[COSE] Re: [jose] Re: JOSE HPKE algorithm identifiers

[Michael Jones]

Neil wrote:
> Given that one of the primary motivators of HPKE is use of post-quantum KEMs, 
> I’d have thought the length of the algorithm identifiers was the least of the 
> size issues.

I’ll note that none of the HPKE algorithm identified being registered use 
post-quantum KEMs.  That could happen in other specs that build on this one in 
the future, but the mission of this spec is to document how to use existing 
HPKE algorithms with JOSE.

                                                       -- Mike

From: Orie Steele <orie@transmute.industries>
Sent: Friday, December 6, 2024 6:27 AM
To: Neil Madden <neil.e.mad...@gmail.com>
Cc: Michael Jones <michael_b_jo...@hotmail.com>; j...@ietf.org; cose 
<cose@ietf.org>
Subject: Re: [jose] Re: JOSE HPKE algorithm identifiers

Adding COSE list to say... These labels will show up in the COSE registry as 
well, but their length will not be an issue, since the assigned integer will be 
used instead.

I'm supportive of shorter registered names if we can land them.

From RFC7518 - https://datatracker.ietf.org/doc/html/rfc7518#section-1

"Names defined by this specification are short because a core goal is for the 
resulting representations to be compact."

Later in, in the registration template: 
https://datatracker.ietf.org/doc/html/rfc7518#section-7.3.1

"Because a core goal of this specification is for the resulting representations 
to be compact, it is RECOMMENDED that the name be short -- not to exceed 8 
characters without a compelling reason to do so."

OS

On Fri, Dec 6, 2024 at 2:15 AM Neil Madden 
<neil.e.mad...@gmail.com<mailto:neil.e.mad...@gmail.com>> wrote:
On 5 Dec 2024, at 20:15, Michael Jones 
<michael_b_jo...@hotmail.com<mailto:michael_b_jo...@hotmail.com>> wrote:

Please see the discussion in the issue 
https://github.com/ietf-wg-jose/draft-ietf-jose-hpke-encrypt/issues/8 
(Algorithm identifiers like HPKE-P256-SHA256-A128GCM are overly verbose) and 
add your thoughts there.


Given that one of the primary motivators of HPKE is use of post-quantum KEMs, 
I’d have thought the length of the algorithm identifiers was the least of the 
size issues. Even the smallest ML-KEM ciphertexts are over 1KB when 
base64-encoded. A few bytes for an algorithm identifier seems neither here nor 
there.

— Neil
_______________________________________________
jose mailing list -- j...@ietf.org<mailto:j...@ietf.org>
To unsubscribe send an email to jose-le...@ietf.org<mailto:jose-le...@ietf.org>


--



ORIE STEELE
Chief Technology Officer
www.transmute.industries<http://www.transmute.industries/>

[https://ci3.googleusercontent.com/mail-sig/AIorK4xqtkj5psM1dDeDes_mjSsF3ylbEa5EMEQmnz3602cucAIhjLaHod-eVJq0E28BwrivrNSBMBc]<https://transmute.industries/>

_______________________________________________
COSE mailing list -- cose@ietf.org
To unsubscribe send an email to cose-le...@ietf.org