On Fri, Oct 17, 2025 at 06:13:34PM +0000, John Gray wrote: > From: Ilari Liusvaara <[email protected]> > > Then another problem is that the LAMPS draft uses ASN.1 for RSA and > > ECDSA, which greatly increases the complexity of encoding (I did > > implement that stuff for a test, and the difference against custom > > formats was just wild). > > The LAMPS draft uses existing encodings of RSA and ECDSA. Why would > we need or want to invent a new encoding of RSA and ECDSA when every > cryptographic library already supports them.
The one I am using (for those two) does not (no, I did not write it). :-) And for ECDSA, IEEE is pretty standard format, and already used by both COSE and JOSE. :-) > Then people would complain that they had to re-encode the keys into > existing encodings so they would be acceptable to their cryptographic > libraries. I think almost all libraries (also) have interfaces that take decomposed things. And if not, re-encoding is much easier and safer than parsing (e.g., size the buffers for the adversarial worst case). > > I think that the current state of post-quantum signatures is so bad > > that very few are going to use those without either some compliance > > requirements or an imminent CRQC. And I do not think any compliance > > regime is going to require hybrids (and hybrids will not improve > > matters against imminent CRQC). > > We already need to use them and have customers asking us for them. I think most of that is due to compliance requirements. And the way things work, "2035" might very much mean fire today. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
