On Thu, Apr 27, 2023 at 11:46:22AM -0700, Laurence Lundblade wrote: > > I don’t see how defining key serialization specific to HPKE adds much. > It’s just another serialization format that has to be implemented in > libraries, HW and such. There’s not going to be a psa_hpke_handle_t > in MbedTLS or an EVP_HPKE_PKEY in OpenSSL is there? It’s not a > candidate to replace OKP and EC2 for all use cases, right? And it’s > kind of the same with keys for kyber. We want a serialization format > that is not HPKE specific.
HPKE kty (or somewhat nasty hacks with OKP) is required for dealing with HPKE keys in generic manner. Not being able to deal with HPKE keys in generic manner will lead into pointless extra work on both specification and implementation sides (trivial codepoints and mapping tables, or worse, something nontrivial). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
