Hiya,
(Aside: I'm surprised how much discussion use of HPKE has caused here and wonder two things: 1) how that's going to be brought to a close? and 2) what's the underlying cause that's made the discussion tricky?) On 28/11/2022 18:21, Ilari Liusvaara wrote:
On Mon, Nov 28, 2022 at 09:54:51AM -0800, Laurence Lundblade wrote: <about HPKE auth mode>
I'd agree with Hannes that it'd be far better to have a real use-case before adding auth or psk modes. AFAIK, there aren't any other uses for those modes in other HPKE uses so far. I think base mode is good enough for ECH and MLE. (But do correct me if that's wrong and someone is using some other mode.)
This could be in a separate draft, but we should at least anticipate how mode_auth is distinguished from mode_base.I would say use another alg, since you wind up with nontrivial spec work anyway. And just substituting the mode leads to flawed results.
I don't know how to interpret "alg" in the above for sure but, in terms of HPKE suites and interop, if you have a way to use different modes, those ought work with the same HPKE suites as base mode. Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
