Hi nettle,
The implementation was proposed as a PR [0] with all modes and all combinations of primitives described in [1].
OpenSSL has an open issue for HPKE support [2].
0 - https://git.lysator.liu.se/nettle/nettle/-/merge_requests/27 1 - https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke-10 2 - https://github.com/openssl/openssl/issues/14748
Regards Norbert Pócs
On Tue, Mar 2, 2021 at 12:58 PM Norbert Pocs npocs@redhat.com wrote:
Which combinations of public key mechanism, key derivation/expansion,
and aead are of main interest?
The required combinations for the encrypted client hello [0] in TLS will be the main focus, then continuous implementation of the others.
Do you expect the specification to be finalized soon?
I do not know when the specification will be finalized, however implementations of HPKE already exist [1]. The analysis can be found here [2].
[0] https://tools.ietf.org/html/draft-ietf-tls-esni-09#section-9 [1] https://github.com/cfrg/draft-irtf-cfrg-hpke/ [2] https://eprint.iacr.org/2020/1499
Regards Norbert Pócs
On Thu, Feb 25, 2021 at 8:02 PM Niels Möller nisse@lysator.liu.se wrote:
Norbert Pocs npocs@redhat.com writes:
My current project is the implementation of HPKE draft [0]. The first
goal
is to implement mode_base.
Hi, I was not aware of this work. It could make sense to support in Nettle, in particular if GnuTLS wants to use it.
Which combinations of public key mechanism, key derivation/expansion, and aead are of main interest?
Do you expect the specification to be finalized soon?
Regards, /Niels
-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.