On Mon, Apr 25, 2022 at 04:23:37PM +0000, Hannes Tschofenig wrote: > Hi Ilari, > > Thanks for bringing this topic up again. > > There are two basic approaches for algorithm indication, namely > crypto suites vs. ala carte. Currently, the draft contains the ala > carte approach. It was my understanding that the group asked me to > do this at the interim meeting in January. I might have misunderstood. > > So, we first have to decide what approach we want to use. There is no > wrong approach here - it is just a preference. > > Let's assume we don't want the ala carte approach currently in draft > and want to individually indicate > > * KEM > * KDF > * AEAD > (Values are registered at https://www.iana.org/assignments/hpke/hpke.xhtml) > > The question then arises where to put those values. > > You are suggesting to go the "middle"-way by combining the KEM and the > KDF and to put them into the crv (curve) parameter and to register the > values into the COSE Elliptic Curve registry. > > I personally do not have a strong preference on where to put the > values. I am soliciting preferences from the group. > > Ciao > Hannes
I wrote a test implementation of embedding HPKE in COSE (passes some smoke tests, like encrypting and decrypting some messages, at this point). It grabs three alg values (currently from PU range). These encode the AEAD used: - COSE_ALG_HPKE_AES_128_GCM - COSE_ALG_HPKE_AES_256_GCM - COSE_ALG_HPKE_CHACHA20_POLY1305 And five crv values for public/private keys (also currently from PU). These encode combination of KEM and KDF. The kty is always okp (compression is not supported): - COSE_CRV_HPKE_P256_SHA256 - COSE_CRV_HPKE_P384_SHA384 - COSE_CRV_HPKE_P521_SHA512 - COSE_CRV_HPKE_X25519_SHA256 - COSE_CRV_HPKE_X448_SHA512 The code is written so that once a new KEM/KDF has been added to the HPKE library, it is one-line addition to use it in COSE. I think this way is the simplest possible. Any other kind of coupling would lead to more complicated code. KEM logically belongs to the key, and AEAD logically belongs to the message. (I measure implementation simplicity by complexity of simplest correct implementation. And I consider significantly simpler subtly incorrect implementations a significant issue.) -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
