Hi Russ, I don’t want to argue about what is the criteria for being minimal concerns, but the thing is there are concerns 😊, hence I thought it might have been better to have MUST NOT clause there as well. However, I will believe what the experts says on this.
Thanks. //Zahed On 2023-05-18, 16:39, "Russ Housley" <[email protected]> wrote: Dear Zaheduzzaman Sarker: > I don't have any transport related comments or issues. However, I was > expecting > a "MUST NOT" in section 5 regarding same IV usage more than once as it says in > section 4. The consequences of IV reuse are grave with AES-CTR, but there are minimal concerns with AES-CBC. Withe AES-CTR, the IV is generated in a manner that ensure no repeats, like a counter. With AES-CBC, just generate a random IV but do not bother checking if that value has already been used. Russ
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
