Hi,
the topic was already presented twice at IETF, so I will link the slides
here, or have a look into the video material from those sessions:
- IETF 121:
https://datatracker.ietf.org/meeting/121/materials/slides-121-jose-designated-verifier-signatures-00
- IETF 123:
https://datatracker.ietf.org/meeting/123/materials/slides-123-jose-designated-verifier-signatures-for-jose-00
In very short: privacy through repudiation and scalability in HSM-based
systems through easier key derivation
Is it possible that chairs link those drafts together in the
datatracker? To my knowledge and extensive search, I don't think its
possible for the author itself to do so?
https://datatracker.ietf.org/doc/draft-bastian-dvs-jose/
https://datatracker.ietf.org/doc/draft-bastian-jose-dvs/
https://datatracker.ietf.org/doc/draft-bastian-jose-pkdh/
Best, Paul
On 10/28/25 16:11, Simo Sorce wrote:
On Mon, 2025-10-27 at 23:10 +0100, Karen ODonoghue wrote:
8. Public Key Derived HMAC for JOSE
https://datatracker.ietf.org/doc/draft-bastian-jose-pkdh/
I fail to understand what is the point of this mechanism.
Does anyone have more information than what is available in the
abstract, which does not seem to give any good rationale about
why this mechanism would be useful ?
What is the point of using an ECDH exchange to derive a symmetric key
to then perform a HMAC signature on a message, when the premise is that
both parties must already have each other Public Keys anyway and
therefore could simply apply an ECDSA signature ?
Simo.
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
