Hi folks, After we’ve worked through some of the details of draft-ajitomi-cose-cose-key-jwk-hpke-kem I have changed my mind and no longer support adoption. I think there is COSE work, but it should be in the COSE-HPKE draft. Any JOSE-related work should be done as part of the JOSE-HPKE work.
My reasons: - Some of the things, like key_ops, belong in COSE-HPKE because they are characteristics of the COSE-HPKE integration not any change to COSE_key. - I don’t think there should be a new kty for HPKE. There’s probably some HPKE-KEM ID and COSE_Key curve mapping, but I don’t think that requires a new kty. - While algorithm negotiation/agreement/advert can be done with a COSE_Key, there are many use cases where it can’t because there is no COSE_Key or it makes more sense to do it as part of the application protocol layer. - That really only leaves the COSE_Key algorithm restriction. I believe that amounts to the definition of a new COSE_Key parameter, “hkc” and a few sentences. - It seems premature to do the JWK work until JOSE-HPKE is further along. I’m really glad that Ajitomi created this draft and spurred this work along even thought I don’t support the draft as is. It is important work and we’re better off for the efforts! Maybe Ajitomi is added as an author to COSE-HPKE if some of the text and CBOR is brought in? LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
