On 5 Dec 2024, at 20:15, Michael Jones <[email protected]> wrote:
>
> Please see the discussion in the issue
> https://github.com/ietf-wg-jose/draft-ietf-jose-hpke-encrypt/issues/8
> (Algorithm identifiers like HPKE-P256-SHA256-A128GCM are overly verbose) and
> add your thoughts there.
>
Given that one of the primary motivators of HPKE is use of post-quantum KEMs,
I’d have thought the length of the algorithm identifiers was the least of the
size issues. Even the smallest ML-KEM ciphertexts are over 1KB when
base64-encoded. A few bytes for an algorithm identifier seems neither here nor
there.
— Neil
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
