> > If one has AKP key with Direct Key Agreement algorithm in JOSE, it is > impossible to use that with multiple recipients. In COSE, it is at > least theoretically — if the receivers support it — possible to layer > Key Wrap with Direct Key Agreement to get multiple recipients with DKA > algorithm.
It is already the case for "alg":"ECDH-ES" (JOSE ECDH Direct Key Agreement mode) that it cannot be used with multiple recipients. I don't understand why we'd do anything else for ML-KEM in Direct Key Agreement mode or how key representation plays a role in it. S pozdravem, *Filip Skokan* On Thu, 3 Jul 2025 at 17:42, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Thu, Jul 03, 2025 at 03:34:19PM +0200, Filip Skokan wrote: > > > > > > AKP can not be used with Direct Key Agreement algorithms in JOSE due to > > > causing serious operational issues with no workarounds. In COSE, there > > > are workarounds, but using AKP with DKA still causes operational > issues. > > > > > > > The correct kty for ML-KEM keys in COSE and JOSE is OKP (yes, it looks > a > > > bit odd). > > > > Can you elaborate on the serious operational issues that have no > > workarounds please? > > If one has AKP key with Direct Key Agreement algorithm in JOSE, it is > impossible to use that with multiple recipients. In COSE, it is at > least theoretically — if the receivers support it — possible to layer > Key Wrap with Direct Key Agreement to get multiple recipients with DKA > algorithm. > > JOSE-HPKE does not hit this issue because its algorithms have dual > meaning, but that is not the case here. And in COSE-HPKE, there is only > one mode. > > > > > -Ilari > > _______________________________________________ > jose mailing list -- jose@ietf.org > To unsubscribe send an email to jose-le...@ietf.org >
_______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
