Thank you for this additional context about IANA and JOSE. I find it very helpful.
________________________________ From: COSE <[email protected]> on behalf of Zundel, Brent <[email protected]> Sent: Thursday, October 27, 2022 8:43:46 AM To: [email protected] Subject: RE: [EXTERNAL][COSE] COSE Support for AES-CTR and AES-CBC CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Having only recently become aware of this thread, I apologize for the lateness of this, but feel compelled to share my concerns as well. While it is true that AES-CTR and AES-CBC have been included in RFCs for years, I would like to direct the attention of folks to the IANA registry for JOSE, where AES-CBC and AES-CTR are marked as 'Prohibited' for JOSE Implementations. I don't understand going to the effort of defining AES-CTR and AES-CBC for CBOR when these modes are already recognized elsewhere as bad enough to prohibit. -- Brent Zundel Principle Crypto Engineer - Avast
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
