Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
Russ Housley <housley@vigilsec.com> Wed, 13 December 2023 15:08 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0218DC14F689; Wed, 13 Dec 2023 07:08:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UV2eoHNGI7sT; Wed, 13 Dec 2023 07:08:29 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80232C14F685; Wed, 13 Dec 2023 07:08:29 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id D6079D8341; Wed, 13 Dec 2023 10:08:28 -0500 (EST)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id B6A46D850C; Wed, 13 Dec 2023 10:08:28 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <655A0104-EF30-42E4-862D-6D4D6E4FDDD9@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3D8A1F58-5077-4D47-A1B2-4460914858C2"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Wed, 13 Dec 2023 10:08:18 -0500
In-Reply-To: <08f701da2d9f$c043a6c0$40caf440$@gmx.net>
Cc: suit@ietf.org, teep@ietf.org, Ken Takayama <ken.takayama.ietf@gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
References: <08f701da2d9f$c043a6c0$40caf440$@gmx.net>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/sg_9FXSEtW0qUi5j_9dQt2J2WPg>
Subject: Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2023 15:08:34 -0000
I think ECDH-ES + A128KW covers more use cases. It can be used with on recipient or many recipients. So, I'd like to see that be the MTI. Russ > On Dec 13, 2023, at 3:38 AM, hannes.tschofenig=40gmx.net@dmarc.ietf.org wrote: > > Hi all, > > In the SUIT firmware encryption draft we have so far used ECDH-ES + A128KW, which is also what we implemented in t_cose to generate the examples. > > In a discussion with Ken today we realized that the SUIT-MTI draft has always used ECDH-ES + HKDF-256 instead. > > Now, the question is: Should we support both, ECDH-ES + A128KW and ECDH-ES + HKDF-256? > > IHMO we definitely need AES-KW for scenarios where we encrypt a firmware with a CEK once and then distribute that encrypted firmware image to many recipients. In this case, we > randomly generate a CEK, > encrypt the firmware using this CEK, > encrypt this CEK with a KEY unique per recipient with a KEK. The KEK is the result of using ECDH-ES with an KDF, as described in Section 6.4 of RFC 9053. > > For scenarios where we send one firmware image to one recipient we could use ECDH-ES + HKDF-256 and currently we have a little bit of overhead here by using ECDH-ES + A128KW. > > My preference is to leave the SUIT firmware encryption draft as is and to change the SUIT MTI draft to reference ECDH-ES + A128KW instead of ECDH-ES + HKDF-256. > > Thoughts? > > Ciao > Hannes >
- [Teep] ECDH-ES + A128KW vs. ECDH-ES + HKDF-256 hannes.tschofenig
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Russ Housley
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Akira Tsukamoto
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … hannes.tschofenig
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Russ Housley
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Hannes Tschofenig
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Hannes Tschofenig
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Michael Richardson
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … Hannes Tschofenig
- Re: [Teep] [Suit] ECDH-ES + A128KW vs. ECDH-ES + … lgl island-resort.com