While I don’t have any personal use case for it, it sounds like a good idea and I’d add it to t_cose my COSE library in C.
LL > On Feb 17, 2023, at 8:24 AM, Sipos, Brian J. <[email protected]> wrote: > > Hello, > While looking into COSE for a user-facing application, where key management > would be more ad-hoc than machine-to-machine uses, I haven’t noticed any > existing algorithm code points for or discussion of use cases of > password-based key derivation functions (of any type). > > The “direct+…” algorithms (values -13 to -10) use KDFs but are based on a > shared key assumed to already have the proper size and entropic properties. > The recommended technique of NIST SP 800-132 and RFC 8018 is the PBKDF2 > algorithm, which has drawbacks but at least it is a known quantity and seems > to be widely implemented in libraries. Adding this algorithm would enable > COSE to have an equivalent capability to other existing tools (e.g. “openssl > enc -pbkdf2 -pass ...”). > > Is there any wider interest in adding a PBKDF2 code point to the COSE > algorithm registry (along with necessary parameters)? > > Thanks much, > Brian S. > _______________________________________________ > COSE mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/cose > <https://www.ietf.org/mailman/listinfo/cose>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
