Re: [lamps] Which PQC KEMs can be used for composite encryption?

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Thu, 16 September 2021 13:58 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BF263A29F4 for <spasm@ietfa.amsl.com>; Thu, 16 Sep 2021 06:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MfmWKmi+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=pqEIL11g
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGqHNzQFFB65 for <spasm@ietfa.amsl.com>; Thu, 16 Sep 2021 06:58:27 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D26053A2A03 for <spasm@ietf.org>; Thu, 16 Sep 2021 06:58:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1219; q=dns/txt; s=iport; t=1631800706; x=1633010306; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Zg0jfghbHL6U7qyT5b+nrYXL5GRKW4rXqbX16atl71s=; b=MfmWKmi+oGn5IN1n6kkfdYgTnIlZX+nHh44L42TV0fMVlJcjrQMTE0bf z1xx5TPUmiEvnThlErI7E9QwOHJcGi+uaaCGMApxVLCFOHN05CrI2bCwd UAwA4DksXSUkYbyH3bB+7oh1fhHHlNUKLoXDfwYYOfcfso5YlNo8sJbav E=;
X-IPAS-Result: =?us-ascii?q?A0DlAQDuTENhl4YNJK1aHAEBAQEBAQcBARIBAQQEAQFAg?= =?us-ascii?q?VmBU1GBWDcxiA8DhTmICAOaXIJTA1QLAQEBDQEBQQQBAYR9AoJGAiU4EwECB?= =?us-ascii?q?AEBAQEDAgMBAQEBBQEBBQEBAQIBBgQUAQEBAQEBAQGBCIVoDYZCAQEBAQIBE?= =?us-ascii?q?igGAQE3AQQLAgEINhAyJQEBBA4NGoJPglYDDiEBphgBgToCih94gTOBAYIIA?= =?us-ascii?q?QEGBASFChiCNAmBOoJ/hweDfSccgUlEgViCNzA+hEaDS4Iuh0hQEWhzgSUGE?= =?us-ascii?q?1QBChG9ewqDK558FKcFlhylLwIEAgQFAg4BAQaBeCKBW3AVO4JpURkPjiAZg?= =?us-ascii?q?1mKXnQ4AgYLAQEDCY95AQE?=
IronPort-PHdr: A9a23:wj0IVRLV7ZeiIwdwZ9mcuXsyDhhOgF28FhEY7pogzblJd/fr85fjO RnZ4vNgxB/MUJ7A4v1Jw+zRr+j7WGMG7JrA1RJKcJFFWxIfz8lDmQsmDZ2aBEn7K7jhaClpV MhHXUVuqne8N0UdEc3iZlrU93u16zNaGhj2OQdvYOrvHYuHhMWs3Of08JrWMG11
IronPort-Data: A9a23:shTtI6rLnJOoJ0D5805ZfhsI9V9eBmIcZRIvgKrLsJaIsI4StFCzt garIBmBMvuJZzPzed50a4jjo08Dv5Hcn4VkSVFkrywxFitD+ePIVI+TRqvS04x+DSFioGZPt Zh2hgzodZhsJpPkS5TE3oHJ9RGQ74nQLlbHILOCan0ZqTNMEn970EoywrBh2OaEvPDga++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFJZH4rHpxdGlOjKmVi8kFWc M6YpF2x1juxEx7AkbpJmJ6jGqEBaua60QRjFhO6VoD66iWuqBDe3Y4bb6EkMWBbkgyLxftNk opQ67zgSBsQa/ikdOQ1C3G0Egl3OalAvbTAO3X66JbVxEzdeHyqyPJrZK00FdRHoaAsXycXr rpBc2xlghOr34paxJqgRO1xht4uNuHgPZgUvTdryjSx4fMOHs2ZH/ybu4MHtNs2rtFUELHCe +UeUABMZRvDREN+YWg3EKtryY9EgVGmI2EH9zp5v5Ef+HDa1wlZ0bXxPpzSYNPibeFYmUCZq yTs5XnyARwAKPSExDGY9H+wwOTImEvTWYYbDry89+NxnlSa3GU7FxASVVz9qv684nNSQPpWL 0gSvyEpt6V3rRbtRdjmVBr+q3mB1vIBZzZOO81hsznV7abN2gTDLVReESMfSIwnqPZjEFTGy WS1c8PV6S1H6ePOEC/MqejK81teKgBOdjdTP39soR8tpoi9/t1u0nojW/4+SMaIYsvJ9SYcK txghAE6g7gV5SLg//rmpQid695AS2Sgc+LYzgzTWmTg5QRjacv8PeRECGQ3D94dd+51rXHY4 RDofvRyCshVVflhcwTWG40w8EmBvartDdElqQcH82MdG9GRF5iLI9g4DNZWehwBDyr4UWSBj LL74FkIv8YDYBNGk4coPdLZ5zsWIVjITIS5Ca+8gitmSZlqfwjPxzB1eUOVxAjQfLsEwPhjZ cbKGftA+U0yUPw9pBLvHr91+eZymkgWmDOCLbimnk/P+efPOxa9F+xfWHPQNb9R0U9xiFiMm zqpH5DRkEs3vSyXSnS/zLP/2nhRcSFgVMyp8pcOHgNBSyI/cFwc5zbq6etJU+RYc259z48kI lnVtpdk9WfC
