Hi Carsten,
part of the problem is that quickly get lost in details while we should
actually stay at the high level. The disagreement is at the highest level.
This is not even a new topic: the concept of algorithm registration in
security protocol is around for 30 or so years.
Ciao
Hannes
Am 20.07.2023 um 12:21 schrieb Carsten Bormann:
Hi Hannes,
I’m afraid this is even more confusing than your last note.
On 2023-07-20, at 11:48, Tschofenig, Hannes
<[email protected]> wrote:
Hi Mike,
Here is the question the working group is facing.
Should there
• be a single value associated with the combination of KEM, KDF, and
AEAD, or
“The” combination? Each combination? All combinations?
(Which means there is an additional data item containing the specific
combination.)
• individual values for each of them.
Individual *data items*, with values defined for each to be used in combination
for those additional data items?
The former design is often called ciphersuite.
Is “former” (a)? If (a) says “each specific combination”, I can parse that.
We used (a) in earlier versions of the COSE-HPKE draft (see, for example,
draft-ietf-cose-hpke-01 ) and (b) in later versions of the draft (see, for
example, draft-ietf-cose-hpke-05).
Based on my assessment of the feedback from the group, there is a preference to
switch back to the ciphersuite approach.
Right.
(And I have made a proposal to more or less solve the biggest problem with
ciphersuites, but that is somewhat orthogonal.)
Grüße, Carsten
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
