On Jul 31, 2023, at 12:36 PM, Orie Steele
<[email protected]<mailto:[email protected]>> wrote:
Following up on this:
- - COSE_Key has redundant info that has to be cross-checked (key type, curve)
This depends on how it might be used.
Yes, it's possible to pull apart DHKem output into a kty: EC / crv P256
setup... but it's also possible to just treat enc a regular bytes:
{
"kid": "...opaque-dhkem-output",
"alg": "...", // probably not a thing, but just for argument's sake.
"kty": "oct",
"k": "04 + x + y ...."
}
From the HPKE specification, a receiver knows exactly what is in enc and what
to do with it. It knows the alg and curve. It knows which message it is for. It
knows it is to be fed into ECDH. It knows what key ops are allowed for it. All
these characteristics are completely clear and it must not ever be used for
anything else.
There’s no need to provide any additional info or structure. Anything else
provided is redundant and introduces more stuff to decode and new error
conditions to be checked for no gain.
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
