Introducing AES-CTR and/or AES-CBC into COSE tokens that already support 
AES-GCM will open the GCM implementations to new security issues. Namely, 
potential padding oracle vulnerabilities.

At minimum, the Security Considerations section of 
draft-ietf-cose-aes-ctr-and-cbc-01 needs to call this risk out: Applications 
that encrypt or decrypt with AES-GCM *MUST NOT* support AES-GCM or AES-CTR with 
the same cryptographic materials, due to the existence of cross-protocol 
issues. One way to safeguard users from potential misuse is to use a separate 
"type" for keys used with unauthenticated encryption modes; similar to how COSE 
distinguishes MACs from Signatures.

Additionally, I'd like to recommend sharing this draft with the CFRG mailing 
list to ensure it has the appropriate level of oversight from the IETF's 
cryptography experts.

________________________________
From: COSE <[email protected]> on behalf of Russ Housley 
<[email protected]>
Sent: Tuesday, October 25, 2022 9:40:08 AM
To: [email protected]
Subject: [EXTERNAL] [COSE] COSE Support for AES-CTR and AES-CBC


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you can confirm the sender and know the 
content is safe.


After draft-ietf-cose-aes-ctr-and-cbc-00 was posted, we got a few very good 
comments from Ilari.  Those were addressed in -01.  I am unaware of any open 
issues, so I think this document is ready for WG Last Call.

Russ


On Oct 11, 2022, at 12:42 PM, Mike Jones 
<[email protected]<mailto:[email protected]>>
 wrote:

Support was expressed for adoption of this draft by multiple parties and no 
opposition was expressed.  The draft is hereby adopted.

Authors, please submit a -00 working group draft based on the current 
individual draft.

                                         -- Mike (for the COSE chairs)

From: Mike Jones
Sent: Thursday, September 22, 2022 10:20 AM
To: [email protected]<mailto:[email protected]>
Cc: [email protected]<mailto:[email protected]>
Subject: Call for adoption of CBOR Object Signing and Encryption (COSE): 
AES-CTR and AES-CBC

This note starts a two-week call for adoption of 
https://datatracker.ietf.org/doc/html/draft-housley-cose-aes-ctr-and-cbc-00 – 
ending on Thursday, October 6th.

Please reply either expressing support for adoption or stating your objections.

                                                       Thank you,
                                         -- Mike (COSE co-chair)

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to