Hi Laurence,
thanks for the feedback.
Could you say a bit more about the use case you have in mind where
authenticity is not required?
Ciao
Hannes
Am 03.03.2023 um 21:22 schrieb Laurence Lundblade:
The COSE HPKE draft has this security consideration:
The COSE_Encrypt structure MUST be authenticated using COSE
constructs like COSE_Sign, COSE_Sign1, COSE_MAC, or COSE_MAC0.
It is really good this text is there, but I’d like to tweak it a bit:
* Change MUST to SHOULD because there are (theoretically) cases
where authenticity is not needed. Perhaps some comment that most
use cases will need authenticity to defend against forgery attacks
— the attacker is likely to have access to the recipients public
key. (Also prefer to avoid 2119 terms belong in security
considerations).
* Say that the AEAD in HPKE base_mode is not a substitute for the
authenticity provided by COSE_Sign and such.
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
