7e7ig9iHntO3xe jfKweaFh2FTHI0zWCtkfy9IZQ494rzju51MkwhGnmUUtooSthymBXzGer62fQWe/Y4fn jQz/70VaaxoHFmLfUnX32LMxkDk9/4xs1vLJqGuhA5PsDFEtYfVW8mCLrCodycFwJktf g/srqQ27r77OGXfW1HBaLzV0tvrvCrB2+613oeOa+NuWW7THbbizXqjDTXpGtEzvX+sq agrA4LdmqPzM41AfTBC8AfvZMKItL/3GVeuYzvhFeyj3vX5eqaE50lAMWmpv7ZahdiSZ VjRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720705714; x=1721310514; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=k9Uk+b4bgJfzjOwJnDZlNaC9SUcgyo7TCkc9KoVxgvg=; b=jfpUs5GnNH0C7LBF2VnBzEqGHA2JWvcMoyVXVv78R9MV37Wd0smcGqSBmqBK7AQhHO Z/Igl1+RJlwz2JJjO6i5VQd6eIET1lcESbP6CgcInkHAIG5+IOb4QjMgsmQK0JLS/EO6 BmCD2FXOxVF6N/nlqr4mEEt3SZ9RWGFCx9g6VF5K831PQCCBkKhmCnfddjX9ipD5bVvK C90+XkXKs1WJ+B4TCNtFT+HY+hM1wctV/nLVMkDU7A5mqDsgCX+yXHo95MyFOc01ycW4 zwcEeHWNIUw0hshifE95C6FQCiICIfCdIHgNBfGLBeU0efBsXQcNYepI44lfrJX5TSwT DVzQ==
X-Gm-Message-State: AOJu0YwkszMcnHV3+8pI81keBwsd9Jv7Q2sBHgnKL0YArU7PsRf47XYW CW9MtcHukQLgp8nbf3Ub582dR0N/3rbCXPEoGf0GF7hsqzr9w2ynKDSGBj+6my1ukcnKEvlPAYw xnbx4TVvx1AxIfw2J6V4bPH9d4Wxa6wlQS9HkpPCrUvMJ9PRdZNU=
X-Google-Smtp-Source: AGHT+IHUCHVuA307Fe+1FnL+T6kwyOdtBHtFAScsFBJikf4JTfn5SrU9631u0JPCkmOxrX1vfiVGEPyLbSAGb+5X508=
X-Received: by 2002:a05:6a20:7fa9:b0:1c0:f1c9:6846 with SMTP id adf61e73a8af0-1c2984c8526mr10371660637.42.1720705713682; Thu, 11 Jul 2024 06:48:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_KEv4s2SHBYi9ZeCi+Jjxk08r9tg+sqt1wtcgnyswCBgQ@mail.gmail.com> <CAFpG3gctSyVhC4gFJ4f00YoRKT4AyiOm84oB3XntQCT43QxZww@mail.gmail.com> <Zo-M5079iwsR5G3v@LK-Perkele-VII2.locald> <CAFpG3gc-OmjdgPTmE73n9WFepnmOi3E=ZL+o-r9=qzO48Bw-6Q@mail.gmail.com> <Zo_XJ25UP0PgoGzM@LK-Perkele-VII2.locald> <CAN8C-_JcQV0m3oFOnc=JG_wU1yCbaJdy7R1=kYR+yCFYE6_-tw@mail.gmail.com>
In-Reply-To: <CAN8C-_JcQV0m3oFOnc=JG_wU1yCbaJdy7R1=kYR+yCFYE6_-tw@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 11 Jul 2024 08:48:22 -0500
Message-ID: <CAN8C-_LmVLmjNKm7CSBOitZAMY3dcxpeXfv5UuWR+kry3Kq1Pw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="000000000000d3db36061cf904a6"
Message-ID-Hash: D7SRIA6V57CB33O2ENUZQ5DFI4AQJSGE
X-Message-ID-Hash: D7SRIA6V57CB33O2ENUZQ5DFI4AQJSGE
X-MailFrom: orie@transmute.industries
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/yLTiTkGfm3lovFqUQRP_pswhBro>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Ilari, I've pulled your suggestion from the other thread here:
https://mailarchive.ietf.org/arch/msg/jose/LNE_SZNXXxxpxsdnQr1YjmlQqLc/

And updated the original proposals:

## draft-ietf-jose-hpke-encrypt-01 call topic number 1 (Yes / No):

### For HPKE JWE Integrated Encryption Mode:

The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
The "enc" value SHALL be "dir".
The working group SHALL draft text explaining what "enc:dir" means, and how
it related to "alg".
The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".

*The hpke-aad SHALL from JWE Section 5.1 step 14.The hpke-info SHALL be
empty.*

## draft-ietf-jose-hpke-encrypt-01 call topic number 2 (Yes / No):

### For HPKE JWE Key Encryption Mode:

The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM".
The "enc" value SHALL be any registered AEAD here -
https://www.iana.org/assignments/jose/jose.xhtml, per section of RFC7518.

*The hpke-aad SHALL be ECDH-ES FixedInfo  (citation needed)The
hpke-info SHALL be empty.*

Changes are in bold.

Any other suggestions?

Regards,

OS

On Thu, Jul 11, 2024 at 8:33 AM Orie Steele <orie@transmute.industries>
wrote:

> Ilari's how would you modify the 2 proposals?
>
> Tiru, let's stick to the 2 I've outlined here.
>
> There's been a lot of discussion, we've shown this list every possible
> angle... We need to start eliminating variables not adding new ones.
>
> We want this thread to focus on concrete refinements to these proposals,
> if you object to text please offer a resolution, which could include simply
> to remove the sentence from the proposal for now.
>
> Our goal is to make sure that -02 has new text that the working group
> agrees with.
>
> Let's not argue over what is in JWE, let's argue over the text that will
> go into the next draft version.
>
>
> On Thu, Jul 11, 2024, 7:59 AM Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
>
>> On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote:
>> > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <ilariliusvaara@welho.com
>> >
>> > wrote:
>> >
>> > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote:
>> > > >
>> > > >
>> > > > I would like add another option proposed below for HPKE JWE
>> Integrated
>> > > > Encryption Mode:
>> > > >
>> > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256".
>> > > > The "enc" value SHALL be " A128GCM".
>> > > > The hpke-aad SHALL be of the form "protected (.aad)", as described
>> in
>> > > Step
>> > > > 15 of RFC7516.
>> > > > The hpke-info SHALL be the same as is provided to concatKDF info for
>> > > > ECDH-ES, as described in
>> > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2
>> > >
>> > > JWE does not allow doing that.
>> > >
>> >
>> > Why does not JWE allow use of  {"alg" : "HPKE-P256-SHA256", "enc":
>> > A128GCM"} in case of direct key agreement mode ?
>>
>> That would preclude bulk encryption using HPKE and require using HPKE
>> secret export (SendExport* and ReceiveExport*) for generating CEK for
>> performing standard JOSE bulk encryption. More complicated to implement,
>> but does not need JWE extensions.
>>
>> When it comes to JWE modes, stuff either is or is not, there is no
>> "similar".
>>
>>
>>
>>
>> -Ilari
>>
>> _______________________________________________
>> jose mailing list -- jose@ietf.org
>> To unsubscribe send an email to jose-leave@ietf.org
>>
>

-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.37.1 | Report a Bug | By Email | System Status