IETF Logo Mail Archive

Re: [Suit] draft-ietf-suit-firmware-encryption: HPKE for COSE

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 17 August 2021 05:16 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 600863A15DC for <suit@ietfa.amsl.com>; Mon, 16 Aug 2021 22:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=2f6+36Of; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=2f6+36Of
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMa4x-RmzKD3 for <suit@ietfa.amsl.com>; Mon, 16 Aug 2021 22:16:33 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2049.outbound.protection.outlook.com [40.107.21.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 346633A15BB for <suit@ietf.org>; Mon, 16 Aug 2021 22:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CakjWY8AoJ+Zc30RIapvD1qk5EsCYfSpClpQnKBuoEg=; b=2f6+36OfTZRtz9BB9NAS3Dd6Aw/+xozi11j7X7iKTeIxpngljfrWPgRqNFrINJkrEywMDcOXlCe2Q8YpEYvariekeu+jr/b09y6wOnHBWnMWj6hBxCcjHQuZ1Z61azzA+3jmq+PWMkreff0CU6H25Vwys1ZGyHCAoGeoTQ/CXTM=
Received: from AM0PR03CA0061.eurprd03.prod.outlook.com (2603:10a6:208::38) by DB7PR08MB3401.eurprd08.prod.outlook.com (2603:10a6:10:41::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.18; Tue, 17 Aug 2021 05:16:23 +0000
Received: from VE1EUR03FT027.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:0:cafe::f4) by AM0PR03CA0061.outlook.office365.com (2603:10a6:208::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.14 via Frontend Transport; Tue, 17 Aug 2021 05:16:23 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT027.mail.protection.outlook.com (10.152.18.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.14 via Frontend Transport; Tue, 17 Aug 2021 05:16:21 +0000
Received: ("Tessian outbound 56612e04f172:v103"); Tue, 17 Aug 2021 05:16:21 +0000
X-CR-MTA-TID: 64aa7808
Received: from 046528c1cf7e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FAABE2F5-F7B2-4EE7-9B5B-D2C2163B60D8.1; Tue, 17 Aug 2021 05:16:15 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 046528c1cf7e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 17 Aug 2021 05:16:15 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nhywYH7fZC3bmbLGAxSH/JeLxG+1t9QhHQ4KtBvqgEKj6dkWw/5/rldzsS8vFYTuSuy5hUTBVO1hYge06aU0WbD+Xe+aiJOYhqet2KVZnr4YFpslGpwFUcyBiWeUth5kjeGpdv1Tk6B4/67bXxMEQE7eiwjT8haJSxtUBkoMseSbeakDCMrAbdsTIzct8P7apFB4CfPeseboW9De840K8eN20NHDbTzAf2cntVOCvQir2h6LB6Uzp4LpS+L1fxHAfB8ngLOLDWwoSonNwKWqLytz8idQZmLoXYaFE9zS3vXFSY/9S4LfGatBnOT275PqYTvxhlTisoKKzL4eDHvB3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CakjWY8AoJ+Zc30RIapvD1qk5EsCYfSpClpQnKBuoEg=; b=fOsI90