On 2022-11-01, at 16:39, Russ Housley <[email protected]> wrote: > > I'm trying to see how the recipient would find this helpful. It is just > another value that would need to be adjusted by the attacker to mount the > attacks that Sophie is sharing.
A naive recipient would benefit from not mistaking the COSE items to be authenticated encryption. All other attacks might remain possible, but would contain the big flag that they use unauthenticated encryption. (So this may be not a strict security improvement, but only an improvement of "security in the presence of implementers".) Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
