On Sat, Sep 14, 2024 at 05:50:18PM -0300, Karen ODonoghue wrote: > JOSE and COSE working group members, > > The following draft has been submitted for consideration by the JOSE > working group. The chairs agreed, at IETF 120, to issue a call for > adoption. > > https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/ > > Please review the document and indicate (by responding to this email > and keeping the subject line intact) whether or not you think this is > a good place to start the development of this document. Please provide > comments.
Seems like reasonable starting point (even with flaws), adapt. Some stuff I noticed in quick review: - ML-KEM is intended to be used directly. - The KDF is not FIPS-compliant. - Encoding of context structure in COSE needs to be canonical. - Ways to use public-key cryptography with JWE are defined by JWE itself. And there are three, not two. - JWE does not require "enc"/"alg" to be in JWE protected header. - JWE does not allow using JWE Encrypted Key with DKA (no way to avoid double-encoding in compact serialization). - DKA in COSE does not use ciphertext (but I don't think it is explicitly forbidden). - If DKA in COSE produces CEK or KEK depends on layer it is on. - AES-192 is poorly supported and usually replaced by AES-256. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
