Hi, Regarding the list of ciphersuites in draft-ietf-cose-hpke-07:
The MLS working group observed that most people who are interested in using ChaChaPoly instead of AES are not interested in running NIST Curves either. I'll also observe that the interest in the CP NIST curves is currently unproven and that these COSE ciphersuites could be easily added later. I would like to include the X25519/Kyber768 KEM with AES and ChaChaPoly, but these could also be included later. There is substantial interest in using a hybrid KEM to prevent harvest-now/decrypt-later attacks. However, a desire to publish this spec sooner would be a perfectly reasonable justification to leave these ciphersuite out. Concretely, I would propose the following COSE HPKE ciphersuites: HPKE-Base-P256-SHA256-AES128GCM HPKE-Base-P384-SHA384-AES256GCM HPKE-Base-P521-SHA512-AES256GCM HPKE-Base-X25519-SHA256-AES128GCM HPKE-Base-X25519-SHA256-ChaCha20Poly1305 HPKE-Base-X448-SHA512-AES256GCM HPKE-Base-X448-SHA512-ChaCha20Poly1305 HPKE-Base-X25519Kyber768-SHA256-AES256GCM HPKE-Base-X25519Kyber768-SHA256-ChaCha20Poly1305 Thanks, -rohan *Rohan Mahy *l Vice President Engineering, Architecture Chat: @rohan_wire on Wire Wire <https://wire.com/en/download/> - Secure team messaging. *Zeta Project Germany GmbH *l Rosenthaler Straße 40, <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g>10178 Berlin, <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g> Germany <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g> Geschäftsführer/Managing Director: Christian Salza HRB 149847 beim Handelsregister Charlottenburg, Berlin VAT-ID DE288748675
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
