On Tue, Mar 08, 2022 at 09:07:30AM -0500, Mike Prorock wrote: > Mike Jones, et al., > I would like to request 10 minutes of agenda time to discuss a new > cose-related draft that we are working on to provide support for post > quantum signature schemes with JOSE and COSE. > > The draft is here: > https://datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/
Some quick feedback: Looking at the draft, why it is not using OKP key type? AFAIK, All of Dilithium, Falcon and SPHINCS+ already use byte strings for keys with good encoding. Any sort of re-encoding would massively increase complexity for likely negative gain. And there are only a few parameter sets (IIRC, 3 for Dilithium, 2 for Falcon and 6 for SPHINCS+), so folding these to the (misnamed) crv parameter should nto be difficult. And with regards to using one or different values of alg (differentiated by key), that is more complicated question. IIRC FIDO incorrectly assumes that alg values do not get reused, which causes problems with EdDSA which does reuse alg values (Ed25519 and Ed448 both use alg=-8 in COSE). On the other side, not reusing algorithm opens possibility for key-algorithm mismatches, which caused an infamous vulernabities in JOSE. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
