Hi Illari, Thanks for the review. Please see inline
On Tue, 5 Mar 2024 at 20:53, Ilari Liusvaara <[email protected]> wrote: > On Tue, Mar 05, 2024 at 05:03:23PM +0530, tirumal reddy wrote: > > We have published a new draft > > https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html, > that > > describes the conventions for using Post-Quantum Key Encapsulation > > Mechanisms (PQ-KEMs) within JOSE and COSE. Although this mechanism could > > be used with any PQ-KEM, this document focuses on Module-Lattice-based > Key > > Encapsulation Mechanisms (ML-KEMs). > > > > Comments and Suggestions are welcome. > > I can't make heads or tails of how this is supposed to work. Whatever it > is, it would certainly fail to be fully-specified. Moreover, I don't > think it complies with JWE either. > > The way KEMs operate is extremely similar to how ECDH-ES works. So the > way to add KEMs is to copy ECDH-ES (fully specified if needed) and make > small modifications required for it to work. > I think you are proposing the following changes: 1) Direct key Agreement: The alg parameter will carry the full specified PQ KEM with KDF and AEAD (e.g., PQ-MLKEM768-SHA3-384-AES256). No need to define "PQ-Direct" in this mode. 2) Key Agreement with Key Wrapping: alg parameter will carry the full specified PQ KEM with KDF and AEAD key wrap (e.g., PQ-MLKEM768-SHA3-384-AES256KW). The "enc" parameter will be used as usual to carry AEAD to encrypt the content. > > The two main modifications compared to ECDH-ES are: > > 1) The shared secret is generated by encapsulation/decapsulation instead > of ECDH operation. > 2) New header parameter for KEM ciphertext, as it is octet string and > not a key. > Yes, it is possible to introduce a new header parameter to carry the KEM ciphertext. Cheers, -Tiru > > The usual KDF structuctures of COSE/JOSE could be reused as-is. However, > for COSE, if HPKE ends up binding alg from one layer higher, then it > would make sense to do that here too (and if doing fully-specified > ECDH-ES, there too). > > > > ---------- Forwarded message --------- > > From: <[email protected]> > > Date: Sun, 3 Mar 2024 at 10:32 > > Subject: New Version Notification for > draft-reddy-cose-jose-pqc-kem-00.txt > > To: Tirumaleswar Reddy.K <[email protected]>, Aritra Banerjee < > > [email protected]>, Hannes Tschofenig <[email protected] > >, > > Hannes Tschofenig <[email protected]> > > > > > > A new version of Internet-Draft draft-reddy-cose-jose-pqc-kem-00.txt has > > been > > successfully submitted by Tirumaleswar Reddy and posted to the > > IETF repository. > > > > Name: draft-reddy-cose-jose-pqc-kem > > Revision: 00 > > Title: Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE > and > > COSE > > > > > -Ilari > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
