IETF Logo Mail Archive

Re: [MLS] DeriveKeyPair IKM size

Simon Ser <contact@emersion.fr> Fri, 15 March 2024 14:18 UTC

Return-Path: <contact@emersion.fr>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD95C14F60C for <mls@ietfa.amsl.com>; Fri, 15 Mar 2024 07:18:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=emersion.fr
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrcCCQ9zzN80 for <mls@ietfa.amsl.com>; Fri, 15 Mar 2024 07:18:36 -0700 (PDT)
Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F23BC14F5E7 for <mls@ietf.org>; Fri, 15 Mar 2024 07:18:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=emersion.fr; s=protonmail3; t=1710512312; x=1710771512; bh=zvaj5SLZeF4snqHEQlrpAwFJ9cKsV2RZRpdUqw249Do=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=SdSMXlSWiRWMPohNdN9JVuRHlNql27eUb0JoWWfZgp2xj80IHoc2muKLqay5tsLZQ enI0QM1Q96E4wJ0FEsyu7lcoHo5mM7YxILXcxNb5x+VUyny/EcE9bqglRug6Xo/V2D JWYfOQcXM0M4L8lciE2LstCQnoWYgDsdSpC620GYo4iUQeUK8ILD8t2OT9HQ3bzZcC qj8PRtfvgUbkljCkGWC5hiQntfp5DbZaV8ccBBj2d5ycb8E4HLuAE4fugn4QEtFBQU kj2MpD/splFCTpe7HjmhIQH1DRRGntBGmHLlwmIryQm0szlxdGiFIIez/s4f9nEd0a RnvCduIV7Rs8Q==
Date: Fri, 15 Mar 2024 14:18:23 +0000
To: Rohan Mahy <rohan.ietf@gmail.com>
From: Simon Ser <contact@emersion.fr>
Cc: "mls@ietf.org" <mls@ietf.org>
Message-ID: <vehKjxkztOwNpuUfiEC2VPDDoEn6aHyE2Ur3BXwXkvRnpUNEOXeFzO9JJIAnQkAR5cAF8Ei3h4AQEdm1p_BQJcU0xNEo3CTJKs0Lv2yJkxk=@emersion.fr>
In-Reply-To: <JAUJrf-WGD7yyQOoZSgBv6M6vU_iENbRsTTKK__ZRfQOdnnb7QtO576qe6AOD1LTVVc7lsCc6e0ztBuQ_VaaQsjJglD_vFe2Bhk1UUBPJts=@emersion.fr>
References: <kE3ovynJvl22pnmihJkm7J67dybmL4xQHYxBu1vvwabY_U3X2TBJO5V3agUDnNF2aYl7z4aBupEdLteupSa7vjvXNMIdyY-GN2czK6NeDi0=@emersion.fr> <CAKoiRuYKt4jJW4TpH=k+0WU5LUPyV6P04=1-U-P64H9Wc+Sr6w@mail.gmail.com> <JAUJrf-WGD7yyQOoZSgBv6M6vU_iENbRsTTKK__ZRfQOdnnb7QtO576qe6AOD1LTVVc7lsCc6e0ztBuQ_VaaQsjJglD_vFe2Bhk1UUBPJts=@emersion.fr>
Feedback-ID: 1358184:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/PA8kK2HEBsyK1UP309vzFqRIIpc>
Subject: Re: [MLS] DeriveKeyPair IKM size
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2024 14:18:41 -0000

On Friday, March 15th, 2024 at 15:07, Simon Ser <contact@emersion.fr> wrote:

> > Note that [XWing], also contraindicates the SHOULD in [HPKE] Section
> > 7.1.3, because 2432 octets of entropy is excessive, and 32 octets is
> > expected to be sufficient.
> 
> That's not my reading of the spec: the HPKE RFC says that the "ikm parameter
> given to DeriveKeyPair() SHOULD have length at least Nsk". The "at least" part
> is key here: feeding a larger parameter satisfies the SHOULD.

Nevermind: XWing defines a HPKE KEM scheme, and stipulates that a smaller
ikm than the HPKE RFC requires is fine.

But that's orthogonal to the MLS discussion here.

v2.23.0 | Report a Bug | By Email