On Fri, Sep 01, 2023 at 12:17:20PM -0500, Orie Steele wrote: > On Fri, Sep 1, 2023 at 11:52 AM Ilari Liusvaara <[email protected]> > wrote: > > > On Fri, Sep 01, 2023 at 11:13:01AM -0500, Orie Steele wrote: > > > On Fri, Sep 1, 2023 at 10:59 AM Ilari Liusvaara < > > [email protected]> > > > wrote: > > > > I don't see room for alignment. > > > > What would work for one will not work for any others, because the > > signature frameworks are just different. > > > > E.g., COSE has both body and signature headers, JOSE has only signature > > headers, and PKIX (LAMPS) does not have explicit headers. > > > > This makes it necressary to apply different approaches to all three. > > > > > I think we are possibly agreeing, but speaking past each other. > > I am asserting that the "raw crypto layer" needs alignment / can be > aligned... the envelopes are of course different.
Does "raw crypto layer" mean raw cryptographic algorithms like SHA256/SHA384/SHA512/ML-DSA-44/ML-DSA-65/ML-DSA-87, or something else? If the first, of course those will be common to all. > If we added a named alg for "hash with shake256 then sign with dilithium > 5"... Beware that is prone to undesirable combinatorics. And might require nasty hacks in other to not violate JWS/COSE_Sign requirements. It would be a new parameter "hash with shake256" and alg "sign with ML-DSA-87(sic)". Bit similarly as JOSE has alg "derive key with ECDH-ES" and enc "encrypt with AES-128-GCM". > Are you asserting that it would be "implemented differently" for COSE / > JOSE / LAMPs ? The differences I was talking are: - What exactly is fed to the hash function. - What exactly is fed to the signining function. - How pre-hashing is denoted in the message. The last two are nothing new: All three feed different things to the signing function and encode their messages differently. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
