On Tue, Dec 02, 2025 at 12:31:21PM +0530, tirumal reddy wrote: > My concern with using AKP is how the "alg" parameter works. In HPKE, "alg" > includes the KEM, the KDF, and the AEAD. If we use AKP, the same KEM key > would need multiple COSE/JOSE key objects just because the KDF or AEAD > changes. This does not make sense, because the KEM key is independent of > those choices. This is why I do not want to use AKP: the key should not > appear to change simply because the selected KDF or AEAD changes. A KEM key > should be represented independently of the full HPKE algorithm identifier.
As for potential security issues with using the same KEM key with multiple algorithms: - Poorly designed algorithms with insufficient separation. - Malicious algorithms designed to interact badly with other algorithms. However, these are not major issues, as algorithms are bad or outright malicious. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
