Carsten: >> I'm trying to see how the recipient would find this helpful. It is just >> another value that would need to be adjusted by the attacker to mount the >> attacks that Sophie is sharing. > > A naive recipient would benefit from not mistaking the COSE items to be > authenticated encryption. All other attacks might remain possible, but would > contain the big flag that they use unauthenticated encryption. > > (So this may be not a strict security improvement, but only an improvement of > "security in the presence of implementers".)
The Security Considerations is already longer than the rest of the document. And, the specification already says that AES-CTR MUST be used with some other integrity mechanism. In the SUIT environment, the integrity mechanism a digital signature. Russ _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
