Thanks for the review! I'm really supportive of getting a structure that can support hybrid kem, but I feel we can get there faster without adding the key type or alg points for stuff that has not yet settled in the HPKE registry fully.
Smaller documents are easier to review and faster to finish. I am strongly supportive of only registering things in this draft that people really want to use, and that are being used successfully elsewhere. It seems that there is a general desire to have: 1. NIST / not NIST 2. Traditional / Hybrid 3. Low / Mid / High security params. I would recommend we still try to keep the first set of registrations minimal. The only thing I feel sorta strongly about, is not waiting for hybrid, to publish the envelope format. Regards, OS On Tue, Nov 7, 2023, 2:01 PM Rohan Mahy <rohan.mahy= [email protected]> wrote: > Hi, > > Regarding the list of ciphersuites in draft-ietf-cose-hpke-07: > > The MLS working group observed that most people who are interested in > using ChaChaPoly instead of AES are not interested in running NIST Curves > either. > > I'll also observe that the interest in the CP NIST curves is currently > unproven and that these COSE ciphersuites could be easily added later. > > I would like to include the X25519/Kyber768 KEM with AES and ChaChaPoly, > but these could also be included later. There is substantial interest in > using a hybrid KEM to prevent harvest-now/decrypt-later attacks. However, a > desire to publish this spec sooner would be a perfectly reasonable > justification to leave these ciphersuite out. > > Concretely, I would propose the following COSE HPKE ciphersuites: > > HPKE-Base-P256-SHA256-AES128GCM > HPKE-Base-P384-SHA384-AES256GCM > HPKE-Base-P521-SHA512-AES256GCM > HPKE-Base-X25519-SHA256-AES128GCM > HPKE-Base-X25519-SHA256-ChaCha20Poly1305 > HPKE-Base-X448-SHA512-AES256GCM > HPKE-Base-X448-SHA512-ChaCha20Poly1305 > HPKE-Base-X25519Kyber768-SHA256-AES256GCM > HPKE-Base-X25519Kyber768-SHA256-ChaCha20Poly1305 > > Thanks, > -rohan > > > *Rohan Mahy *l Vice President Engineering, Architecture > > Chat: @rohan_wire on Wire > > > > Wire <https://wire.com/en/download/> - Secure team messaging. > > *Zeta Project Germany GmbH *l Rosenthaler Straße 40, > <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g>10178 > Berlin, > <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g> > Germany > <https://maps.google.com/?q=Rosenthaler+Stra%C3%9Fe+40,%C2%A0+10178+Berlin,%C2%A0+Germany&entry=gmail&source=g> > > Geschäftsführer/Managing Director: Christian Salza > > HRB 149847 beim Handelsregister Charlottenburg, Berlin > > VAT-ID DE288748675 > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
