Please see the last slide in this presentation from IETF 114: https://datatracker.ietf.org/meeting/114/materials/slides-114-cose-cose-hpke-00
The discussion is also in the minutes, Note that the IANA registration proposed in draft-ietf-cose-aes-ctr-and-cbc for these algorithms are being registered as "Deprecated" to avoid accidental use without a companion integrity protection mechanism. Russ > On Oct 27, 2022, at 11:43 AM, Zundel, Brent > <[email protected]> wrote: > > Having only recently become aware of this thread, I apologize for the > lateness of this, but feel compelled to share my concerns as well. > > While it is true that AES-CTR and AES-CBC have been included in RFCs for > years, I would like to direct the attention of folks to the IANA registry for > JOSE, where AES-CBC and AES-CTR are marked as 'Prohibited' for JOSE > Implementations. > > I don't understand going to the effort of defining AES-CTR and AES-CBC for > CBOR when these modes are already recognized elsewhere as bad enough to > prohibit. > > -- > Brent Zundel > Principle Crypto Engineer - Avast _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
