Technical Summary
This document describes a scheme for hybrid public-key encryption, defined for
a combination of a key encapsulation mechanism, a key derivation function (in
an Extract/Expand form) and an AEAD mechanism. This document is a product of
the Crypto Forum Research Group (CFRG) in the IRTF.
Working Group Summary
After adopting the document it was presented in several face-to-face CFRG
meetings. There were two Research Group Last Calls for the draft in 2020. One
major change that had been made before the Second RGLC was addressing a
security related concern described by Julia Len. Julia Len later confirmed that
she is happy with the updated version of the draft. Crypto Review Panel reviews
were solicited in June 2020 and August 2020. The reviews were provided by
Jean-Philippe Aumasson and Stephen Farrell. Comments from these reviews were
addressed in -05 and -06. The authors have answered the questions raised during
the second Research Group Last Call, no questions remain unanswered.
Document Quality
There are at least ten implementations, see
https://github.com/cfrg/draft-irtf-cfrg-hpke#existing-hpke-implementations. The
construction is used in the Messaging Layer Security, Oblivious DNS Over HTTPS
and TLS Encrypted Client Hello protocols.
Personnel
Stanislav Smyshlyaev is the Document Shepherd.
Colin Perkins is the IRTF Chair.