On Wed, Mar 09, 2022 at 05:55:56PM -0500, Russ Housley wrote: > > > > On Mar 8, 2022, at 2:36 PM, Mike Prorock <[email protected]> wrote: > > > > Where the actual "kty" shakes out as we continue to improve the > > draft is yet to be seen. "PQK" made sense at the time as this > > is dealing with post quantum keys and signatures - just as > > easily we could be looking at two key types, probably by family - > > e.g. one for lattice based, and one for hash based signatures, > > or could just as easily be "OKP" - we opened an issue to track > > that here: > > https://github.com/mesur-io/post-quantum-signatures/issues/48 > > <https://github.com/mesur-io/post-quantum-signatures/issues/48> > > and will discuss on our next call. > > > > This is exactly why we wanted the broader input from the COSE WG > > https://www.rfc-editor.org/rfc/rfc8778.txt > > Is there any reason to do things differently for other hash-based > signatures?
IMO, Yes, there is a reason: HSS/LMS are stateful (note that there is no defined private key format in that RFC), while SPHINCS+ is stateless (with byte string public and private keys, and a closed set of small number of variants, which makes it map cleanly into OKP). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
