Hello,
> On Nov 30, 2022, at 6:00 AM, AJITOMI Daisuke <ajit...@gmail.com> wrote:
>
> I also agree with the idea that HPKE version information can be included in
> alg whether implicitly ("HPKE-BASE") or explicitly ("HPKEv1-BASE"). In HPKE,
> an encrypted message does not contain the version information and the
> recipient needs to know it in advance to decrypt it. However, that doesn't
> mean we need to include the version information in the COSE message to be
> sent.
Seems pretty important that the recipient be able to know the HPKE version from
the message. Seems like our work would be incomplete if that needed to be
conveyed by the surrounding protocol. Also seems kind of a layering violation
to have the version number outside the message.
I think we could register HPKE-BASE and say it is v1 in the text of the IANA
registration. If there is a v2, then when it gets registered it is as
HPKEv2-BASE. Or we could just register HPKEv1-BASE to start with.
If version numbers are going to change more frequently, then it should go into
a separate parameter. I don’t have a good sense of how frequent changes will
be. Hope it’s infrequent!
LL
_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose
