On Fri, Nov 11, 2022 at 12:53:51PM +0000, Laurence Lundblade wrote:
>
> I mentioned two algorithm IDs (in red in the example below), not two
> layers of encryption.
>
> From reading the PR#9 more carefully I see that you put HPKE as the
> algorithm ID in both the body header and recipient headers. This kind
> of bypasses the COSE design intent as I understand it. Don’t have a
> comment on that yet.
>
> So I do think there are two algorithm IDs in the example, but maybe
> you can say there is just one in HPKE because both instances are the
> same in HPKE.
Since HPKE internally combines asymmetric and symmetric encryption,
essentially those two algorithms collapse into sub-algorithms of HPKE,
with HPKE becoming the main algorithm.
I think it is simpler that way (and is more compact too), albeit this
makes HPKE a new kind of thing, instead of instance of existing mode.
While operating HPKE like ECDH-ES+KDF would allow using COSE key
wrapping algorithms not in HPKE, that does not seem that useful, as
key wrapping algorithms are not good for bulk encryption (but bulk
ciphers are decent at key wrapping using a decent KDF), and HPKE
does have the most important bulk ciphers.
> 96(
> [
> / protected h'a10101' / << {
> / alg / 1:1 / AES-GCM 128 /
> } >>,
> / unprotected / {
> / iv / 5:h'c9cf4df2fe6c632bf7886413'
> },
> / ciphertext / h'7adbe2709ca818fb415f1e5df66f4e1a51053ba6d65a1a0
> c52a357da7a644b8070a151b0',
> / recipients / [
> [
> / protected h'a1013818' / << {
> / alg / 1:-25 / ECDH-ES + HKDF-256 /
> } >>,
> / unprotected / {
> / ephemeral / -1:{
> / kty / 1:2,
> / crv / -1:1,
> / x / -2:h'98f50a4ff6c05861c8860d13a638ea56c3f5ad7590bbf
> bf054e1c7b4d91d6280',
> / y / -3:true
> },
> / kid / 4:'[email protected]'
> },
> / ciphertext / h''
> ]
> ]
> ]
> )
-Ilari
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
