> On Jul 11, 2023, at 8:50 AM, Ilari Liusvaara <[email protected]> wrote: > > On Thu, Jul 06, 2023 at 06:44:18PM +0000, lgl island-resort.com wrote: >> >>> On Jul 6, 2023, at 8:59 AM, Ilari Liusvaara <[email protected]> >>> wrote: >>> >>> On Thu, Jul 06, 2023 at 03:35:44PM +0000, lgl island-resort.com wrote: >>>> IMO the objective is to define as few as we can. “what if… “ and >>>> “what about…” will lead us astray. >>> >>> I think that any amount is either too few or too much. >> >> Yes, we’re gonna need to compromise. > > What I meant was, whatever we choose, either or both: > > - There are applications that are missing algorithms. > > This is BAD. And IMO, if this ever happens with the needed algorithms > in HPKE, COSE-HPKE has failed. COSE is absolutely wrong place for any > sort of policy. > > - There are applications that need to profile it down. > > They are already profiling COSE down! COSE is designed for that. > > > So "as few as we can" is skating on very thin ice.
There’s four levels of procedure for registering COSE algorithms, so plenty of flexibility and options there. Even after COSE-HPKE is published, you can register at the same level as those in COSE-HPKE or even make an update to the COSE-HPKE document. You couldn’t really ask for more flexibility. It’s not like an algorithm can never be used if it isn’t in the COSE-HPKE document. Don’t really see anyone falling through the ice to freeze and drown. How about we just put the NIST EC Curves in COSE-HPKE as a parallel to what’s in 9053? Then Bernstein fans can publish a document with their top 3 or top 10 algorithms. It can explain why people should use it if it wants. China also publishes a document for their top algs. Seems kinda like algorithm preference has to do with cultural and political preference, which are important and can’t be ignored, so it seems nice to organize like this. LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
