[jose] Fully-specified ECDH algorithms

Wed, 10 Apr 2024 08:21:45 -0700 

At IETF 119, we'd been asked to describe to the working group what including 
fully-specified ECDH algorithms would look like.  Please let us know if you're 
in favor of addressing this in draft-ietf-jose-fully-specified-algorithms or 
not, and whether you agree with the characterization of how to do so below, or 
if there are specific changes you'd suggest.

These registered JOSE algorithms are polymorphic, because they do not include 
the algorithm to be used for the ephemeral key:

ECDH-ES
ECDH-ES using Concat KDF
ECDH-ES+A128KW
ECDH-ES using Concat KDF and "A128KW" wrapping
ECDH-ES+A192KW
ECDH-ES using Concat KDF and "A192KW" wrapping
ECDH-ES+A256KW
ECDH-ES using Concat KDF and "A256KW" wrapping

Fully-specified versions of these algorithms using combinations that "make 
sense", per Brian Campbell's 
suggestion<https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/>,
 would be:

ECDH-ES-P-256
ECDH-ES using Concat KDF and P-256
ECDH-ES-P-384
ECDH-ES using Concat KDF and P-384
ECDH-ES-P-521
ECDH-ES using Concat KDF and P-521
ECDH-ES-X25519
ECDH-ES using Concat KDF and X25519
ECDH-ES-X448
ECDH-ES using Concat KDF and X448
ECDH-ES-P-256+A128KW
ECDH-ES using Concat KDF and P-256 and "A128KW" wrapping
ECDH-ES-X25519+A128KW
ECDH-ES using Concat KDF and X25519 and "A128KW" wrapping
ECDH-ES-P-384+A192KW
ECDH-ES using Concat KDF and P-384 and "A192KW" wrapping
ECDH-ES-P-521+A256KW
ECDH-ES using Concat KDF and P-521 and "A256KW" wrapping
ECDH-ES-X448+A256KW
ECDH-ES using Concat KDF and X448 and "A256KW" wrapping

These registered COSE algorithms are likewise polymorphic, because they do not 
include the algorithm to be used with the ephemeral key or the static key:

ECDH-ES + HKDF-256
ECDH ES w/ HKDF -- generate key directly
ECDH-ES + HKDF-512
ECDH ES w/ HKDF -- generate key directly
ECDH-SS + HKDF-256
ECDH SS w/ HKDF -- generate key directly
ECDH-SS + HKDF-512
ECDH SS w/ HKDF -- generate key directly
ECDH-ES + A128KW
ECDH ES w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-ES + A192KW
ECDH ES w/ HKDF and AES Key Wrap w/ 192-bit key
ECDH-ES + A256KW
ECDH ES w/ HKDF and AES Key Wrap w/ 256-bit key
ECDH-SS + A128KW
ECDH SS w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-SS + A192KW
ECDH SS w/ HKDF and AES Key Wrap w/ 192-bit key
ECDH-SS + A256KW
ECDH SS w/ HKDF and AES Key Wrap w/ 256-bit key

Fully-specified versions of these algorithms, again using combinations that 
make sense, would be:

ECDH-ES-P-256 + HKDF-256
ECDH ES using P-256 w/ HKDF -- generate key directly
ECDH-ES-X25519 + HKDF-256
ECDH ES using X25519 w/ HKDF -- generate key directly
ECDH-ES-P-521 + HKDF-512
ECDH ES using P-521 w/ HKDF -- generate key directly
ECDH-ES-X448 + HKDF-512
ECDH ES using X448 w/ HKDF -- generate key directly
ECDH-SS-P-256 + HKDF-256
ECDH SS using P-256 w/ HKDF -- generate key directly
ECDH-SS-X25519 + HKDF-256
ECDH SS using X25519 w/ HKDF -- generate key directly
ECDH-SS-P-521 + HKDF-512
ECDH SS using P-521 w/ HKDF -- generate key directly
ECDH-SS-X448 + HKDF-512
ECDH SS using X448 w/ HKDF -- generate key directly
ECDH-ES-P-256 + A128KW
ECDH ES using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-ES-X25519 + A128KW
ECDH ES using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-ES-P-384 + A192KW
ECDH ES using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key
ECDH-ES-P-521 + A256KW
ECDH ES using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key
ECDH-ES-X448 + A256KW
ECDH ES using X448 w/ HKDF and AES Key Wrap w/ 256-bit key
ECDH-SS-P-256 + A128KW
ECDH SS using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-SS-X25519 + A128KW
ECDH SS using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key
ECDH-SS-P-384 + A192KW
ECDH SS using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key
ECDH-SS-P-521 + A256KW
ECDH SS using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key
ECDH-SS-X448 + A256KW
ECDH SS using X448 w/ HKDF and AES Key Wrap w/ 256-bit key

                                                                Thanks all,
                                                                -- Mike & Orie


_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to