Hi folks,

After we’ve worked through some of the details of 
draft-ajitomi-cose-cose-key-jwk-hpke-kem I have changed my mind and no longer 
support adoption. I think there is COSE work, but it should be in the COSE-HPKE 
draft. Any JOSE-related work should be done as part of the JOSE-HPKE work.

My reasons:

- Some of the things, like key_ops, belong in COSE-HPKE because they are 
characteristics of the COSE-HPKE integration not any change to COSE_key.

- I don’t think there should be a new kty for HPKE. There’s probably some 
HPKE-KEM ID and COSE_Key curve mapping, but I don’t think that requires a new 
kty.

- While algorithm negotiation/agreement/advert can be done with a COSE_Key, 
there are many use cases where it can’t because there is no COSE_Key or it 
makes more sense to do it as part of the application protocol layer.

- That really only leaves the COSE_Key algorithm restriction. I believe that 
amounts to the definition of a new COSE_Key parameter, “hkc” and a few 
sentences.

- It seems premature to do the JWK work until JOSE-HPKE is further along.


I’m really glad that Ajitomi created this draft and spurred this work along 
even thought I don’t support the draft as is. It is important work and we’re 
better off for the efforts! Maybe Ajitomi is added as an author to COSE-HPKE if 
some of the text and CBOR is brought in?

LL


_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to