On Thu, 3 Jul 2025 at 18:43, Ilari Liusvaara <[email protected]> wrote:
> On Thu, Jul 03, 2025 at 12:33:40PM +0530, tirumal reddy wrote: > > Thanks for the detailed feedback. I raised a PR > > https://github.com/tireddy2/PQC_JOSE_COSE/pull/11 to address your > comments, > > please have a look. > > AKP can not be used with Direct Key Agreement algorithms in JOSE due to > causing serious operational issues with no workarounds. In COSE, there > are workarounds, but using AKP with DKA still causes operational issues. > > The correct kty for ML-KEM keys in COSE and JOSE is OKP (yes, it looks a > bit odd). > Please elaborate on the operational issues to use AKP. > > > Then the KDF seems to be busted, as it does not seem to mix in the > context information. While many fields of standard COSE/JOSE context > info are useless (especially the PartyU/PartyV ones), there are still > some critical ones. > > Specifically, for COSE, AlgorithmID, keyDataLength and protected > are critical. For JOSE, AlgorithmID and SuppPubInfo are critical. > Then, the private context info goes to SuppPrivInfo. > I don't see any of those fields used in JOSE/COSE HPKE drafts (other than SuppPrivInfo). Cheers, -Tiru > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