IronPort-HdrOrdr: A9a23:M55D8Kh+dxVU3jzfRT1yHEYoxnBQX4J23DAbv31ZSRFFG/FwyP rOoB1L73HJYWgqN03IwerwR5VpQRvnhPlICPoqTMmftW7dySuVxeBZnMrfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIUOrIouP3ipxA7N22pxwGIG0aCNAD0+46MHfnLqQcfnghOXNNLu vl2iMxnUvYRZ14VLXeOlA1G8z44/HbnpPvZhALQzQ97hOVsD+u4LnmVzCFwxY3SVp0sPUf2F mAtza8yrSosvm9xBOZ/XTU9Y5qlNzozcYGLNCQi/ISNi7nhm+TFcFcsvy5zXQISdOUmRAXee r30k4d1gNImivsl1SO0FzQMs/boW0TAjHZuAWlaDDY0L3ErXoBerp8bMRiA0bkA45KhqAi7E qNtFjp66a/RCmw7xjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklXavoMRiKo7zPKt MeRv00JcwmBm+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBKVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaNKAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu4ljDlhCy/TBrZ/QQGO+oXwV4r6dSsQkc7vmsq yISeBr6tfYXB/TJbo=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.85,298,1624320000"; d="scan'208";a="752419647"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Sep 2021 13:58:25 +0000
Received: from mail.cisco.com (xbe-rcd-002.cisco.com [173.37.102.17]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 18GDwPpN027315 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 16 Sep 2021 13:58:25 GMT
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xbe-rcd-002.cisco.com (173.37.102.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 16 Sep 2021 08:58:24 -0500
Received: from xfe-aln-002.cisco.com (173.37.135.122) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 16 Sep 2021 08:58:24 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 16 Sep 2021 08:58:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PkHheGN4qMYHeJ9Bjdz7uwXeTXQHNtGqRLxouDU6bARpCgNzy8Zdpjv6/cZYoeKENzOuqqIocJZTCcWQPkwdhaoCrsoL313xlE1O189bRmH4Nt0twL5E6v2m2TJltwCYO/6Zv0THJjtLOgLwPCj3jB9h/pb2t/LwWRmQZ4bX8TqDUjWdZ5gC6Q+qksUVD4W/iGiFGM3hhrXM0qepAzLOWs1MuL8Uau/BwUXousf7hzayQxyuEVJEwgh3R8XqNpx0rD9eqtB8XLYSanHDshPxxKPCQ09JaBE9N+53wwQFxG3NhETmtpv7jaqyDlZZutUeozVi7ErYtCgmezy5QYExCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oXRAqmVpHtSg7r7iR4ICCqLI3nSqFlqSEYtqotuY2WI=; b=AFVimAwIT1EA6rnrdqxYnxmYy//1I/JlmAJno4uzlbIP7CoqGhF9gDzItxHRZAQJ07a1kLf17gdAyDieVZkNv4JlZbjZcMA9G7swQJJzTI+iKY4Uoq/USdMf3k62torf+DryFw0nMxR1fkDGg2folZcdI+6k09EgqA+PAHTpxXDFGzo4Q5+Xbf58e9xYkP3EPpUVa7988T8V7CXYpNNyGELF4dKpzt3bPIaM21UoneH0gPVyoqd/VMVoZ7x1E1ZHsMRL2fWpLJBcOUMj1qY/56Ve6LmmS3CnUSmpl9+olJQpFVdlzNFzhj+3RwUOF3b/clpylPLVYD4dGLAkPVDBJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oXRAqmVpHtSg7r7iR4ICCqLI3nSqFlqSEYtqotuY2WI=; b=pqEIL11gO6PVvHweIwNjNhVmm/CQps/okDFRTcIqIHskrFDXWqdQ8jFcAxMHQIMscvkVbz8ZQGEu5B8qB3O65sxhOcMjmo2i8Diq71CgIeXP4z2o/dKn7epxLMOXLkT2VfAyL5f0mIlyoVFygqdzcNTplBA3n4CpdxL8zwteRJo=
Received: from BL3PR11MB5682.namprd11.prod.outlook.com (2603:10b6:208:33d::18) by BL1PR11MB5318.namprd11.prod.outlook.com (2603:10b6:208:312::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.16; Thu, 16 Sep 2021 13:58:23 +0000
Received: from BL3PR11MB5682.namprd11.prod.outlook.com ([fe80::489e:fc66:a924:b5e]) by BL3PR11MB5682.namprd11.prod.outlook.com ([fe80::489e:fc66:a924:b5e%3]) with mapi id 15.20.4523.016; Thu, 16 Sep 2021 13:58:23 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
CC: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] Which PQC KEMs can be used for composite encryption?