yfzUxuyyCBfPNpBK9TfneQpJNXnslUqUuA1lyAl8p/5ebi0qqSKdanuuI5USlfX7z9e0QTzG+x2qeba89xDjMKqqtiqkeo6VIXlfkhJVBi8KBL53YPTJSkHxf99NDvRiiIiyYX5+z6AZ0y4hgF5wOVR+b3i99dajHS2YW1BJYzPjl9BfqPwe6Drh+pqgSb8x5HpOVmVsFBGNfP21mUhpr04OAWe65L37khcEr0HGMYsBtIEBazJkKs68HTv8otHA9UhWMinUJ67zRi+6EaOZNSedG3eV+A+D3xzBrQ70+OYeLUSoWNTwvRkAZAzfgEmWAT7ogDT4gYET84/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CakjWY8AoJ+Zc30RIapvD1qk5EsCYfSpClpQnKBuoEg=; b=2f6+36OfTZRtz9BB9NAS3Dd6Aw/+xozi11j7X7iKTeIxpngljfrWPgRqNFrINJkrEywMDcOXlCe2Q8YpEYvariekeu+jr/b09y6wOnHBWnMWj6hBxCcjHQuZ1Z61azzA+3jmq+PWMkreff0CU6H25Vwys1ZGyHCAoGeoTQ/CXTM=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB9PR08MB6585.eurprd08.prod.outlook.com (2603:10a6:10:250::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.16; Tue, 17 Aug 2021 05:16:15 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::1c1a:9c04:a028:2063]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::1c1a:9c04:a028:2063%6]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 05:16:15 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-ietf-suit-firmware-encryption: HPKE for COSE
Thread-Index: AdeHpCDoNCOdNbhWSi+aN/5EDvIIAQLGdoyAABoyR3A=
Date: Tue, 17 Aug 2021 05:16:15 +0000
Message-ID: <DBBPR08MB5915AA6B7D71ED2080273956FAFE9@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DBBPR08MB5915A2D3ED245147B68AF7ABFAEF9@DBBPR08MB5915.eurprd08.prod.outlook.com> <20210816164429.GD96301@kduck.mit.edu>
In-Reply-To: <20210816164429.GD96301@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: BD25D650379F3D45AE9572B365D01C95.0
x-checkrecipientchecked: true
Authentication-Results-Original: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: ce4a5632-e283-48a9-b338-08d9613e270e
x-ms-traffictypediagnostic: DB9PR08MB6585:|DB7PR08MB3401:
X-Microsoft-Antispam-PRVS: <DB7PR08MB34010E23E36B2EEA5A1FF1DEFAFE9@DB7PR08MB3401.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 7ZSaXRCaefB0fubSwhHYGddIF1SQ5UyFPzH5N/hZPQtDOYmKXmTicSlnvNPlc0WUOFlWmNWETHidj87q/e/HUnOqqxpG+0EZ9fYAt724G1nQbmaKGmeLBEDO5Yo1r5++IxgPaDyzP9cvJcd69M6rdApU+9b0nbRfyDWVAgFZfuqvm6KLirDWxvIusCOz2a8DuYo5A8HfcaqscTVgp/LSzGVYqaBc4/4YwV0QKUaURd0RMYu4wFnMr4NyWvtYzbxUENpp3HF4ejr0+cPsPfDGjJiHrrcg0LnuLUR/7qVRI06gVV+XqNSe8EpIepO4DsavhN0LcXnVCCpyO/Yjn3trH8AJOsWFvlTs+Sgd9w4HwvpdK2svwNwqQKFJJYPVHj6nH56Fj4Xmv5nhyaMe5fqgscUAVscH0MYFBd+yBMeujmgO48mVOmqihRb+ahJtxn2/BZCaUfONve/rq/LtZlBjqEDllLVXYrW/FlXN2HsSe2aKUD39/FBXCZkPcexXwWMHA4D4J+aZh+2IpBB+jsU4EMxjv3pJT9zLoJs+D38ldTfaETQs/BdCE7NPZiBs6iEzNRh0WZ7+SMihYl7YC6SHg4FVGnkLwDUboia+04Qux5vHbu0MajFKw/G0Ix5U/JnUEzw5xL5EXgIBbxLK/fF/ulZec9u9VBUyb0