> On Oct 30, 2023, at 2:02 AM, Ilari Liusvaara <[email protected]> wrote: > > On Mon, Oct 30, 2023 at 05:37:11AM +0000, lgl island-resort.com wrote: >> >> On Oct 29, 2023, at 4:42 AM, Ilari Liusvaara >> <[email protected]<mailto:[email protected]>> wrote: >> >> And with Context Information Structure, that seems ripe for misuse >> (especially the PartyU/PartyV stuff). >> >> Somehow the protected headers in a COSE_Recpient must be protected. >> >> For ECDH (alg ID -29), for better or worse that is done via Context >> Information Structure. > > There are also other very important fields, e.g., next algorithm and > salt. Both actually block attacks. But some fields look like footguns. > > >> Looking closer, it seems that COSE-HPKE 07 has a problem here. It >> doesn’t see how the protected headers in the COSE_Recipient are >> protected. I’ve filed a PR<https://github.com/cose-wg/HPKE/issues/44> >> against it. > > That looks like editing error to me. Removing some stuff that should > be redundant, but failing to move other stuff that should be moved. > > >> COSE-HPKE could use an Enc_structure of type “Enc_Recipient”. I think >> that’s what we were doing before 07. It is probably the simplest, >> but it doesn’t afford all the stuff in Context Information Structure, >> but you could maybe put some of that into Enc_structure by putting >> equivalent fields in newly defined protected headers. > > It must use Enc_structure/Enc_Recipient. Using CIS does not work.
Not sure why CIS can’t be used, but let’s assume we’ll use Enc_structure/Enc_Recipient. How are next algorithm and salt included in Enc_structure/Enc_Recipient? You say they are important above. I agree that they are definitely useful and possibly important. Also seems like we want an application context naming string to be included in the key set up context. When CIS is used, we can put that in SuppPubInfo.other. The Enc_structure/Enc_Recipient structure goes into the the “info” parameter, not the “aad” parameter for Seal<MODE>(), right? LL _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
