On Thu, Jun 13, 2024 at 1:47 AM Neil Madden <[email protected]> wrote:
> Hi all, > > We appear to have yet another long WG discussion going on about how to try > to squeeze the ground meat of HPKE into the intestinal lining of JOSE. I > know that I at least don’t have the time to follow the minutiae of these > threads. At some point should we ask if this is all worth it? My takeaway > is that HPKE is at best an awkward fit for JOSE. At best an awkward fit seems to be putting it mildly. But I might suggest that the awkwardness comes from trying to fit HPKE into JWE itself. Perhaps it'd be less awkward to do something like JWHPKE that defines independent JOSE style JSON and compact serializations specifically for HPKE and is unencumbered by constructs and constraints of RFC7516? > And if we do finally manage to make the HPKE-JOSE sausage, what have we > really gained? As far as I can tell the only real advantage is that we > might eventually get a single ML-KEM/hybrid post-quantum encryption scheme. > But with encapsulated keys that are >= 1KB in size and so totally > unsuitable for most scenarios that JOSE is used for today, where size is > extremely important. > > This all seems an awful lot of work for maybe one niche use-case > encryption scheme. And HPKE doesn’t in any way address PQ signature > schemes, which are *by far* the dominant use-case for JOSE. > > Is this really worth it? > It sure does not seem like it's worth it. > — Neil > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
