In the -06 draft, its seems the following is true: - The “aad" input to Seal() is always a standard Enc_structure as defined by RFC 9052 for both single and multiple recipient COSE-HPKE - The “info” input to Seal() is optional and can be anything - - Because HPKE allows info to be anything - - Probably you should just pass a string naming your app/use case like "Xxxx Firmware Encryption" - - If you really are into COSE_KDF_Context from RFC 9053, then you can pass it as the info parameter
There’s redundant coverage of the protected headers when you use COSE_KDF_Context, but that’s probably OK. I don’t think many people will use COSE_KDF_Context. This seems OK to me, but thought we should be explicitly clear about that here on the list. LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
