On Wed, Jun 07, 2023 at 03:55:40PM +0000, lgl island-resort.com wrote: > I don’t think this is about what RFC 9052 requires or doesn’t require. > I think this about making sure COSE-HPKE is properly secure. I think > we want to be sure COSE-HPKE addresses all the stuff in NIST SP800-56A > because it is a reputable publication and because COSE, JOSE and > others consider it. > > Even if RFC 9052 was clear here (which I don’t think it is), we > should do the analysis to be sure COSE-HPKE is secure. That’s our job. > > To that end I’ve tried to see how all the items in COSE_KDF_Context > apply to COSE-HPKE. I think those are the arguments that matter.
I just did go through all the subfields. I think every one of those is either redundant, explicitly non-generic or trivially broken in generic context. And the current specification does allow applications that need KDF context for something to use it (hopefully in a way that is not trivially broken!). There could be a list of fields from COSE_KDF_Context which applications might consider (The PartyU fields, the PartyV fields, other and suppPrivInfo). This is not interop problem beyond RFC 9053, because RFC 9053 does already let applications use COSE_KDF_Context in ways that have no hope of any interop. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