Gjuvhdf63LJn0zu1qyuSPeMTUkvEF/ieoUXVlir132bzjZZOMVgg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(316002)(9686003)(6506007)(52536014)(7696005)(508600001)(86362001)(83380400001)(5660300002)(53546011)(8936002)(55016002)(6916009)(38100700002)(186003)(66946007)(64756008)(76116006)(66556008)(38070700005)(66476007)(2906002)(122000001)(33656002)(4326008)(71200400001)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?b7q+giq+gsDlYgC7MiQmhUmV+DZJ5JYMjvMuftqpvCaGfOHz6EkfzkkbHZ8h?= =?us-ascii?Q?puVtzQZO4OfyHz80+IO5OEWnzFS8nxP/m06J3qX5cWhX2rgPemOKziHwXY+Z?= =?us-ascii?Q?2uzXkHhlplplr8b1NcPDUA4BaO4by99xu7tvvV4Sk+YWrlVB3t9yyBUu/Fgs?= =?us-ascii?Q?NPrklwWjsz5IUaWyuZeej9ImoHDjh3ht3SZEfEeWuozmB4eB2kjT98wD25ig?= =?us-ascii?Q?lBb7I68M70K3tISJht6ymahHTnSr2jS7tWemBmxeCZufCk4XrwWuTutsGlSJ?= =?us-ascii?Q?6oyCzgfm18tfGgKmpZoVjbiDzWT7MWf7CdpagepD9YGBe7hWQcHoFu0Uws13?= =?us-ascii?Q?Hb/p87gEAkAMFtey6fFjwCr7aBrc9OGjqDdLwLzmnnmv5eu1yiknDUokq62g?= =?us-ascii?Q?7+xTkCJ8ZAv/lih8uX7ZiVvT68t1lhWhomqcC+fffFooKkccz9Cpms5Z3rwc?= =?us-ascii?Q?Zn/o/EGgO/bQe7+k6SUaF8l4LlsW25xRpMCAgV6LzGR9hacZJAv2UfrnaJT0?= =?us-ascii?Q?o/UN7oBMLOe2OrMZV4HYKi7VM9XJAMR7Sk6fnG58jZBfYw/OED+zO6fm00vs?= =?us-ascii?Q?x+bUDscYJ8v4VRNHvahiD6eeC8Jj9271g7PtWAuZypscinCd+Tib3qxelRKY?= =?us-ascii?Q?ISaCGMGcKDpbme3lpG4GBpfNUF++sUgSE3QHeFBlMT6aForDcSjVXcRS2Mki?= =?us-ascii?Q?sm11ug3JWzJFp3pCDHDxhXvzqvzDPlsnQYP+TRaXhm9ofcd/aYbMEvbR8gQ5?= =?us-ascii?Q?xT89Vay5xdxMR2DvV0omTRyAShLy5pgJgWwMj+K24gSaRqwUa+R6XHdxEgB0?= =?us-ascii?Q?316Hl42SWeqnNQN3AgTq2oo4cQ71SyOcXYNCmEVYJWDnc7Q3e8C2BzGqAZad?= =?us-ascii?Q?XxA7b5tYZAJCVpehfJQW5+tJtYSG/U63lIuwLe2ukUhTxP7PhqA7vIcg5/Pq?= =?us-ascii?Q?TADbYWTL0zWpoeY8j92K37L2jGFOOooPgZq6ZEirN0FMwgjOko1K0mGtnncQ?= =?us-ascii?Q?oYh78VHLpBqRx7Lj6Wj1g4moWTluxaeCkHnqvfcK+c/hAJYt/4cD1Ay+HJPD?= =?us-ascii?Q?iTz5Lw+ReMLL0O0ZNJF6fibQ999RKVC1kgTB27Vx8CM+mD4HP2095UXPyo9r?= =?us-ascii?Q?Rup2AAYEpE7MXWTv/ZWdk9S2zhFULFEwNwbka0hsm2NrjDOfrH7HGyS7iBds?= =?us-ascii?Q?b+P6JcFrXqdwet10P3l4K7wGCdOALlBlIuurygQahjpyAGkUCzggJzHrODsL?= =?us-ascii?Q?sRJqp69AQ/BIUKCPD+N9EAverXnKJLkbu6J4uo2tXUOd+WC4KlQM3iEt9aza?= =?us-ascii?Q?2SW418Lb0gEsl3ir4YkSYw7WOc8XYzxkJggJRH7gQ0uI8PYZB7ztDTXFL54n?= =?us-ascii?Q?aJjqQgsTTn329XTsDBAva7VX1Fiq?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6585
Original-Authentication-Results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 20aabede-188d-4b0b-7160-08d9613e2315
