On Wed, 2025-07-02 at 14:09 +0000, Paul Bastian wrote: > > Dear working group, > > in the past I presented on ECDH-MAC-based signatures, most recently > at IETF 121 on Designated Verifier Signatures for JOSE > (seehttps://docs.google.com/presentation/d/19ASMFPDBOInZhAMzyZ3Zrw7a4npRH76H2nAiXPtJFHs/edit?usp=sharing > ). > > While the previous discussions originated from the German EUDI Wallet > project and focused much on the privacy aspects of repudation of such > signatures, there is renewed interest from the Swedish EUDI Wallet > team with a focus on using Cloud-based key stores for one-time use > credentials. Therefore we added Stefan Santesson and Peter Altmann as > co-authors. > > We updated the spec > (see https://github.com/paulbastian/draft-bastian-jose-dvs/) to > remove the HPKE options and are currently discussing two options > on how to use Diffie-Hellman Key Agreement (DH-KA) and a Key > Derivation Function (KDF) to derive a symmetric key for use with MAC- > based symmetric signing algorithms: > > 1. Use of a new JOSE Header Parameter, public key derived secret > (pkds): Keep existing alg values (e.g., HS256), and define a new > Header Parameter containing key agreement data (public keys, > suite, KDF params, output length). (this direction is reflected > in two PRs: > https://github.com/paulbastian/draft-bastian-jose-dvs/pull/19 and > https://github.com/paulbastian/draft-bastian-jose-dvs/pull/20) > > > 1. New fully specified alg values: Encode the key agreement and MAC > algorithm together following the pattern PKDS-<DHKA>-<KDF>-<MAC>. > (this is the existing approach in the main branch) > > We welcome feedback on this direction and whether either approach > fits within current WG priorities. We also ask for a session at IETF > Madrid to evaluate if there is interest to adopt the draft.
What is the lifetime of a *new* scheme based on classic asymmetric cryptography ? Wouldn't it be better to devise a scheme using Key Encapsulation and ML-KEM ? -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc
_______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
