On Tue, May 02, 2023 at 04:10:01PM +0900, AJITOMI Daisuke wrote: > > Using hkc there is a bad idea (it says what KEM is supported, not what > KEM it is). > > I don't think it's a bad idea. > In the new kty "HPKE-KEM", it may be possible to make "hkc" be MUST, so I > think there is no need to hesitate to use the hkc::kem.
There are uses cases where multiple values of hkc::kem make sense (key compatible with multiple KEMs, especially P-* vs CP-*). But HPKE-KEM key has exactly one primary KEM. This is as hkc is about capability. And there may be situations where it is possible to convert key from one KEM to another (e.g., P-* to CP-*). And making common key paramter that depends on kty is unprecedented, and seems like something that would cause severe implementation problems. I remember common header parameter depending on alg being shot down. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
