Inline: On Tue, Apr 11, 2023 at 2:11 PM Ilari Liusvaara <[email protected]> wrote:
> On Tue, Apr 11, 2023 at 11:42:50AM -0500, Orie Steele wrote: > > I support resolving the issues with JWK / COSE Key and HPKE. > > > > This document helps a lot with that, but I wonder if it is better to be > > paired with the document that registers the "alg" values for use. > > Well, on COSE side, there is the COSE-HPKE that defines alg. > > On JOSE side, it would be a major mistake to register any alg values > without working out how to integrate HPKE to JOSE. Which is task that > appears to be considerably harder and different than integrating HPKE > to COSE. > > > > I also fear a repeat of what some have considered mistakes, from EdDSA, > > where you must inspect the keys to understand how to use the algorithm. > > Well, you must do that anyway. > > > > Why not do this work in the existing adopted work item: > > https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/ > > > > > https://datatracker.ietf.org/doc/html/draft-ietf-cose-hpke-04#section-7.1 > > > > I would prefer to see the keys and algorithms defined together. > > > > I support adoption, only if there is no willingness to include key > > representations in the document above, and then I prefer for both > documents > > to move together through the process to avoid any potential mistakes > > related to reviewing them independently. > > I think things should be split as follows: > > - This document will be definition of HPKE kty for COSE and JOSE. > Seems like just adding the "kty" for HPKE to the HPKE COSE draft would be better. Especially since the "kty" and "hkc" are not useful by themselves. > - Any other aspects of keys in COSE (if any) go to COSE-HPKE document. > The main thing I see in the current hpke key draft is the "hkc" parameter, which maps directly to the IANA registries for HPKE and is also directly coupled to the "alg" registry and "kty"... hence my comment about just putting them in the same document. I don't understand how you can use the key draft without reading HPKE COSE at this point. And I also don't understand how to use the "alg" parameter in HPKE COSE, without defining where it goes in keys. > - All work on other aspects of keys in JOSE is blocked on adopting > JOSE-HPKE, and would go to that document. > > Yes, I agree that JOSE should not delay things, but it seems that defining JWK representation that supports the "alg", "kty" and "hpc" parameters in a way similar to COSE Key, is a reasonable place to stop. > > > -Ilari > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
