On Jun 30, 2023, at 11:52 AM, Orie Steele <[email protected]<mailto:[email protected]>> wrote:
Inline: On Fri, Jun 30, 2023 at 1:32 PM lgl island-resort.com<http://island-resort.com/> <[email protected]<mailto:[email protected]>> wrote: Still trying to keep this to objective facts and not express any opinion of mine. > On Jun 30, 2023, at 10:53 AM, Ilari Liusvaara > <[email protected]<mailto:[email protected]>> wrote: > > On Fri, Jun 30, 2023 at 05:29:32PM +0000, lgl > island-resort.com<http://island-resort.com/> wrote: >> >> >> On Jun 29, 2023, at 1:41 PM, Ilari Liusvaara >> <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> >> wrote: >> >> On Thu, Jun 29, 2023 at 04:00:09PM +0000, Jeremy O'Donoghue wrote: >> >> COSE_Sign1 and COSE_Sign+COSE_Recipient >> Single integer — The integer specifies the hash, signing algorithm and >> the curve > > It does not specify the curve (it does in JOSE, but not in COSE). Yes, you are right about that. My mistake. Also, I wrote the title wrong. It should be COSE_SIgn1 and COSE_Sign+COSE_Signature. I am not exactly sure what you are talking about here, but: https://www.iana.org/assignments/cose/cose.xhtml ES256K -47 ECDSA using secp256k1 curve and SHA-256 secp256k1 is a curve, ECDSA is an algorithm and SHA-256 is a hash function. https://www.iana.org/assignments/jose/jose.xhtml ES256K ECDSA using secp256k1 curve and SHA-256 alg But ECDSA w/ SHA-256 -7 doesn’t specify the curve as Ilari pointed out. So sometimes the COSE alg ID does specify the curve and sometimes it doesn’t. You are partially right and I both Ilari and I are partially wrong. :-) If we made an single alg ID for COSE-HPKE like this: HPKE-P-256 (similar to COSE -29 plus NIST curve key) KEM: 0x0010 DHKEM(P-256, HKDF-SHA-256) KDF: 0x0001 HKDF-SHA256 AEAD: 0x0001 AES-128-GCM It would specify the curve because HPKE KEMS identify a curve. This would reduce the number of parameters for COSE-HPKE from 3 to 2 for 2-layer COSE-HPKE encryption because you don’t need the curve from the key (but you still need the bulk content encryption alg). If you used it for 1-layer COSE-HPKE, it would be a complete full aggregation with no further parameters needed. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
