Thanks for the pointers, I think justification should be part of the draft, either in the abstract or through a reference if there is already another standard document that explains where this mechanism makes sense to be used.
Additionally the Security considerations should list at least examples of when use of this mechanism is and is *not* acceptable. Simo. On Tue, 2025-10-28 at 15:34 +0000, Paul Bastian wrote: > Hi, > > the topic was already presented twice at IETF, so I will link the slides > here, or have a look into the video material from those sessions: > > - IETF 121: > https://datatracker.ietf.org/meeting/121/materials/slides-121-jose-designated-verifier-signatures-00 > > - IETF 123: > https://datatracker.ietf.org/meeting/123/materials/slides-123-jose-designated-verifier-signatures-for-jose-00 > > In very short: privacy through repudiation and scalability in HSM-based > systems through easier key derivation > > Is it possible that chairs link those drafts together in the > datatracker? To my knowledge and extensive search, I don't think its > possible for the author itself to do so? > > https://datatracker.ietf.org/doc/draft-bastian-dvs-jose/ > https://datatracker.ietf.org/doc/draft-bastian-jose-dvs/ > https://datatracker.ietf.org/doc/draft-bastian-jose-pkdh/ > > Best, Paul > > On 10/28/25 16:11, Simo Sorce wrote: > > On Mon, 2025-10-27 at 23:10 +0100, Karen ODonoghue wrote: > > > 8. Public Key Derived HMAC for JOSE > > > https://datatracker.ietf.org/doc/draft-bastian-jose-pkdh/ > > I fail to understand what is the point of this mechanism. > > > > Does anyone have more information than what is available in the > > abstract, which does not seem to give any good rationale about > > why this mechanism would be useful ? > > > > What is the point of using an ECDH exchange to derive a symmetric key > > to then perform a HMAC signature on a message, when the premise is that > > both parties must already have each other Public Keys anyway and > > therefore could simply apply an ECDSA signature ? > > > > Simo. > > > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
