The following errata report has been submitted for RFC8152, "CBOR Object Signing and Encryption (COSE)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6597 -------------------------------------- Type: Technical Reported by: Anders Rundgren <[email protected]> Section: 12.5.1. Original Text ------------- The RFC is unclear to whether Concat KDF or HKDF is to be used: In table 20 there is an entry: ECDH-ES + -31 | HKDF - | yes | A256KW | ECDH ES w/ | | A256KW | | SHA-256 | | | Concat KDF | | | | | | | and AES Key | | | | | | | Wrap w/ | | | | | | | 256-bit key That is, the table talks both about Concat and HKDF. The IANA registry for this algorithm says Concat KDF Jim's sample code for algorithm -31 says HKDF. Corrected Text -------------- I have no corrected text to offer since I don't have the answer to the question raised. Concat is referred to once and without any external references. In JOSE, Concat denotes a NIST standard which is quite different to HKDF. Notes ----- It is pretty vital for interoperability knowing if Concat KDF or HKDF is to be used. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC8152 (draft-ietf-cose-msg-24) -------------------------------------- Title : CBOR Object Signing and Encryption (COSE) Publication Date : July 2017 Author(s) : J. Schaad Category : PROPOSED STANDARD Source : CBOR Object Signing and Encryption Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
