Rob: > >>> (3) p 6, sec 5.2. AES-CBC COSE Algoritm Identifiers >>> >>> The following table defines the COSE AES-CBC algorithm values. Note >>> that these algorithms are being registered as "Deprecated" to avoid >>> accidental use without a companion integrity protection mechanism. >>> >> +=========+=======+==========+========================+========= >> ====+ >>> | Name | Value | Key Size | Description | Recommended | >>> >> +=========+=======+==========+========================+========= >> ====+ >>> | A128CBC | TBD4 | 128 | AES-CBC w/ | Deprecated | >>> | | | | 128-bit key | | >>> +---------+-------+----------+------------------------+-------------+ >>> | A192CBC | TBD5 | 192 | AES-CBC w/ | Deprecated | >>> | | | | 192-bit key | | >>> +---------+-------+----------+------------------------+-------------+ >>> | A256CBC | TBD6 | 256 | AES-CBC w/ | Deprecated | >>> | | | | 256-bit key | | >>> +---------+-------+----------+------------------------+-------------+ >>> >>> I wanted to check that "Deprecated" is really the best choice for >> "Recommended" >>> for both AES-CTR and AES-CBC. I read 'deprecated' as meaning that other >> COSE >>> algorithms should be used in preference to these, but it wasn't clear that >>> is >>> the intent here. I note that this column contains some entries with a value >>> such as "Filter Only", hence wondering it these should be labelled as >>> "Confidentiality only", perhaps with the description indicating that >> integrity >>> must be handled separately? >> >> This was the consensus of the COSE WG since these algorithms do not >> provide both confidentiality and integrity. > [Rob Wilton (rwilton)] > > Presumably these aren't currently used (because they don't have a value > assigned), and if users should always use a different protocol in preference > (because these are marked as deprecated), then I'm struggling to understand > why we are publishing this at all? Or in summary, I think that the calling > them deprecated may cause confusion.
I think the text above the table provides the explanation. Repeating it: The following table defines the COSE AES-CTR algorithm values. Note that these algorithms are being registered as "Deprecated" to avoid accidental use without a companion integrity protection mechanism. The COSE WG felt that "Not Recommendd" was not strong enough. Russ
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
