On Mon, Oct 30, 2023 at 05:37:11AM +0000, lgl island-resort.com wrote: > > On Oct 29, 2023, at 4:42 AM, Ilari Liusvaara > <[email protected]<mailto:[email protected]>> wrote: > > On Tue, Oct 24, 2023 at 05:53:52PM +0000, lgl > island-resort.com<http://island-resort.com> wrote: > > > I think the only mysterious part of Enc_structure is reachability of > > all the possible contexts. It turns out all are reachable, but I can't > > come up with anything sane that would use "Rec_Recipient". > > I think something like Appendix B in RFC 9052 might use “Rec_Recipient”, > but yes, it’s use is rare.
I don't think those kinds of constructs would use "Rec_Recipient". That would mean AEAD at layer 2+. Why not just place the thing at layer 1 instead? > And with Context Information Structure, that seems ripe for misuse > (especially the PartyU/PartyV stuff). > > Somehow the protected headers in a COSE_Recpient must be protected. > > For ECDH (alg ID -29), for better or worse that is done via Context > Information Structure. There are also other very important fields, e.g., next algorithm and salt. Both actually block attacks. But some fields look like footguns. > Looking closer, it seems that COSE-HPKE 07 has a problem here. It > doesn’t see how the protected headers in the COSE_Recipient are > protected. I’ve filed a PR<https://github.com/cose-wg/HPKE/issues/44> > against it. That looks like editing error to me. Removing some stuff that should be redundant, but failing to move other stuff that should be moved. > COSE-HPKE could use an Enc_structure of type “Enc_Recipient”. I think > that’s what we were doing before 07. It is probably the simplest, > but it doesn’t afford all the stuff in Context Information Structure, > but you could maybe put some of that into Enc_structure by putting > equivalent fields in newly defined protected headers. It must use Enc_structure/Enc_Recipient. Using CIS does not work. > Since COSE-HPKE 07 got this wrong, it seems messy enough discuss to me. Getting CIS wrong has been there since -03. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
