On Wed, 6 Mar 2024 at 14:26, Ilari Liusvaara <[email protected]> wrote:
> On Wed, Mar 06, 2024 at 11:45:03AM +0530, tirumal reddy wrote: > > On Tue, 5 Mar 2024 at 20:12, AJITOMI Daisuke <[email protected]> wrote: > > > > > > I think we should use HPKE until there is reason not to use it. > > > > > > I agree. > > > > > > Regarding ML-KEM, I was thinking that we should add X-Wing as a PQ/T > > > Hybrid KEM to the list of COSE-HPKE ciphersuites at first. > > > > > > X-Wing: general-purpose hybrid post-quantum KEM > > > https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/ > > > > > > > X-wing is specific to hybrid schemes and it is back-ward compatible with > > X25519Kyber768Draft00. The COSE and JOSE HPKE specifications can use the > > above hybrid scheme which is already registered in HPKE IANA registry. > > No, that does not work. > > That KEM will never be published as an RFC, so the main COSE and JOSE > HPKE specifications can not reference it. And since all the HPKE > algorithms are fully specified, the main COSE and JOSE HPKE > specifications can not allow using it. > > One would need a separate draft and use that as reference for the > needed algorithms. > > X-Wing or whatever replaces it in HPKE (CFRG is just about to start the > project on hybrid KEMs) will be published as an RFC. However, that is > currently blocked on NIST publishing FIPS 203. > Sure, a separate JOSE+COSE draft can be published, and this new draft would make reference to the outcome of CFRQ. -Tiru > > > > > -Ilari > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
