On Tue, Jul 29, 2025 at 05:50:04PM +0530, tirumal reddy wrote: > On Mon, 28 Jul 2025 at 21:44, Filip Skokan <[email protected]> wrote: > > we can also define a new key type for KEMs, for instance > > { > "kty": "KEM", > "kem": "ML-KEM-512", > "pub": "...", > "priv": "...", > "alg": "ML-KEM-512+AES128KW" // optional > } > > This approach is similar to AKP but with a key difference, the "alg" > parameter is optional, offering more flexibility. At this point, it seems > the two viable paths are to either use "AKP" or define a new key type for > KEMs.
That is isomorphic to OKP, and there is no precedent for isomorphic key types in JOSE or COSE (some are close, but not quite isomorphic). And I don't see using AKP is feasible unless Direct Key Agreement is dropped. HPKE does not have this problem because dual-use alg values. Furthermore, using Direct Key Agreement or Key Agreement with Key wrapping in JOSE compact encoding causes unavoidable double encoding of the KEM key (which is the large part). The simplest way to make the Key Agreement with Key Wrapping modes be Key Encryption instead is to just mash together the KEM ciphertext and key wrap output in JWE Encrypted Key / COSE layer ciphertext. Would not qualify as any of the present COSE modes, but as it does not invoke any priviledged behavior, that is not an spec issue. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
