Hi Hannes,
Just on the IANA registration. Could we reuse the KEM IDs defined in HPKE [1],
but encoded as CBOR int, and just add an indication that it is an HPKE
algorithm?
We could e.g. define a COSE Header Parameter (say 'hpke-alg'; label 11)
signifying that this is an HPKE algorithm, in which case e.g. {11 : 17} would
indicate DHKEM(P-384, HKDF-SHA384).
Potentially we could also like to assign a reserved value to the COSE Header
Parameter 'alg' (say -48) to indicate HPKE, in which case {1 : -48} would
indicate "this is an HPKE algorithm".
Göran
[1] https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke-12#section-7.1
From: COSE <[email protected]> on behalf of John Mattsson
<[email protected]>
Date: Tuesday, 2 November 2021 at 14:27
To: Hannes Tschofenig <[email protected]>, [email protected] <[email protected]>
Cc: Russ Housley <[email protected]>, Brendan Moran <[email protected]>
Subject: Re: [COSE] HPKE for COSE
Hi Hannes,
- I am positive, I am very fond of HPKE in general, but I think the draft fails
to answer the question why. Why is this useful for COSE? What is the benefit
compared to using the currently defined Ephemeral-Static algorithms in COSE?
- Are the CEK and the layer 1 needed? Layer 1 and 2 are two layers of key
encapsulation on top of each other. Why not use the the KEM shared secret
directly in COSE_Encrypt?
- Is the intention to reuse Encap(pkR) several times? If you want to reuse the
same encapsulation several times it might be better to use the salt parameter
in HPKE or the IV parameter in COSE_Encrypt. The requirements on these
parameters would be much lower than on the CEKs that have very randomness
requirements.
- The IANA registration follow directly from the HPKE draft. Can we do
something smarter here so that any registered HPKE KEM can be used in COSE?
There are already new more ligthweight KEMs suggested that might be a better
fit for COSE. We can also expect registrations of all of the NIST PQC KEMs.
https://datatracker.ietf.org/doc/draft-harkins-cfrg-dnhpke/
- Editorial. I would suggest the following changes:
OLD "defined in RFC 2630 [RFC2630]"
NEW "defined in CMS [RFC2630]"
Cheers,
John
From: COSE <[email protected]> on behalf of Hannes Tschofenig
<[email protected]>
Date: Monday, 25 October 2021 at 18:58
To: [email protected] <[email protected]>
Cc: Russ Housley <[email protected]>, Brendan Moran <[email protected]>
Subject: [COSE] HPKE for COSE
Hi all,
We have just submitted the initial version of hybrid public key encryption
(HPKE) for COSE with draft-tschofenig-cose-hpke-00
This document was produced based on a discussion in the SUIT working group
where we use HPKE for firmware encryption. The believe is that HPKE can be a
more generic mechanism useful for other applications beyond SUIT.
We would like to have an agenda slot at the next meeting to introduce this work
to the group.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
