[jose] Re: New Version Notification for draft-ietf-jose-hpke-encrypt-04.txt

[Michael Jones]

Thanks for pointing out that we forgot to update the text you cited, Brian.  
I’ll create a PR to correct it.

In my experience, moving to shorter algorithm identifiers was inevitable at 
some point, especially because of people saying that parseable algorithm 
identifiers was a bad idea and could lead to people trying to use nonsensical 
and insecure combinations.

Given that there was going to be a breaking change, it seemed better to get 
through it as soon as possible.  It might have happened at WGLC.  It might have 
happened in IETF review.  It might have happened in IESG review.  But at some 
point, somebody would have forced our hands on this point.  Hopefully this will 
be the last such breaking change.

I’ll also note that this decision is partly informed by a consensus call about 
the COSE HPKE draft.  The question was whether to allow all HPKE combinations 
or to choose a specific set of “ciphersuites” that made practical sense.  The 
overwhelming consensus was to do the latter.

This change (and the corresponding anticipated change at 
https://github.com/cose-wg/HPKE/pull/60) locks the “ciphersuites” decision in 
place.

Hopefully this provides more useful context on the topic.

                                                                -- Mike

From: Brian Campbell <bcampb...@pingidentity.com>
Sent: Wednesday, December 18, 2024 12:48 PM
To: Michael Jones <michael_b_jo...@hotmail.com>
Cc: jose@ietf.org
Subject: Re: [jose] Re: New Version Notification for 
draft-ietf-jose-hpke-encrypt-04.txt

These changes to use shorter algorithm identifiers without touching the text in 
https://datatracker.ietf.org/doc/html/draft-ietf-jose-hpke-encrypt-04#section-8.1
 seems problematic. Particularly the text that says the algorithm ciphersuites 
labels are built according to the scheme: HPKE-<KEM>-<KDF>-<AEAD>.



On Wed, Dec 18, 2024 at 1:00 PM Michael Jones 
<michael_b_jo...@hotmail.com<mailto:michael_b_jo...@hotmail.com>> wrote:
Draft -04 uses the shorter algorithm identifiers, such as "HPKE-0", for the 
reasons discussed on the list.

                                Best wishes,
                                -- Mike

-----Original Message-----
From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> 
<internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>>
Sent: Wednesday, December 18, 2024 11:54 AM
To: Michael B. Jones 
<michael_b_jo...@hotmail.com<mailto:michael_b_jo...@hotmail.com>>; Tirumaleswar 
Reddy.K <kond...@gmail.com<mailto:kond...@gmail.com>>; Aritra Banerjee 
<aritra.baner...@nokia.com<mailto:aritra.baner...@nokia.com>>; Hannes 
Tschofenig <hannes.tschofe...@gmx.net<mailto:hannes.tschofe...@gmx.net>>; 
Hannes Tschofenig 
<hannes.tschofe...@gmx.net<mailto:hannes.tschofe...@gmx.net>>; Michael Jones 
<michael_b_jo...@hotmail.com<mailto:michael_b_jo...@hotmail.com>>; Orie Steele 
<orie@transmute.industries<mailto:orie@transmute.industries>>; Tirumaleswar 
Reddy <kond...@gmail.com<mailto:kond...@gmail.com>>; 
jose-cha...@ietf.org<mailto:jose-cha...@ietf.org>
Subject: New Version Notification for draft-ietf-jose-hpke-encrypt-04.txt

A new version of Internet-Draft draft-ietf-jose-hpke-encrypt-04.txt has been 
successfully submitted by Michael Jones and posted to the IETF repository.

Name:     draft-ietf-jose-hpke-encrypt
Revision: 04
Title:    Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing 
and Encryption (JOSE)
Date:     2024-12-18
Group:    jose
Pages:    19
URL:      https://www.ietf.org/archive/id/draft-ietf-jose-hpke-encrypt-04.txt
Status:   https://datatracker.ietf.org/doc/draft-ietf-jose-hpke-encrypt/
HTML:     https://www.ietf.org/archive/id/draft-ietf-jose-hpke-encrypt-04.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-jose-hpke-encrypt
Diff:     
https://author-tools.ietf.org/iddiff?url2=draft-ietf-jose-hpke-encrypt-04

Abstract:

   This specification defines Hybrid Public Key Encryption (HPKE) for
   use with JSON Object Signing and Encryption (JOSE).  HPKE offers a
   variant of public key encryption of arbitrary-sized plaintexts for a
   recipient public key.

   HPKE works for any combination of an asymmetric key encapsulation
   mechanism (KEM), key derivation function (KDF), and authenticated
   encryption with additional data (AEAD) function.  Authentication for
   HPKE in JOSE is provided by JOSE-native security mechanisms or by one
   of the authenticated variants of HPKE.

   This document defines the use of the HPKE with JOSE.



The IETF Secretariat


_______________________________________________
jose mailing list -- jose@ietf.org<mailto:jose@ietf.org>
To unsubscribe send an email to jose-le...@ietf.org<mailto:jose-le...@ietf.org>

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
e-mail and delete the message and any file attachments from your computer. 
Thank you.

_______________________________________________
jose mailing list -- jose@ietf.org
To unsubscribe send an email to jose-le...@ietf.org