On Tue, Apr 11, 2023 at 11:42:50AM -0500, Orie Steele wrote: > I support resolving the issues with JWK / COSE Key and HPKE. > > This document helps a lot with that, but I wonder if it is better to be > paired with the document that registers the "alg" values for use.
Well, on COSE side, there is the COSE-HPKE that defines alg. On JOSE side, it would be a major mistake to register any alg values without working out how to integrate HPKE to JOSE. Which is task that appears to be considerably harder and different than integrating HPKE to COSE. > I also fear a repeat of what some have considered mistakes, from EdDSA, > where you must inspect the keys to understand how to use the algorithm. Well, you must do that anyway. > Why not do this work in the existing adopted work item: > https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/ > > https://datatracker.ietf.org/doc/html/draft-ietf-cose-hpke-04#section-7.1 > > I would prefer to see the keys and algorithms defined together. > > I support adoption, only if there is no willingness to include key > representations in the document above, and then I prefer for both documents > to move together through the process to avoid any potential mistakes > related to reviewing them independently. I think things should be split as follows: - This document will be definition of HPKE kty for COSE and JOSE. - Any other aspects of keys in COSE (if any) go to COSE-HPKE document. - All work on other aspects of keys in JOSE is blocked on adopting JOSE-HPKE, and would go to that document. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
