On 12 Oct 2025, at 18:01, Ilari Liusvaara <[email protected]> wrote: > > On Sat, Oct 11, 2025 at 02:08:58PM +0100, Neil Madden wrote: >> >> >>>> On 11 Oct 2025, at 13:24, Ilari Liusvaara <[email protected]> wrote: >>> >>> On Sat, Oct 11, 2025 at 10:29:59AM +0100, Neil Madden wrote: >>>> https://neilmadden.blog/2018/09/30/key-driven-cryptographic-agility/ >>> >>> AKP is incompatible with key driven cryptographic agility. >>> >>> The idea of key driven cryptographic agility is to specify some >>> cryptographic service (e.g., signature, mac, KEM) at protocol level and >>> then have key specify how exactly that is implemented. And since this >>> is polymorphic by definition, KDCA is also incompatible with fully >>> specified algorithms. >> >> None of these things is true. > > More fundamental issue is that the closest approximation JOSE has to > KDCA is polymorphic algorithms (and folks seem to dislike those). And > even that would not do in this case.
That is entirely orthogonal. KDCA just means alg on key, not on message. (Or for JOSE, on both but you trust the one on the key). The particular strings you use for alg is another matter. (Of course, if you already have structured key metadata you don’t need to try and cram everything into a single identifier, so KDCA obviates the need for “fully-specified” algorithms. But nothing about it is incompatible with them). — Neil _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
