On Thu, Jul 03, 2025 at 03:34:19PM +0200, Filip Skokan wrote: > > > > AKP can not be used with Direct Key Agreement algorithms in JOSE due to > > causing serious operational issues with no workarounds. In COSE, there > > are workarounds, but using AKP with DKA still causes operational issues. > > > > The correct kty for ML-KEM keys in COSE and JOSE is OKP (yes, it looks a > > bit odd). > > Can you elaborate on the serious operational issues that have no > workarounds please?
If one has AKP key with Direct Key Agreement algorithm in JOSE, it is impossible to use that with multiple recipients. In COSE, it is at least theoretically — if the receivers support it — possible to layer Key Wrap with Direct Key Agreement to get multiple recipients with DKA algorithm. JOSE-HPKE does not hit this issue because its algorithms have dual meaning, but that is not the case here. And in COSE-HPKE, there is only one mode. -Ilari _______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
