The IESG has approved the following document: - 'CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC' (draft-ietf-cose-aes-ctr-and-cbc-06.txt) as Proposed Standard
This document is the product of the CBOR Object Signing and Encryption Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-aes-ctr-and-cbc/ Technical Summary This document specifies the conventions for using AES-CTR and AES-CBC as Content Encryption algorithms with the CBOR Object Signing and Encryption (COSE) [RFC9052] syntax. Encryption with COSE today uses Authenticated Encryption with Associated Data (AEAD) [RFC5116] algorithms, which provide both confidentiality and integrity protection. However, there are situations where another mechanism, such as a digital signature, is used to provide integrity. In these cases, an AEAD algorithm is not needed. The software manifest being defined by the IETF SUIT WG [I-D.ietf-suit-manifest] is one example where a digital signature is always present. Working Group Summary Once explained, the WG reached broad concensus for this use of unauthenticated encryption algorithms (easier to use for signed firmware images) Document Quality The document is short and clear. Personnel The Document Shepherd for this document is Michael B. Jones. The Responsible Area Director is Paul Wouters. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