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: YYVNNiRYRcPzoo92AxAhKq8C7zgydfFl51SKAE55WhPlVcIQVFzBrKeMFt6Dum8Noyd5/iKGlCYSLtt7lFEkEqWjo6SqnyXVf7fPWoM7cQIsWcIQtxhv94hJBmawPsd4cQdrfL7H/La7LpWSTK679bBR352cEZ/Tpu3x/pfNWqR2YFJbmP8gxl2kqYon+MiQaAfsHSam31Y60s4URXqB3lXze+xXrJK6lCgd2MXPhVGX5Lpd6QjKDEi8H3HxJehmXtpfy/Sht1jf7Pn2afpi3XZnixF9CfOsyAafwZDvNdL27v6eL8r2lkr1FqG0PfIy28pp5losyw8PRLp7uZwSj0ophc/UIDkQ3KTBAbSQc9vi9A5T2zrjAzUbSN+18FZlkS+htpDdHKWk3ZM9do9Odu/7TRjx59vXF5CTBLm8y8RiH2rcb7JMggtYEU1uF7QdiL/UetsIee7xhDvmYbhXiZV2EcLa6DFOFNtrspJVZawghSQUtBNYmKt53edr8NAy8K9FO0TR62qGVwPMHBC7VjZK8gu2PXddCSvs4gA7/6oHLNmeRNiXcXfjzGv+hgD71fYNLyqt5MjZl/7amjW4mMxOh+34FwtFBmA1EODqKnv+E5XIxGr7dJiwbhMGFZNXSxSFyjSfC3ngtJKjHzNaJhvNTvOOhxLtCleE6cBzXRsvsYJmIx6XJgBxL315UE6X7spL65xJePJRU0/E1Es9BA==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(376002)(39860400002)(136003)(346002)(36840700001)(46966006)(86362001)(336012)(356005)(26005)(36860700001)(2906002)(8936002)(4326008)(9686003)(52536014)(70206006)(81166007)(70586007)(316002)(83380400001)(8676002)(186003)(82740400003)(7696005)(33656002)(478600001)(55016002)(47076005)(6862004)(5660300002)(6506007)(53546011)(82310400003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 05:16:21.9587 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ce4a5632-e283-48a9-b338-08d9613e270e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3401
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/OskywgKp2jp1xGVDpGE0cEcisck>
Subject: Re: [Suit] draft-ietf-suit-firmware-encryption: HPKE for COSE
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 05:16:40 -0000

FWIW I also agree that this is the right decision because HPKE isn't specific to firmware updates.

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu>
Sent: Monday, August 16, 2021 6:44 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: suit@ietf.org
Subject: Re: [Suit] draft-ietf-suit-firmware-encryption: HPKE for COSE

On Mon, Aug 02, 2021 at 03:08:44PM +0000, Hannes Tschofenig wrote:
> Hi all,
>
> Currently we have newly introduced the use of HPKE for COSE in the firmware encryption draft.
>
> HPKE could, however, be useful for other applications using COSE as well.
>
> So, the question is: Should the HPKE functionality be defined separately for use with COSE or be defined specifically for use with firmware encryption only?
>
> The answer to this question is a bit speculative because we have to guess whether HPKE will be useful for other applications using COSE. Currently, HPKE is used in various IETF protocols (MLS, TLS Encrypted ClientHello, Privacypass) but none of those applications utilize COSE.
>
> Thoughts?

Chiming in super-late, but I agree with Russ about raising this with COSE.

-Ben
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email