I left comments on https://github.com/tireddy2/PQC_JOSE_COSE/pull/19
I will repeat them here for the list. Do not update the definition of AKP. Make a new key type if you want to have keys that have a different set of security properties (such as being explicitly used with multiple algorithms). If you want to go this route, I would lean into the idea that you can't actually enforce any algorithm checking at the key side, and just say that the attacker controlling the algorithm in the message is not a concern for kems. (I don't agree with this, but that's what the argument appears to be to me, please correct me if I am wrong). In JOSE and COSE, the algorithm on security objects is controlled by the attacker. Without requiring the algorithm to be on the key, you will need to "try it out" to see if it works. As soon as you do that, you are doing work for the attacker... The system may still fail closed, but you've already done more work than you needed to. It's easy to make a new key type, if the WG thinks a key type that can explicitly be used with many algorithms is a good thing, make one, that way people will know what they are getting when they see that key type. Regards, OS On Sat, Oct 11, 2025 at 8:09 AM Neil Madden <[email protected]> wrote: > > > > On 11 Oct 2025, at 13:24, Ilari Liusvaara <[email protected]> > wrote: > > > > On Sat, Oct 11, 2025 at 10:29:59AM +0100, Neil Madden wrote: > >> https://neilmadden.blog/2018/09/30/key-driven-cryptographic-agility/ > > > > AKP is incompatible with key driven cryptographic agility. > > > > The idea of key driven cryptographic agility is to specify some > > cryptographic service (e.g., signature, mac, KEM) at protocol level and > > then have key specify how exactly that is implemented. And since this > > is polymorphic by definition, KDCA is also incompatible with fully > > specified algorithms. > > None of these things is true. > > — Neil > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
