On Mar 18, 2024, at 6:05 AM, AJITOMI Daisuke <[email protected]> wrote:
What I think should be done is to prohibit using non-authenticated content encryption and key wrap algorithms in COSE. I agree. In the COSE-HPKE draft, we should stop supporting legacy non-AEADs and offer the simplest and safest solution. Even if the WG agrees to prohibit non-AEADs, I think we should get rid of COSE_KDF_Context and should authenticate the algorithm ID across layers with a new Enc_structure. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
