> On Jun 4, 2023, at 12:12 AM, AJITOMI Daisuke <[email protected]> wrote: > > Hi Laurence, Ilari, > > > My proposal is to fully replace the Enc_structure with COSE_KDF_Context in > > COSE-HPKE. I am not proposing double protection. > > ... > > Given that there's no need to use it, it's not required by the core spec, and > there's the issue, as Ilari has repeatedly pointed out, of not being able to > input a meaningful value into SuppPubInfo.keyDataLength,
For multiple recipient COSE-HPKE, it IS It is possible to put a meaningful value in for both COSE_KDF_Context. AlgorithmID and COSE_KDF_Context.SuppPubInfo.keyDataLength. Single recipient COSE-HPKE is kind of a degenerate case for this. It doesn’t need these values because it is all handled internally, so we can just put none/0. Ironically, it is the COSE standard COSE_Recipient alg -29 in RFC 9053 that has the problem mixing in the content encryption algorithm because AES Key Wrap is not an AEAD and in the way. LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
