Hi Hannes, The thumbprint for symmetric key is useful for two scenarios in constrained nodes:
It allows us to verify that the correct key is present on a device in order to verify a COSE_MAC0 or COSE_MAC. This is important because rotation of symmetric keys could cause multiple keys to exist with the same identifier. This allows more granular detection of the source of an authentication failure. It allows us to verify that a decryption key is correct before performing decryption. This is important in a streaming decryption scenario where the result of decryption will be directly written to NVM, where retry costs are high. It is better to detect a key anomaly early. In short, I believe it could be used for the key check value that we originally had in the suit-firmware-encryption draft. Best Regards, Brendan From: Tschofenig, Hannes <[email protected]> Date: Friday, 28 July 2023 at 00:54 To: Brendan Moran <[email protected]>, [email protected] <[email protected]> Cc: cose <[email protected]> Subject: draft-ietf-cose-key-thumbprint-00.txt We have submitted the -00 version of the COSE Key Thumbprint draft. At the meeting John and Brendan raised two additional requirements, namely * Support for thumbprints of symmetric keys, * Support for thumbprints of CWT Claims Sets and CBOR Web Tokens Due to lack of time at the COSE session it was not possible to go into the details about those two requirements. @John+@Brendan: Could you give us more context? Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
