Laurence, Ilari,
please respond to the primary question before focusing on details. One
step at a time.
Ciao
Hannes
Am 28.02.2023 um 08:41 schrieb Laurence Lundblade:
On Feb 27, 2023, at 12:22 PM, Ilari Liusvaara <[email protected]> wrote:
On Mon, Feb 27, 2023 at 09:55:02AM -0800, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This Internet-Draft is a work item of the CBOR Object Signing and Encryption WG
of the IETF.
Title : Use of Hybrid Public-Key Encryption (HPKE) with CBOR
Object Signing and Encryption (COSE)
Authors : Hannes Tschofenig
Brendan Moran
Filename : draft-ietf-cose-hpke-03.txt
Pages : 14
Date : 2023-02-27
I think this version has contradictionary requirements (at least unless
overridden by application profile):
1) Alg parameter MUST be in protected header.
2) AAD is optional, so this is AE algorithm.
3) RFC 9052 requires AE encryption to fail if there is protected header.
So the encryption would always fail.
I think the way to fix this would be to specify that value of aad input
is enc_structure, making this an AEAD algorithm. (One could also include
a note that the context is "Encrypt0" for the single-layer structure,
and "Enc_Recipient" for the two layer one.)
Yes, this seems right. HPKE Seal is integrated in to COSE where there is
usually an AEAD.
Thus, the AAD argument of HPKE Seal MUST always be the COSE Enc_structure. This
is true for HPKE in COSE_Encryp0 and for HPKE in a COSE_Recipient.
I would also say that the info argument to HPKE Seal MUST always be “”.
The AAD input to COSE is optional as always, but that is different from the AAD
argument to HPKE Seal.
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
