Hi, I want to offer a frame up of what seems different different philosophies on algorithm ID in COSE compared to HPKE.
It seems pretty clear that HPKE is ala carte. There are separate id’s for the AEAD, KEM and KDF and you can choose any combo you want. It’s very flexible because you can make any combo you want. It seems that COSE went for cipher suites were only the major and most useful combinations are defined (which doesn’t prevent other combos that turn out to be useful from being defined). The benefit of this approach is easier and fewer choices for non-expert users of COSE. I think it is probably easier on implementors and possibly results in libraries being more interoperable. It also eliminates some silly combinations. I didn’t look through COSE mail archives, but where I did look I couldn’t find anything that said why COSE made the choice they made, so I’m kind of guessing. Would appreciate long-time COSE people speaking up here. While I prefer ciphersuites I'm not making a case for one or the other (or some middle path) here. Mostly trying to understand. I’m looking for answers on how we will handle one message with multiple recipients, particularly where some recipients are HPKE and some are not (e.g. AES key wrap in RFC 9053 6.2) as the next step in figuring out what to do. Thx LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
