Hi Orie, Thanks for the review. Please see inline
On Tue, 5 Mar 2024 at 19:02, Orie Steele <[email protected]> wrote: > Draft looks very familiar after have spent so much time with HPKE. > > And it would be nice to have at least one pq encryption suite on track for > standardization. > > Having different direct mode alg values for ML-KEM and HPKE that are both > basically telling you to look an enc... Is wasting registry space. > > alg: dir, is sufficient. > > The documents that register the new enc modes can explain why. > > I think it would be better to see ML-KEM suites in HPKE, instead of seeing > duplicates. > > There will also be different security issues, without the HPKE context and > key commiting, etc... > > There will be worse interop with 2 ways to do the same things. > > With hydrids on the horizon... it's a mistake to register hydrids twice... > Once for HPKE and once for standalone. > > I think we should use HPKE until there is reason not to use it. > > Is this draft motivated by implementers who could not use HPKE? > HPKE supports X25519Kyber768Draft00, a hybrid scheme that combines both traditional and PQC KEM algorithms. This hybrid scheme for confidentiality serves as a transitional approach, paving the path for a future migration to PQC KEM algorithms. For more details, refer to https://datatracker.ietf.org/doc/html/draft-ietf-pquip-pqc-engineers-03#section-14. Other protocols like IPSEC are also discussing the use of PQC KEM algorithms. -Tiru > > Are there critical use cases that multiple vendors need to support that > only work without using HPKE? > > OS > > On Tue, Mar 5, 2024, 5:34 AM tirumal reddy <[email protected]> wrote: > >> We have published a new draft >> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html, >> that describes the conventions for using Post-Quantum Key Encapsulation >> Mechanisms (PQ-KEMs) within JOSE and COSE. Although this mechanism could >> be used with any PQ-KEM, this document focuses on Module-Lattice-based Key >> Encapsulation Mechanisms (ML-KEMs). >> >> Comments and Suggestions are welcome. >> >> -Tiru >> >> ---------- Forwarded message --------- >> From: <[email protected]> >> Date: Sun, 3 Mar 2024 at 10:32 >> Subject: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt >> To: Tirumaleswar Reddy.K <[email protected]>, Aritra Banerjee < >> [email protected]>, Hannes Tschofenig <[email protected]>, >> Hannes Tschofenig <[email protected]> >> >> >> A new version of Internet-Draft draft-reddy-cose-jose-pqc-kem-00.txt has >> been >> successfully submitted by Tirumaleswar Reddy and posted to the >> IETF repository. >> >> Name: draft-reddy-cose-jose-pqc-kem >> Revision: 00 >> Title: Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE >> and COSE >> Date: 2024-03-03 >> Group: Individual Submission >> Pages: 16 >> URL: >> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.txt >> Status: https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/ >> HTML: >> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html >> HTMLized: >> https://datatracker.ietf.org/doc/html/draft-reddy-cose-jose-pqc-kem >> >> >> Abstract: >> >> This document describes the conventions for using Post-Quantum Key >> Encapsulation Mechanisms (PQ-KEMs) within JOSE and COSE. >> >> About This Document >> >> This note is to be removed before publishing as an RFC. >> >> Status information for this document may be found at >> https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc/. >> >> Discussion of this document takes place on the cose Working Group >> mailing list (mailto:[email protected]), which is archived at >> https://mailarchive.ietf.org/arch/browse/cose/. Subscribe at >> https://www.ietf.org/mailman/listinfo/cose/. >> >> >> >> The IETF Secretariat >> >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
