Hi folks, I would like to address the following issue created by Hannes: https://github.com/cose-wg/HPKE/issues/25
Previously, I made a post as follows: At the very least, until now, I believed that the info value for HPKE > should be an empty string. The reason is that HPKE interface used in COSE > is essentially the Single-shot API, and a single HPKE encryption context is > not used across multiple encryption/decryption processes. In other words, > aad alone is sufficient. As I mentioned before, RFC9180 Section 8.1 also > says "Implementations which only expose single-shot APIs should not allow > applications to use both Setup info and Context aad or exporter_context > auxiliary information parameters". I will also give it some more > consideration though. Whether it is a Single-shot API or not is not important. What is important is that in COSE-HPKE, there is always only one encryption/decryption process performed on a single encryption context. This fact does not change whether or not the Single-Shot API is used. Therefore, there is absolutely no benefit in using both "info" and "aad" simultaneously. Using both does not improve security, so it's sufficient to use just one of them. That's why I argued that "info" should be an empty string, but honestly, I'm not very confident that this argument is correct. I would like to hear the opinions of Ilari, Laurence and others as well. Best, AJITOMI Daisuke
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
