> > So I’d amend my little formula to
> AEAD-Identifier = AEAD-Value == 7 ? 0xFFFF : AEAD-Value + 1 > or > AEAD-Identifier = AEAD-Value == 0 ? 0xFFFF : AEAD-Value > …or some such. Are you suggesting that we write such ID conversion into the spec? I think there are various difficulties with trying to squeeze information that is originally 6 bytes into 2 bytes. It's possible for HPKE to express the category of the algorithm by turning on specific bits. > Indeed. It may not be something to worry about too much :-) Of course, this was a joke. I don't think it's a good idea to assume that we can control the ID assignment rules of HPKE, or that we can control them, for the sake of a workaround specification for COSE-HPKE. > Not following — how do you get agility with a single value? The bits need > to be somewhere. I'm sorry, I was talking only about the size of the alg value. Indeed, if the alg value contains all the necessary information about the ciphersuite, then the 6-byte HPKE cipher suite information in the HPKE_Sender_Info of the COSE-HPKE specification becomes unnecessary. In terms of overall size, your proposal is indeed better. But that process is trivial. Indeed, it may be a trivial issue, but I am still opposed to the premise that we can control the HPKE specification to fit this conversion process. Best, Daisuke 2023年6月4日(日) 16:07 Carsten Bormann <[email protected]>: > On 4. Jun 2023, at 08:22, AJITOMI Daisuke <[email protected]> wrote: > > > > > Trivial to add (assign AEAD-Value 7). > > > > The AEAD-Value for Export-Only is 0xffff. I think AEAD-Value 7 cannot be > assigned. Am I wrong? > > So I’d amend my little formula to > > AEAD-Identifier = AEAD-Value == 7 ? 0xFFFF : AEAD-Value + 1 > or > AEAD-Identifier = AEAD-Value == 0 ? 0xFFFF : AEAD-Value > > …or some such. > > > > Don’t do that, then. > > > > Indeed. It may not be something to worry about too much :-) > > > > > Indeed. 2 bytes extra. As will be any a-la-carte approach. > > > > a-la-carte approach registers only one alg (HPKE-v1-Base). The > smallest-length number can be assigned to it. > > Not following — how do you get agility with a single value? The bits need > to be somewhere. > > > > Can you explain this point? > > > > The current draft utilizes the algorithm IDs (kem_id, kdf_id, aead_id) > of HPKE as they are. They are passed directly from the higher-level > application to the HPKE library, so there is no need for a conversion > process like your proposed alg_id => {kem_id, kdf_id, aead_id}. > > But that process is trivial. > (And the combinations that get a lot of use are specific numbers that > implementers will remember, such as 1024 for > DHKEM(P-256,HKDF-SHA256)/HKDF-SHA256/AES-128-GCM.) > > Grüße, Carsten > >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