Thread-Index: AdeqG5+virMmP+tFQ5WeytN7CFzMdAAR0uAAACc3HDA=
Date: Thu, 16 Sep 2021 13:58:23 +0000
Message-ID: <BL3PR11MB56822BD25C6CD932BC13CB14C1DC9@BL3PR11MB5682.namprd11.prod.outlook.com>
References: <e281b09a816e46d9a36a388c1e5ff6fa@secunet.com> <YUJBEi0mupUbcyvA@LK-Perkele-VII2.locald>
In-Reply-To: <YUJBEi0mupUbcyvA@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: welho.com; dkim=none (message not signed) header.d=none;welho.com; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e2b7e268-fbe7-43d9-468d-08d9791a0c7c
x-ms-traffictypediagnostic: BL1PR11MB5318:
x-microsoft-antispam-prvs: <BL1PR11MB53187CFFA2E87A254EACC65DC1DC9@BL1PR11MB5318.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QmzOH8GMAUhlxEHKs32XMDCYgE0dT3yciWStknSOlpsi9zXzKGWxXo69hrXge7ZrSWBsooYv9Lf3L28yYJFZJQ0PrrM/n8Xe+GhYnEVPpgswuD4SGpZvr0zEGy2rGV7n6nA+j2Gc1W0Us80zOJAahvQOJJ2sV86JI1Pa2IjzdKFB8QrWcJJcMGd7NjGMGXecg+AbuSJcd3SyRiHLLWi2be2NoedTPF8h5PKnExd5Adph4CmVVnIT0MW5aAss/Li7iOgdZ35lGFWIA5BsQCPzvAmACYk6CoP1etmyeHMLXuBDeaYUSdrglxQGgH9Xv2KeNKXY4Xwht75BSdAyKUFKgJMgc50cF8qQM2IMQpH/SHaV1MJqE3yL8/J8vWha+6XtpcEMlSKGVv2ML7NJhTNeXyG387KvHmJnG6qPKW/hDkreP4i28O6dMAhzchnsAA096yAe09YPx14QrW/MTIj6jW+H+pddvDeFroIeFF/qv23Utk4zwOLiOScDnfTsHURp4ew3nXkjUgoqGbMIGS4Iu+JSrVecenvUWzsTCG3sM+SS8tjR6OqRKZ56N2/wIg6eQi7Xnqf3d6ooVZpJxdTvugUcsIPZbypLQUQYl6O8Nc5ATHO/hsOpSOlhKstoivdYqVd3UtaHDyWpm1ZQ+WclOUP+VZu/u50WxE7wfi+3BGLkvEyB+SDL3NW7LSjqhu0c1S263prhevCzUDTQDwYfdQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB5682.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39860400002)(376002)(366004)(346002)(396003)(6506007)(66946007)(110136005)(316002)(76116006)(26005)(4326008)(5660300002)(8936002)(7696005)(478600001)(64756008)(66446008)(66556008)(66476007)(55016002)(52536014)(86362001)(9686003)(2906002)(122000001)(33656002)(186003)(8676002)(38070700005)(38100700002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?YeafWYSIpVlCLhpO+MPy+9Yx69HNzhrQ+DvSCI1Mdp7MOulmE+zjbi77YRPU?= =?us-ascii?Q?FpJcEKEJxbMNU/fez/o8oV2IruZsD/HUXl7KYOuzq+qXXDyPq6wHmq5a2YPs?= =?us-ascii?Q?HjQODCJ9COm6gTDByfbp4rCDLF/k4LuleZ3nSVIyg+0D+c56gm5c/VJpkuKO?= =?us-ascii?Q?x1ZNG4EsXTsVYQXHSNGWZH2VQpIv4mxUTssU1ueSB5qyfxiH8Ki/m/eMplQF?= =?us-ascii?Q?k8BHq2pKNMRzabiow28Zrf8mlA2jvDG90ApQ1/oEWSJogW1UwNf21GbFuwlB?= =?us-ascii?Q?S0UemfziofdL0085uX8QkPuxQxdjqr0mYO9b4WhariZg4t0W9X9erbttfq22?= =?us-ascii?Q?m1/UvqrggIyCRwjT0dQAUuf4voAptWyhOwN0gKgm4AjRJ+FNVAHihP+INT0b?= =?us-ascii?Q?2t2bhwRu+4lVxGqUhG/PXXFmF5w3dAtvqGmujMalNgpYr4n5IBw+zQjLPk/Z?= =?us-ascii?Q?i8sRp7y3lHD/Tn05vPTZnvJEo7eUXk10XaLHxgoLJT1KHf51SkXspm/vjlHC?= =?us-ascii?Q?hRjtIz5WXcAvF+pl/06Dc5KMCwHiGgbhKcZ62YJDTQI0XagXkaJiF81/f9CY?= =?us-ascii?Q?fR0UZQZNNMjiNkWYt3TXCQjkDPJBNvNuxK4YZbQF12IQNa0h5vP+tm3U5JXM?