[COSE] JOSE & COSE: Registered Curves & Hybrids
Orie Steele <orie@transmute.industries> Thu, 28 March 2024 16:12 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 073E1C151993 for <cose@ietfa.amsl.com>; Thu, 28 Mar 2024 09:12:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.084
X-Spam-Level:
X-Spam-Status: No, score=-2.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOWT17RSZWtK for <cose@ietfa.amsl.com>; Thu, 28 Mar 2024 09:12:04 -0700 (PDT)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2EB4C151985 for <cose@ietf.org>; Thu, 28 Mar 2024 09:12:04 -0700 (PDT)
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-29dfad24f36so912336a91.0 for <cose@ietf.org>; Thu, 28 Mar 2024 09:12:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1711642324; x=1712247124; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=jpWfTdVSZ3QpWj9hmEDjGyCzaJv3MOmHmVgR3M419QA=; b=kQEkWX4QYtHben2r3vxbYP3760Y+2tWQFOrYcAjaNyLmoaAlN20Wx9HF6nDrAoBiDZ pC5ZnREjm7LsHWmg87X3Y9NT85BXaQPiSSRK08DrKvobMldT1Un0H8xFAV26Maiybus/ 6fpHVvhnvW+NKosCIJh4IlwlHPthLE+yGkl9GQ4Z7ifwChPaA43aIl6evpcrMmF4kfYF xKKKX/v8xFBWuYv9j28Ya3SSPMR9Av16l0e2h52rFt8wEAIH64NUCOwdVYS6iVNUCAjf FCfK1kzy7mZ8XwSKgoFPZyYUtl0elEjkvCaQRyCz32wEwe87qrtLD3wjknH70cMJg32Q Gzqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711642324; x=1712247124; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=jpWfTdVSZ3QpWj9hmEDjGyCzaJv3MOmHmVgR3M419QA=; b=GEDl2VtMefPfru3sDYRR1UNbvmlgzBvJPvApT6OpKCo9VdcmoU4ESmbwGm6reMUkvX eLId0FQ9Ew7yxLqtWF6g2bQmisKu2J/tN/R/7Sbavk/QeCYGn3537wu/6NgxSIZPEFsP Kx0yw1qhCI0bMM+4S95L1zy6nfiXR657uBujEuLILLR0jNWIJ9uS/nIe+/5oJBdMgQbC AnAQVqSdMjndxHoYAZc8uFzDp1RzpjLC1dzq3jJYfOa8SgzJ0XzEH5sIpoVTBgPAdiMk SZ9EHf7cR/FtSmKb9gF7W0LHuYx9KeZxy/i8fyRNd5SX2RzRO4ODQEhbVltcPhS43G9A 6pKg==
X-Forwarded-Encrypted: i=1; AJvYcCXxGta6JyJhM/uyQako2+pFVn582rRAyNFP9t/A7rOJh1q4IUJUdspCrWF542SGmQnVGjwnsNmpWbhO34fp
X-Gm-Message-State: AOJu0YyprEJ/PvnkZq+Ax7oxXgSqmgoerYUoa77T2iHler/iObDAm5sH BDGr4ay0rplrrUF+jn2mH2D/X9FSf9PAjCIXgoc1cYEZdq7OnKdorbjjYx4RQC0H9EftsJu4Tdk 0f+Xgn9cq1VA/0znpFxRFsQ1vRUUWt3sTdl/T3hVGRudj2xB68/k=
X-Google-Smtp-Source: AGHT+IFvBaX0uivksyxXbsl1tWUMBjubjULr9qrBQ4tJOI7aQuZni3gxEw69Omuclqoe1VSBd2zssjonJ8ot7WJXx0M=
X-Received: by 2002:a17:90b:3108:b0:29d:f581:3c60 with SMTP id gc8-20020a17090b310800b0029df5813c60mr3051999pjb.36.1711642323756; Thu, 28 Mar 2024 09:12:03 -0700 (PDT)
MIME-Version: 1.0
From: Orie Steele <orie@transmute.industries>
Date: Thu, 28 Mar 2024 09:11:52 -0700
Message-ID: <CAN8C-_+exTjcuxrq2r7FYzTL2-wktv44DPzSg+fkcBag6F=24g@mail.gmail.com>
To: JOSE WG <jose@ietf.org>, cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b0c6840614bac818"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/jdRA3rUT5GC-GhGCKT7foILXRQ8>
Subject: [COSE] JOSE & COSE: Registered Curves & Hybrids
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 16:12:09 -0000
See: https://mailarchive.ietf.org/arch/msg/tls/QU1kpJdGNPsIFbjTG2KlDLMdcPk/ We've got similar issues in JOSE and COSE registries. I wonder if we ought to consider similar changes to: https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves This issue has come up already in several discussions regarding ML-DSA, SLH-DSA, FN-DSA, ML-KEM and hybrids. Because JOSE and COSE tend to separate algorithms from keys, we've not seen the equivalent of curves created for lattices or hashes or hybrids. I personally think this is a good thing, since fully specified algorithms attached to a key representation is better than looking at kty -> crv -> P-256 and then just trying ES256 or ECDH-ES+A128KW. If we don't plan to create new registries for PQC related things, should we say anything about future expectations on this? Or just let curves be the last such registry and rely on tribal knowledge? OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://streaklinks.com/B6CophtBwdAFSevL3wsLS6CB/https%3A%2F%2Ftransmute.industries> ᐧ
- [COSE] JOSE & COSE: Registered Curves & Hybrids Orie Steele
- Re: [COSE] JOSE & COSE: Registered Curves & Hybri… Ilari Liusvaara