On Wed, Jul 19, 2023 at 04:52:22PM +0000, Michael Jones wrote: > As a chair, I'd like clarity on what you mean by "the single algorithm > design". Do you mean that each algorithm identifier fully specifies > all the cryptographic parameters being used? Or do you mean that a > single algorithm identifier is used for all the HPKE possibilities?
Well, the issue is deciding between those... > Speaking as an individual contributor, I fully support the first > (fully specified) choice. Whereas the second possibility will cause > endless interoperability problems. I disagree. Best case, "fully specified" design requires receiver to decode the algorithm into the same HPKE indentifiers anyway. Because HPKE absolutely requires those exact values. Those values act more like inputs to HPKE than parameters! Otherwise, the algorithms do not agree on details (e.g., how enc is transported or how ad is constructed), and you have a highway into interop hell. Whereas with single algorithm identifier for all of HPKE, those values are in array together with fourth value required by HPKE and all the other details are also done the same way. Receiver can just pass those to the HPKE code, which does the rest. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
