On Mon, Feb 27, 2023 at 09:55:02AM -0800, [email protected] wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This Internet-Draft is a work item of the CBOR Object Signing and Encryption > WG of the IETF. > > Title : Use of Hybrid Public-Key Encryption (HPKE) with > CBOR Object Signing and Encryption (COSE) > Authors : Hannes Tschofenig > Brendan Moran > Filename : draft-ietf-cose-hpke-03.txt > Pages : 14 > Date : 2023-02-27
I think this version has contradictionary requirements (at least unless overridden by application profile): 1) Alg parameter MUST be in protected header. 2) AAD is optional, so this is AE algorithm. 3) RFC 9052 requires AE encryption to fail if there is protected header. So the encryption would always fail. I think the way to fix this would be to specify that value of aad input is enc_structure, making this an AEAD algorithm. (One could also include a note that the context is "Encrypt0" for the single-layer structure, and "Enc_Recipient" for the two layer one.) Then section 3.4 suggests using COSE_KDF_Context for info input. What is one supposed to fill in the SuppPubInfo.keyDataLength field? There does not seem to be any coherent way to do this (e.g., for AEAD 1, the value would seem to be equal to both 12 and 16, which is of course impossible). -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
