[jose] Re: FW: New Version Notification for draft-reddy-cose-jose-pqc-hybrid-hpke-10.txt

Thu, 19 Feb 2026 02:09:06 -0800

I think it’s mostly fine. Some questions though:

* Why support non-hybrids at all?
* Why support ML-KEM-512 at all? Especially non-hybrid. 
* Why support P-256 at all? X25519 is a better choice, and P-384 is there for anyone still hampered by an irrational government. 

I’m also raising my eyebrows a bit at the ChaPoly variants. The usual rationale for ChaPoly over AES is that it’s fast and timing-channel-resistant on hardware that lacks AES acceleration. But are people really going to be running PQ hybrids on such low end hardware? That’s a huge code size to be pulling in at the least, not to mention memory pressure and energy draw. I’ll defer to the COSE people here on what’s likely in this space, but it feels a bit like filler rather than something that meets a genuine need. 

Re: P-521, I think the main reason no one uses it is because it is incredibly slow. 

Neil 

On 19 Feb 2026, at 08:54, tirumal reddy <[email protected]> wrote:


A new section has been added to the draft to justify the combination of PQC-only and PQ/T hybrid KEMs with specific KDF and AEAD algorithms, https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-hybrid-hpke-11.html#section-7.  Please take a look and share any feedback, especially if there are concerns regarding the justification of particular KEM/KDF/AEAD pairings.

Cheers,
-Tiru

On Thu, 12 Feb 2026 at 19:54, tirumal reddy <[email protected]> wrote:
Hi,

We have updated the draft "Post-Quantum and Hybrid KEMs for HPKE with JOSE and COSE" https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-hybrid-hpke/ to version 10.  As many of you recall, this draft has been presented multiple times in both COSE/JOSE WGs. While there was general interest, the WG adoption of this draft was previously postponed to allow for the completion COSE-HPKE and JOSE-HPKE specifications.

With those base documents now mature, we have updated this draft to ensure alignment with, JOSE/COSE HPKE and HPKE PQ specs.

Further, comments and suggestions are welcome.

we also request the Chairs to initiate a second WG adoption call for this draft.

Best Regards,
-Tiru

-----Original Message-----
From: [email protected] <[email protected]>
Sent: Wednesday, February 11, 2026 6:04 PM
To: K Tirumaleswar Reddy (Nokia) <[email protected]>; Hannes Tschofenig <[email protected]>; Hannes Tschofenig <[email protected]>; K Tirumaleswar Reddy (Nokia) <[email protected]>
Subject: New Version Notification for draft-reddy-cose-jose-pqc-hybrid-hpke-10.txt


CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.



A new version of Internet-Draft draft-reddy-cose-jose-pqc-hybrid-hpke-10.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:     draft-reddy-cose-jose-pqc-hybrid-hpke
Revision: 10
Title:    Post-Quantum and Hybrid KEMs for HPKE with JOSE and COSE
Date:     2026-02-11
Group:    Individual Submission
Pages:    21
URL:      https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-hybrid-hpke-10.txt
Status:   https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-hybrid-hpke/
HTML:     https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-hybrid-hpke-10.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-reddy-cose-jose-pqc-hybrid-hpke
Diff:     https://author-tools.ietf.org/iddiff?url2=draft-reddy-cose-jose-pqc-hybrid-hpke-10

Abstract:

   This document specifies the use of Post-Quantum (PQ) and Post-
   Quantum/Traditional (PQ/T) Hybrid Key Encapsulation Mechanisms (KEMs)
   within the Hybrid Public Key Encryption (HPKE) for JOSE and COSE.  It
   defines algorithm identifiers and key formats to support pure post-
   quantum algorithms (ML-KEM) and their PQ/T hybrid combinations.



The IETF Secretariat


_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to