Ivo and I discussed the results from the query "Do COSE and JOSE need both
"priv" and "seed"?" sent to the COSE and JOSE mailing lists and have made the
following consensus call together, so as to unblock progress on completing the
draft. While there wasn't an easy answer, we believe that our decision
appropriately balances considerations of simplicity, practicality, and
interoperability.
Authors of draft-ietf-cose-dilithium,
Please apply these revisions and publish the result as draft 07.
* Restore the meaning of "priv" to always be the seed value.
* Delete the "seed" AKP parameter.
* State that this specification intentionally does not define a means of
utilizing the expanded private key representation defined by NIST so as to
increase interoperability by having a single ML-DSA private key representation
for COSE and JOSE.
I'll note that much of this can be accomplished by restoring text from draft 05.
Following publication of 07 with these changes, the chairs will request
publication of the specification.
The working group is aware of the LAMPS WG decision to specify both seed and
expanded representations, but that reason was mostly related by the existence
of hardware HSMs that only support the expanded format. We do not anticipate
that the same problem will exist for COSE or JOSE.
Proponents of having multiple private key representations,
If any of you feel strongly enough about wanting to also have the expanded key
representation be possible for COSE and JOSE, we would request that you create
a separate draft doing so. Such a draft would be expected to define an
optional "expanded" parameter to the AKP key type. It would include the rule
that if both "priv" and "expanded" are present, they must represent the same
private key, just as "seed" and "priv" must correspond in draft 06. The chairs
are not taking a position in this consensus call on whether such a draft should
be created or not.
Writing as COSE
chairs,
-- Ivo and Mike
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
