Hi all, We have another request for COSE algorithm assignment that doesn't fit into the existing scheme. FIDO alliance wants to register encryption only (not authenticated encryption) algorithms.
As far as I can see, the intent is to achieve authenticated encryption but with the use of separate legacy encryption algorithms together with already registered MAC algorithms. The specification seem to focus on encrypt-then-mac with an example of a COSE_Encrypt0 wrapped in a COSE_Mac0, but mac-then-encrypt is also mentioned. There are no security considerations about either in the specification. Previously, there was a similar request to register legacy algorithm from FIDO alliance resulting in the allocation of code points for secp256k1 and certain RSA algorithms for COSE together with the accompanying RFC 8812 specifying how to use COSE with these algorithms including security considerations. Considering the known issues with separate encryption and MAC, should we for the same reason request an analogous IETF specification also in this case? Göran _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
