On Fri, Nov 18, 2022 at 07:41:14AM -0600, Orie Steele wrote: > Just to be clear, kem is guessable in the examples based on `kid` and the > assumption that the hint is enough to get the right private key, and that > key will only ever have 1 supported kem, right? > > It's guaranteed to be known if private key is kty HPKE and kem is > required... Right?
Yes, it is guaranteed to be known if private key kty is HPKE, since the kem field in key is required (it subtypes the key). And it should always be known even for kty != HPKE keys, since it is unlikely that there ever will be two KEMs that can use the same key and have the same enc length. Currently all KEMs in HPKE use different keys, but e.g., the CP-* stuff would have the same keys as existing P-* KEMs, but the enc length is smaller (that is the whole point of CP-*). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
