On Mon, 21 Apr 2025 15:24:37 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Consider adding a String or Enum argument to `of()` with the name of the >> profile, ex "RFC9180". > > I can add a sentence saying if an implementation does not provide default > numeric algorithm identifiers then an exception will be thrown if `of()` is > used by the sender. > > I still think it's useful to provide defaults. Now that the recipient > requires the numeric algorithm identifiers to be provided, at least this will > no longer be an interop issue between implementations. As for future new KEM > or KDF algorithms for EC/XDH keys, I believe they will have different numeric > algorithm identifiers and users can just specify them so there will be need > for "HPKE2". > > In fact, suppose the current `kem_id` for XDH is found insecure one day and a > new one is defined, we can update the `@implNote` to make the new one the > default. Those using `of()` will automatically switch to the safer one and > there is no need to update the code. That said, this does need both sides > supporting the new `kem_id`. I’d prefer requiring callers to explicitly specify the three algorithm identifiers rather than introducing profile names. There are several reasons for this: 1. Clarity and consistency: These identifiers are standardized and maintained by IANA in a single registry, making them familiar and unambiguous for all HPKE implementers. 2. Profiles are not precise enough: RFC 9180 allows multiple combinations of algorithm identifiers for a single key type. We'd still need to define what the default is within this profile, which defeats the purpose of using the profile name as a shortcut. 3. Profiles are mainly for new key types: Future profiles will most likely be introduced for new key algorithms (e.g., "RFC9180" for EC/XDH, "draft-connolly-cfrg-xwing-kem" for X-Wing, and "draft-connolly-cfrg-hpke-mlkem" for ML-KEM). Unless a profile defines new combinations for existing key types, it’s not necessary to require users to select among profile names at all. On the other hand, I assume we don’t want to introduce default profiles for key algorithms. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2059310549
