I am not supportive of addressing this in draft-ietf-jose-fully-specified-algorithms with the definition of a bunch of new algorithms.
That message I sent previously[1] was little more than an offhand musing and shouldn't be construed as an actual suggestion. [1] https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/ On Wed, Apr 10, 2024 at 9:21 AM Michael Jones <[email protected]> wrote: > At IETF 119, we’d been asked to describe to the working group what > including fully-specified ECDH algorithms would look like. Please let us > know if you’re in favor of addressing this in > draft-ietf-jose-fully-specified-algorithms or not, and whether you agree > with the characterization of how to do so below, or if there are specific > changes you’d suggest. > > > > These registered JOSE algorithms are polymorphic, because they do not > include the algorithm to be used for the ephemeral key: > > > > ECDH-ES > > ECDH-ES using Concat KDF > > ECDH-ES+A128KW > > ECDH-ES using Concat KDF and "A128KW" wrapping > > ECDH-ES+A192KW > > ECDH-ES using Concat KDF and "A192KW" wrapping > > ECDH-ES+A256KW > > ECDH-ES using Concat KDF and "A256KW" wrapping > > > > Fully-specified versions of these algorithms using combinations that “make > sense”, per Brian Campbell’s suggestion > <https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/>, > would be: > > > > ECDH-ES-P-256 > > ECDH-ES using Concat KDF and P-256 > > ECDH-ES-P-384 > > ECDH-ES using Concat KDF and P-384 > > ECDH-ES-P-521 > > ECDH-ES using Concat KDF and P-521 > > ECDH-ES-X25519 > > ECDH-ES using Concat KDF and X25519 > > ECDH-ES-X448 > > ECDH-ES using Concat KDF and X448 > > ECDH-ES-P-256+A128KW > > ECDH-ES using Concat KDF and P-256 and "A128KW" wrapping > > ECDH-ES-X25519+A128KW > > ECDH-ES using Concat KDF and X25519 and "A128KW" wrapping > > ECDH-ES-P-384+A192KW > > ECDH-ES using Concat KDF and P-384 and "A192KW" wrapping > > ECDH-ES-P-521+A256KW > > ECDH-ES using Concat KDF and P-521 and "A256KW" wrapping > > ECDH-ES-X448+A256KW > > ECDH-ES using Concat KDF and X448 and "A256KW" wrapping > > > > These registered COSE algorithms are likewise polymorphic, because they do > not include the algorithm to be used with the ephemeral key or the static > key: > > > > ECDH-ES + HKDF-256 > > ECDH ES w/ HKDF -- generate key directly > > ECDH-ES + HKDF-512 > > ECDH ES w/ HKDF -- generate key directly > > ECDH-SS + HKDF-256 > > ECDH SS w/ HKDF -- generate key directly > > ECDH-SS + HKDF-512 > > ECDH SS w/ HKDF -- generate key directly > > ECDH-ES + A128KW > > ECDH ES w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-ES + A192KW > > ECDH ES w/ HKDF and AES Key Wrap w/ 192-bit key > > ECDH-ES + A256KW > > ECDH ES w/ HKDF and AES Key Wrap w/ 256-bit key > > ECDH-SS + A128KW > > ECDH SS w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-SS + A192KW > > ECDH SS w/ HKDF and AES Key Wrap w/ 192-bit key > > ECDH-SS + A256KW > > ECDH SS w/ HKDF and AES Key Wrap w/ 256-bit key > > > > Fully-specified versions of these algorithms, again using combinations > that make sense, would be: > > > > ECDH-ES-P-256 + HKDF-256 > > ECDH ES using P-256 w/ HKDF -- generate key directly > > ECDH-ES-X25519 + HKDF-256 > > ECDH ES using X25519 w/ HKDF -- generate key directly > > ECDH-ES-P-521 + HKDF-512 > > ECDH ES using P-521 w/ HKDF -- generate key directly > > ECDH-ES-X448 + HKDF-512 > > ECDH ES using X448 w/ HKDF -- generate key directly > > ECDH-SS-P-256 + HKDF-256 > > ECDH SS using P-256 w/ HKDF -- generate key directly > > ECDH-SS-X25519 + HKDF-256 > > ECDH SS using X25519 w/ HKDF -- generate key directly > > ECDH-SS-P-521 + HKDF-512 > > ECDH SS using P-521 w/ HKDF -- generate key directly > > ECDH-SS-X448 + HKDF-512 > > ECDH SS using X448 w/ HKDF -- generate key directly > > ECDH-ES-P-256 + A128KW > > ECDH ES using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-ES-X25519 + A128KW > > ECDH ES using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-ES-P-384 + A192KW > > ECDH ES using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key > > ECDH-ES-P-521 + A256KW > > ECDH ES using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key > > ECDH-ES-X448 + A256KW > > ECDH ES using X448 w/ HKDF and AES Key Wrap w/ 256-bit key > > ECDH-SS-P-256 + A128KW > > ECDH SS using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-SS-X25519 + A128KW > > ECDH SS using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key > > ECDH-SS-P-384 + A192KW > > ECDH SS using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key > > ECDH-SS-P-521 + A256KW > > ECDH SS using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key > > ECDH-SS-X448 + A256KW > > ECDH SS using X448 w/ HKDF and AES Key Wrap w/ 256-bit key > > > > Thanks all, > > -- Mike & > Orie > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
