> On Nov 28, 2022, at 1:37 PM, Stephen Farrell <[email protected]> > wrote: > > > Hiya,
Hi! > > (Aside: I'm surprised how much discussion use of HPKE has > caused here and wonder two things: 1) how that's going to > be brought to a close? and 2) what's the underlying cause > that's made the discussion tricky?) I think we’re trying to put together two different systems that think they are the defining system. For example, both COSE and HPKE have IANA registries for algorithm IDs for some of the same algorithms. Which is the right one to use? Think it took time for COSE people to understand HPKE and vice versa. Personally, I think we’re fairly close. Most of the PRs seem viable to me. This <https://mailarchive.ietf.org/arch/msg/cose/8Ga_-k_whir8Z4lzdpmPG6KDav4/> is what got me over the hump in general. > > On 28/11/2022 18:21, Ilari Liusvaara wrote: >> On Mon, Nov 28, 2022 at 09:54:51AM -0800, Laurence Lundblade wrote: >> <about HPKE auth mode> > > I'd agree with Hannes that it'd be far better to have a real > use-case before adding auth or psk modes. > > AFAIK, there aren't any other uses for those modes in other > HPKE uses so far. I think base mode is good enough for ECH > and MLE. (But do correct me if that's wrong and someone is > using some other mode.) Assuming ECH is “encrypted hello”, but that’s not really relevant for COSE, right? What’s “MLE”? Not mentioned in 9180 or 9052; I’ve been working security for decades and don’t know that one. :-) > >>> This could be in a separate draft, but we should at least anticipate >>> how mode_auth is distinguished from mode_base. >> I would say use another alg, since you wind up with nontrivial spec >> work anyway. And just substituting the mode leads to flawed results. > I don't know how to interpret "alg" in the above for sure > but, in terms of HPKE suites and interop, if you have a way > to use different modes, those ought work with the same HPKE > suites as base mode. Alg is the COSE algorithm ID header parameter. It is required by COSE and must be allocated out of the COSE IANA algorithm registry. I think the current plan is to set it to “HPKE-BASE” for the current work and when we get to mode_auth down the road we register another one, HPKE-AUTH. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
