On Mon, Sep 26, 2022 at 07:33:49AM +0000, Hannes Tschofenig wrote: > Hi Daisuke, > > With your proposal and Ilari’s proposal there are two ways to encode > public keys in COSE libraries. This adds complexity. Complexity > leads to security problems. > > Here is my question to you: How do you deal with this added > complexity? (FWIW this is not something you mention in your comparison > table.)
The way my test implenetation dealt with that complexity is by strictly treating one as compression of the other. Once uncompressed, there was no difference between the two. As consequence, if message to P-256 long-term public key had EC2/P521 ephermeral key, the implementation would happily uncompress the key and then call into HPKE code (which then vomits with ek length incorrect). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
