Hello Mike, I don't find the justification for fully-specifying the alg values for JOSE ECDH-ES as sound as for JOSE EdDSA, for example, the JWE recipient already controls which curves they want to support and accept by exposing the respective public keys and their other scoping attributes (use, public key_ops, crv obviously).
I am not supportive of defining these ECDH-ES JOSE algorithm identifiers. They don't seem needed and would therefore needlessly fragment the implementation landscape even further. - Filip On Wed, 10 Apr 2024 at 14:32, Brian Campbell <bcampbell= [email protected]> wrote: > I am not supportive of addressing this in > draft-ietf-jose-fully-specified-algorithms with the definition of a bunch > of new algorithms. > > That message I sent previously[1] was little more than an offhand musing > and shouldn't be construed as an actual suggestion. > > [1] > https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/ > > On Wed, Apr 10, 2024 at 9:21 AM Michael Jones <[email protected]> > wrote: > >> At IETF 119, we’d been asked to describe to the working group what >> including fully-specified ECDH algorithms would look like. Please let us >> know if you’re in favor of addressing this in >> draft-ietf-jose-fully-specified-algorithms or not, and whether you agree >> with the characterization of how to do so below, or if there are specific >> changes you’d suggest. >> >> >> >> These registered JOSE algorithms are polymorphic, because they do not >> include the algorithm to be used for the ephemeral key: >> >> >> >> ECDH-ES >> >> ECDH-ES using Concat KDF >> >> ECDH-ES+A128KW >> >> ECDH-ES using Concat KDF and "A128KW" wrapping >> >> ECDH-ES+A192KW >> >> ECDH-ES using Concat KDF and "A192KW" wrapping >> >> ECDH-ES+A256KW >> >> ECDH-ES using Concat KDF and "A256KW" wrapping >> >> >> >> Fully-specified versions of these algorithms using combinations that >> “make sense”, per Brian Campbell’s suggestion >> <https://mailarchive.ietf.org/arch/msg/jose/LGqdnxk-ziF2Odm6CuxTUYnaKnc/>, >> would be: >> >> >> >> ECDH-ES-P-256 >> >> ECDH-ES using Concat KDF and P-256 >> >> ECDH-ES-P-384 >> >> ECDH-ES using Concat KDF and P-384 >> >> ECDH-ES-P-521 >> >> ECDH-ES using Concat KDF and P-521 >> >> ECDH-ES-X25519 >> >> ECDH-ES using Concat KDF and X25519 >> >> ECDH-ES-X448 >> >> ECDH-ES using Concat KDF and X448 >> >> ECDH-ES-P-256+A128KW >> >> ECDH-ES using Concat KDF and P-256 and "A128KW" wrapping >> >> ECDH-ES-X25519+A128KW >> >> ECDH-ES using Concat KDF and X25519 and "A128KW" wrapping >> >> ECDH-ES-P-384+A192KW >> >> ECDH-ES using Concat KDF and P-384 and "A192KW" wrapping >> >> ECDH-ES-P-521+A256KW >> >> ECDH-ES using Concat KDF and P-521 and "A256KW" wrapping >> >> ECDH-ES-X448+A256KW >> >> ECDH-ES using Concat KDF and X448 and "A256KW" wrapping >> >> >> >> These registered COSE algorithms are likewise polymorphic, because they >> do not include the algorithm to be used with the ephemeral key or the >> static key: >> >> >> >> ECDH-ES + HKDF-256 >> >> ECDH ES w/ HKDF -- generate key directly >> >> ECDH-ES + HKDF-512 >> >> ECDH ES w/ HKDF -- generate key directly >> >> ECDH-SS + HKDF-256 >> >> ECDH SS w/ HKDF -- generate key directly >> >> ECDH-SS + HKDF-512 >> >> ECDH SS w/ HKDF -- generate key directly >> >> ECDH-ES + A128KW >> >> ECDH ES w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-ES + A192KW >> >> ECDH ES w/ HKDF and AES Key Wrap w/ 192-bit key >> >> ECDH-ES + A256KW >> >> ECDH ES w/ HKDF and AES Key Wrap w/ 256-bit key >> >> ECDH-SS + A128KW >> >> ECDH SS w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-SS + A192KW >> >> ECDH SS w/ HKDF and AES Key Wrap w/ 192-bit key >> >> ECDH-SS + A256KW >> >> ECDH SS w/ HKDF and AES Key Wrap w/ 256-bit key >> >> >> >> Fully-specified versions of these algorithms, again using combinations >> that make sense, would be: >> >> >> >> ECDH-ES-P-256 + HKDF-256 >> >> ECDH ES using P-256 w/ HKDF -- generate key directly >> >> ECDH-ES-X25519 + HKDF-256 >> >> ECDH ES using X25519 w/ HKDF -- generate key directly >> >> ECDH-ES-P-521 + HKDF-512 >> >> ECDH ES using P-521 w/ HKDF -- generate key directly >> >> ECDH-ES-X448 + HKDF-512 >> >> ECDH ES using X448 w/ HKDF -- generate key directly >> >> ECDH-SS-P-256 + HKDF-256 >> >> ECDH SS using P-256 w/ HKDF -- generate key directly >> >> ECDH-SS-X25519 + HKDF-256 >> >> ECDH SS using X25519 w/ HKDF -- generate key directly >> >> ECDH-SS-P-521 + HKDF-512 >> >> ECDH SS using P-521 w/ HKDF -- generate key directly >> >> ECDH-SS-X448 + HKDF-512 >> >> ECDH SS using X448 w/ HKDF -- generate key directly >> >> ECDH-ES-P-256 + A128KW >> >> ECDH ES using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-ES-X25519 + A128KW >> >> ECDH ES using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-ES-P-384 + A192KW >> >> ECDH ES using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key >> >> ECDH-ES-P-521 + A256KW >> >> ECDH ES using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key >> >> ECDH-ES-X448 + A256KW >> >> ECDH ES using X448 w/ HKDF and AES Key Wrap w/ 256-bit key >> >> ECDH-SS-P-256 + A128KW >> >> ECDH SS using P-256 w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-SS-X25519 + A128KW >> >> ECDH SS using X25519 w/ HKDF and AES Key Wrap w/ 128-bit key >> >> ECDH-SS-P-384 + A192KW >> >> ECDH SS using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key >> >> ECDH-SS-P-521 + A256KW >> >> ECDH SS using P-521 w/ HKDF and AES Key Wrap w/ 256-bit key >> >> ECDH-SS-X448 + A256KW >> >> ECDH SS using X448 w/ HKDF and AES Key Wrap w/ 256-bit key >> >> >> >> Thanks >> all, >> >> -- Mike & >> Orie >> >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
