Re: [COSE] [jose] Fwd: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt

[Orie Steele <orie@transmute.industries>]

Draft looks very familiar after have spent so much time with HPKE.

And it would be nice to have at least one pq encryption suite on track for
standardization.

Having different direct mode alg values for ML-KEM and HPKE that are both
basically telling you to look an enc... Is wasting registry space.

alg: dir, is sufficient.

The documents that register the new enc modes can explain why.

I think it would be better to see ML-KEM suites in HPKE, instead of seeing
duplicates.

There will also be different security issues, without the HPKE context and
key commiting, etc...

There will be worse interop with 2 ways to do the same things.

With hydrids on the horizon... it's a mistake to register hydrids twice...
Once for HPKE and once for standalone.

I think we should use HPKE until there is reason not to use it.

Is this draft motivated by implementers who could not use HPKE?

Are there critical use cases that multiple vendors need to support that
only work without using HPKE?

OS

On Tue, Mar 5, 2024, 5:34 AM tirumal reddy <kondtir@gmail.com> wrote:

> We have published a new draft
> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html,
> that describes the conventions for using Post-Quantum Key Encapsulation
> Mechanisms (PQ-KEMs) within JOSE and COSE.  Although this mechanism could
> be used with any PQ-KEM, this document focuses on Module-Lattice-based Key
> Encapsulation Mechanisms (ML-KEMs).
>
> Comments and Suggestions are welcome.
>
> -Tiru
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Sun, 3 Mar 2024 at 10:32
> Subject: New Version Notification for draft-reddy-cose-jose-pqc-kem-00.txt
> To: Tirumaleswar Reddy.K <kondtir@gmail.com>, Aritra Banerjee <
> aritra.banerjee@nokia.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>,
> Hannes Tschofenig <hannes.tschofenig@gmx.net>
>
>
> A new version of Internet-Draft draft-reddy-cose-jose-pqc-kem-00.txt has
> been
> successfully submitted by Tirumaleswar Reddy and posted to the
> IETF repository.
>
> Name:     draft-reddy-cose-jose-pqc-kem
> Revision: 00
> Title:    Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE and
> COSE
> Date:     2024-03-03
> Group:    Individual Submission
> Pages:    16
> URL:
> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.txt
> Status:   https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/
> HTML:
> https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-kem-00.html
> HTMLized:
> https://datatracker.ietf.org/doc/html/draft-reddy-cose-jose-pqc-kem
>
>
> Abstract:
>
>    This document describes the conventions for using Post-Quantum Key
>    Encapsulation Mechanisms (PQ-KEMs) within JOSE and COSE.
>
> About This Document
>
>    This note is to be removed before publishing as an RFC.
>
>    Status information for this document may be found at
>    https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc/.
>
>    Discussion of this document takes place on the cose Working Group
>    mailing list (mailto:cose@ietf.org), which is archived at
>    https://mailarchive.ietf.org/arch/browse/cose/.  Subscribe at
>    https://www.ietf.org/mailman/listinfo/cose/.
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>