Here’s another reason the text should be in the COSE-HPKE draft, not in a separate draft focused on COSE_Key.
Look at the text at the end of 6.3.1 in RFC 9053 <https://www.rfc-editor.org/rfc/rfc9053.html#name-direct-ecdh>. That text is a specification of the COSE algorithms ECDH-ES + HKDF-256 and friends. It is not a specification about COSE_Keys. It’s about what happens when header parameter alg (-1) is ECDH-ES + HKDF-256 (-25) in a COSE_Encrypt or COSE_Recipient. This text in 9053 sets requirements for a COSE_Key used with ECDH-ES + HKDF-256 (-25) including the kty, alg and key_ops parameters. There should be similar text in COSE-HPKE. It should probably be very similar to the text in 6.3.1 in 9053. That text setting requirements for COSE_Keys used with COSE-HPKE should be in COSE-HPKE even if we don’t define a new kty for HPKE. The key_ops restriction is a requirement of the COSE-HPKE algorithm, not a characteristic of a COSE_Key. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