= =?us-ascii?Q?kS8w/lPROUPNRElSg1EcOW5gEHmRzUD5hKLaCqMeSL5kl9tVo+fbfp0xtrgl?= =?us-ascii?Q?lm2+KDG3OI9OJ0wvyP9APw9gfkXZJtB+yEyjWyRyhI3GJX0b3DfpA9LOFdFD?= =?us-ascii?Q?W8ArQjdxRr0Od1r3XiTMYigfhK+EuVX3+81uEFLNGd1OZPrZZW98BLRTuPmY?= =?us-ascii?Q?i0dWYX/ZNdR0SZVvpOAomI5ssFGiS0ZPkbBr/mKEkpDhO9sO1TnfiF7ECb4H?= =?us-ascii?Q?r27spr1mSOYe5H/FkDKFAYcQcT80KCsI943cR8aTxCU246qx//cO+fXLK2q1?= =?us-ascii?Q?uJA52W+9YTTd/JlGnmhcpfj0+YqEjjODCmsfWALD8TczAbE/5Di/v7N9MJOT?= =?us-ascii?Q?2rfCizaHQHphtUHlbXAotnA1t5VlL1rv4vrj0nRU+1OWbncz4tIuWEMpBPl2?= =?us-ascii?Q?4MhJ0Ff81e0CM6T8KgysS7VooDhXa5rO0Ay47ntgTuSt0nt+gTYOuUgb/twO?= =?us-ascii?Q?BUDWilmxmeIHKcRK+acryO8nTMbF+ddFNQGcmA4IdTx1xogjVXGiXhp/PBEk?= =?us-ascii?Q?znzJRZ/TAd1k0YLApb75EYooipGwsHT7EV28pB9xbS1P/tWtW/Leqy0GRSo5?= =?us-ascii?Q?J3md8uXNKmHMljMyRBJILLSnzUyCQW2viraqW1gEMTqy1B89gJeiuu7junWk?= =?us-ascii?Q?w3S3WYDSxtb3USsxXdx9vx8g?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB5682.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e2b7e268-fbe7-43d9-468d-08d9791a0c7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2021 13:58:23.3763 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ArUx0u69qBLxcihU3ocLOPxh8I5bW2rAhqu+rzHLSalRdPLK0PGfsa7SQjs+PF2eSG+mZoY6hdAxjGqU9LULJw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5318
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xbe-rcd-002.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/A6wehfGHgEe5kZRgNUHT30tFuNU>
Subject: Re: [lamps] Which PQC KEMs can be used for composite encryption?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2021 13:58:33 -0000

> So my question is: Do we know any PQC KEM that can be used with this 
> mode?

I think we agree that we want something that can be used with any reasonable encryption or KEM primitive (even ones that haven't been invented yet), hence the requirement that this draft places on KEMs is too restrictive (even ignoring the valid points that Leonie brings up).

One obvious modification we could place on the draft is to send the output of any KEMs through a KDF.  Actually, sending everything through a KEM would mean that, even if only public key encryption algorithms are used, neither side could set the CEK to an arbitrary value.  The implicit API in the Generation Procedure doesn't support that (it assumes the CEK comes from the caller, that is, someone selects the value) - would it be an issue to change that?

Of course, the problem with specifying a KEM (apart from the added complexity) is that both sides need to agree on it.  One approach would be to have the public key contain a list of KDFs that the decryptor supports, and have the ciphertext include the KDF that the encryptor used.

Would this be a reasonable (if somewhat radical) change to the draft?