Follow-up on my earlier email: I have updated the IANA consideration section with the proposed algorithm registry. I have also updated the examples; https://github.com/cose-wg/HPKE/blob/main/draft-ietf-cose-hpke.txt
-----Original Message----- From: COSE <[email protected]> On Behalf Of Hannes Tschofenig Sent: Friday, July 8, 2022 11:08 AM To: Ilari Liusvaara <[email protected]>; [email protected] Subject: Re: [COSE] HPKE Algorithms Hi Ilari, Thanks for working on an implementation. We should do an interoperability test. My implementation is here: https://github.com/laurencelundblade/t_cose/pull/75 I am fine with the suggested algorithm names since I have no preference. Just to confirm: 1. You would like to put - COSE_ALG_HPKE_AES_128_GCM - COSE_ALG_HPKE_AES_256_GCM - COSE_ALG_HPKE_CHACHA20_POLY1305 Into this registry: https://www.iana.org/assignments/cose/cose.xhtml#algorithms 2. You would like to put - COSE_CRV_HPKE_P256_SHA256 - COSE_CRV_HPKE_P384_SHA384 - COSE_CRV_HPKE_P521_SHA512 - COSE_CRV_HPKE_X25519_SHA256 - COSE_CRV_HPKE_X448_SHA512 into this registry: https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves Correct? Ciao Hannes -----Original Message----- From: COSE <[email protected]> On Behalf Of Ilari Liusvaara Sent: Friday, June 24, 2022 3:44 PM To: [email protected] Subject: Re: [COSE] HPKE Algorithms On Mon, Apr 25, 2022 at 04:23:37PM +0000, Hannes Tschofenig wrote: > Hi Ilari, > > Thanks for bringing this topic up again. > > There are two basic approaches for algorithm indication, namely crypto > suites vs. ala carte. Currently, the draft contains the ala carte > approach. It was my understanding that the group asked me to do this > at the interim meeting in January. I might have misunderstood. > > So, we first have to decide what approach we want to use. There is no > wrong approach here - it is just a preference. > > Let's assume we don't want the ala carte approach currently in draft > and want to individually indicate > > * KEM > * KDF > * AEAD > (Values are registered at > https://www.iana.org/assignments/hpke/hpke.xhtml) > > The question then arises where to put those values. > > You are suggesting to go the "middle"-way by combining the KEM and the > KDF and to put them into the crv (curve) parameter and to register the > values into the COSE Elliptic Curve registry. > > I personally do not have a strong preference on where to put the > values. I am soliciting preferences from the group. > > Ciao > Hannes I wrote a test implementation of embedding HPKE in COSE (passes some smoke tests, like encrypting and decrypting some messages, at this point). It grabs three alg values (currently from PU range). These encode the AEAD used: - COSE_ALG_HPKE_AES_128_GCM - COSE_ALG_HPKE_AES_256_GCM - COSE_ALG_HPKE_CHACHA20_POLY1305 And five crv values for public/private keys (also currently from PU). These encode combination of KEM and KDF. The kty is always okp (compression is not supported): - COSE_CRV_HPKE_P256_SHA256 - COSE_CRV_HPKE_P384_SHA384 - COSE_CRV_HPKE_P521_SHA512 - COSE_CRV_HPKE_X25519_SHA256 - COSE_CRV_HPKE_X448_SHA512 The code is written so that once a new KEM/KDF has been added to the HPKE library, it is one-line addition to use it in COSE. I think this way is the simplest possible. Any other kind of coupling would lead to more complicated code. KEM logically belongs to the key, and AEAD logically belongs to the message. (I measure implementation simplicity by complexity of simplest correct implementation. And I consider significantly simpler subtly incorrect implementations a significant issue.) -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
