Daisuke: In addition the the points made by Hannes, we discussed at IETF 114 that COSE-HPKE provide the same basic security services as HPKE, but the desire to use the same public key encoding as the rest of COSE has lead a somewhat different structure that the "pseudo-programming language API defined in the HPKE RFC".
Russ > On Sep 3, 2022, at 11:47 AM, Hannes Tschofenig <[email protected]> > wrote: > > Hi Daisuke, > > Let me give you a very quick response on one item. I will read through your > proposal. > > ➢ One point of concern during the IETF 114 meeting was there were several > erroneous comments that the fact that enc is an octet string is > implementation-dependent. > > We had discussed this earlier on the list and there are two data points: > > First, the HPKE RFC says that it does not specify a wire-format. In fact, > Section 10 of RFC 9180 is very explicit about this fact by saying “This > document does not specify a wire format encoding for HPKE messages.” > > Second, since Ilari did not believe me I reached out to Chris Wood, one of > the authors, and ask him personally. He confirmed my observation. > > The pseudo-programming language API defined in the HPKE RFC is not mandatory > to implement by an HPKE library. In fact, there are implementations that do > not implement that API and they are still compliant to the HPKE RFC. An > example is the HappyKey implementation by Stephen Farrell. I used his > implementation and used the PSA Crypto API rather than OpenSSL. > > Ciao > Hannes > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
