[jose] Re: [COSE] WGLC: draft-ietf-cose-sphincs-plus-07 (Ends 2026-04-14)

[Neil Madden]

I agree with Filip. Ideally there would be test vectors for every algorithm registered, although that would be quite large given the size of the signatures involved.  Regarding the size, the smallest parameter set produces JOSE signatures of over 10KB in size, after base64url-encoding. So they are probably only going to have niche usage in the JOSE ecosystem, but it’s harmless to register them. Also, SLH-DSA public keys are quite small so there may be value in using them in JWKs independently, to bootstrap another protocol.  — Neil On 3 Apr 2026, at 13:56, Filip Skokan <panva...@gmail.com> wrote:  Furthermore, if you intend to keep JOSE in then please update the JOSE examples appendix section with actual working vectors. The existing "example" leaves a lot to be desired. S pozdravem, Filip Skokan On Fri, 3 Apr 2026 at 14:40, Filip Skokan <panva...@gmail.com> wrote: Since this draft registers JOSE algorithms and defines JWK representations it would be prudent to send its WGLC notice there as well. cc @JOSE WG  I appreciate the algorithm set is kept at a minimum. But I still don't see these as general purpose algorithms that we necessarily "need" to have in JOSE (unlike ML-DSA/FN-DSA). I'll bite tho and say that it doesn't hurt to have them registered as backup given the novelty and some small uncertainty surrounding the other PQC algs in general. That being said I would welcome it if the draft did mention something along those lines, these algorithms are either targeting a niche purpose or serve as backup, the former is more likely. General purpose JOSE libraries shouldn't bother implementing these. I for one certainly won't, being mindful of the library footprint. Also none of the Web Cryptography API implementers currently plan to support them despite being included in the API's Modern Algorithms extension. Speaking of which, the Web Cryptography extension will register all remaining SLH-DSA parameter sets in JOSE IANA for JWK representation purposes only (Algorithm Usage Location(s): "JWK"). It currently lists the ones from this draft too but that's merely because at some point it was uncertain whether this is going to move forward or not. I will update the extension proposal accordingly depending on what gets published in this draft. S pozdravem, Filip Skokan On Tue, 24 Mar 2026 at 18:58, Ivaylo Petrov <ivaylopetrov=40google....@dmarc.ietf.org> wrote: Dear COSE WG members, As discussed during IETF 125, this message starts a WG Last Call (WGLC) for: https://datatracker.ietf.org/doc/draft-ietf-cose-sphincs-plus/ Please review and indicate your support or objection to proceeding with the publication of this document by replying to this email keeping c...@ietf.org in copy. Please provide rationale for support and explanations or suggestions for objections. This Working Group Last Call ends on 2026-04-14                                                             Thank you,                                                             -- Mike and Ivo                                                             COSE co-chairs Please note: Authors, and WG participants in general, are reminded of the Intellectual Property Rights (IPR) disclosure obligations described in BCP 79 [1]. Appropriate IPR disclosures required for full conformance with the provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions available for application to violators of IETF IPR Policy can be found at [3]. [1] https://datatracker.ietf.org/doc/bcp78/ [2] https://datatracker.ietf.org/doc/bcp79/ [3] https://datatracker.ietf.org/doc/rfc6701/ _______________________________________________ COSE mailing list -- c...@ietf.org To unsubscribe send an email to cose-le...@ietf.org _______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org

_______________________________________________
jose mailing list -- jose@ietf.org
To unsubscribe send an email to jose-le...@ietf.org