[jose] Re: New proposal for ECDH-MAC-based signatures

Mon, 07 Jul 2025 09:07:29 -0700 

Hi Karen,
we would like to request a session for the upcoming JOSE session in Madrid. Micha and/or Stefan would be able to present. 

Best regards, Paul

On 7/2/25 16:09, Paul Bastian wrote:


Dear working group,


in the past I presented on ECDH-MAC-based signatures, most recently at 
IETF 121 on Designated Verifier Signatures for JOSE (see 
https://docs.google.com/presentation/d/19ASMFPDBOInZhAMzyZ3Zrw7a4npRH76H2nAiXPtJFHs/edit?usp=sharing).



While the previous discussions originated from the German EUDI Wallet 
project and focused much on the privacy aspects of repudation of such 
signatures, there is renewed interest from the Swedish EUDI Wallet 
team with a focus on using Cloud-based key stores for one-time use 
credentials. Therefore we added Stefan Santesson and Peter Altmann as 
co-authors.



We updated the spec (see 
https://github.com/paulbastian/draft-bastian-jose-dvs/) to remove the 
HPKE options and are currently discussing two options on how to use 
Diffie-Hellman Key Agreement (DH-KA) and a Key Derivation Function 
(KDF) to derive a symmetric key for use with MAC-based symmetric 
signing algorithms:


 1. Use of a new JOSE Header Parameter, public key derived secret
    (pkds): Keep existing alg values (e.g., HS256), and define a new
    Header Parameter containing key agreement data (public keys,
    suite, KDF params, output length). (this direction is reflected in
    two PRs:
    https://github.com/paulbastian/draft-bastian-jose-dvs/pull/19 and
    https://github.com/paulbastian/draft-bastian-jose-dvs/pull/20)


 2. New fully specified alg values: Encode the key agreement and MAC
    algorithm together following the pattern PKDS-<DHKA>-<KDF>-<MAC>.
    (this is the existing approach in the main branch)



We welcome feedback on this direction and whether either approach fits 
within current WG priorities. We also ask for a session at IETF Madrid 
to evaluate if there is interest to adopt the draft.


Best regards,
Paul + Micha + Peter + Stefan



_______________________________________________
jose mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]






















					Reply via email to