On Tue, Apr 18, 2023 at 12:06:44AM +0900, AJITOMI Daisuke wrote:
> ... at least, the definitions of the "alg" value (HPKE-v1-{Base, Auth,
> PSK, AuthPSK}) included in the COSE-HPKE specification and my draft were
> proposed by Laurence (I like this idea), so I believe that Laurence
> supports the current COSE-HPKE. Also, the definitions of the "alg" value
> are also an important part of my draft. Therefore, with Laurence's consent,
> we have added him as a co-author in the latest draft. Of course, I don't
> think Laurence fully agrees with my current draft.
Stating what I think would be technically necressary for adding Auth,
PSK and AuthPSK modes:
- Specify that the sender key for Auth/AuthPSK is transmitted using the
"static key" parameter.
(The issue that prevented using "ephemeral key" for HPKE does not
appear here.)
- Specify a new header parameter (bstr) to carry the PSK identifier for
PSK/AuthPSK modes.
However, the big unknown are the security considerations necressary for
using Auth mode. For example, it is known that using Auth mode in
multi-recipient message will lead to a possibility of attack. But what
else is there?
-Ilari
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
