On Oct 29, 2023, at 4:42 AM, Ilari Liusvaara <[email protected]<mailto:[email protected]>> wrote:
On Tue, Oct 24, 2023 at 05:53:52PM +0000, lgl island-resort.com<http://island-resort.com> wrote: The most confusing part of COSE, IMO, is the Context Information Structure and Enc_structure. We should address that confusion in this guidance document. This relates to recent discussion with Orie in the COSE-HPKE document. I think the only mysterious part of Enc_structure is reachability of all the possible contexts. It turns out all are reachable, but I can't come up with anything sane that would use "Rec_Recipient". I think something like Appendix B in RFC 9052 might use “Rec_Recipient”, but yes, it’s use is rare. And with Context Information Structure, that seems ripe for misuse (especially the PartyU/PartyV stuff). Somehow the protected headers in a COSE_Recpient must be protected. For ECDH (alg ID -29), for better or worse that is done via Context Information Structure. Looking closer, it seems that COSE-HPKE 07 has a problem here. It doesn’t see how the protected headers in the COSE_Recipient are protected. I’ve filed a PR<https://github.com/cose-wg/HPKE/issues/44> against it. COSE-HPKE could use an Enc_structure of type “Enc_Recipient”. I think that’s what we were doing before 07. It is probably the simplest, but it doesn’t afford all the stuff in Context Information Structure, but you could maybe put some of that into Enc_structure by putting equivalent fields in newly defined protected headers . Since COSE-HPKE 07 got this wrong, it seems messy enough discuss to me. As for what I think is the most confusing part: IV generation. Can that mechanism be used with direct ECDH? IV generation is only documented for direct key with KDF, but the mechanism would work with direct ECDH. The definition is very terse too. Haven’t looked at this one. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
