Which combinations of public key mechanism, key derivation/expansion, and aead are of main interest?
The required combinations for the encrypted client hello [0] in TLS will be the main focus, then continuous implementation of the others.
Do you expect the specification to be finalized soon?
I do not know when the specification will be finalized, however implementations of HPKE already exist [1]. The analysis can be found here [2].
[0] https://tools.ietf.org/html/draft-ietf-tls-esni-09#section-9 [1] https://github.com/cfrg/draft-irtf-cfrg-hpke/ [2] https://eprint.iacr.org/2020/1499
Regards Norbert Pócs
On Thu, Feb 25, 2021 at 8:02 PM Niels Möller nisse@lysator.liu.se wrote:
Norbert Pocs npocs@redhat.com writes:
My current project is the implementation of HPKE draft [0]. The first
goal
is to implement mode_base.
Hi, I was not aware of this work. It could make sense to support in Nettle, in particular if GnuTLS wants to use it.
Which combinations of public key mechanism, key derivation/expansion, and aead are of main interest?
Do you expect the specification to be finalized soon?
Regards, /Niels
-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.