On Wed, Mar 06, 2024 at 11:45:03AM +0530, tirumal reddy wrote: > On Tue, 5 Mar 2024 at 20:12, AJITOMI Daisuke <[email protected]> wrote: > > > > I think we should use HPKE until there is reason not to use it. > > > > I agree. > > > > Regarding ML-KEM, I was thinking that we should add X-Wing as a PQ/T > > Hybrid KEM to the list of COSE-HPKE ciphersuites at first. > > > > X-Wing: general-purpose hybrid post-quantum KEM > > https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/ > > > > X-wing is specific to hybrid schemes and it is back-ward compatible with > X25519Kyber768Draft00. The COSE and JOSE HPKE specifications can use the > above hybrid scheme which is already registered in HPKE IANA registry.
No, that does not work. That KEM will never be published as an RFC, so the main COSE and JOSE HPKE specifications can not reference it. And since all the HPKE algorithms are fully specified, the main COSE and JOSE HPKE specifications can not allow using it. One would need a separate draft and use that as reference for the needed algorithms. X-Wing or whatever replaces it in HPKE (CFRG is just about to start the project on hybrid KEMs) will be published as an RFC. However, that is currently blocked on NIST publishing FIPS 203. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
