> Even if the WG agrees to prohibit non-AEADs, I think we should get rid of COSE_KDF_Context and should authenticate the algorithm ID across layers with a new Enc_structure.
I also think we should get rid of COSE_KDF_Context, but under the premise of prohibiting the use of AE algs, I don't understand why it is necessary to introduce next_alg... The CEK is protected by HPKE at layer1, which I believe is sufficient, and additionally, Enc_structure with external_aad can be used with AEAD at layer0. Daisuke 2024年3月19日(火) 2:31 lgl island-resort.com <[email protected]>: > > On Mar 18, 2024, at 6:05 AM, AJITOMI Daisuke <[email protected]> wrote: > > What I think should be done is to prohibit using non-authenticated >> content encryption and key wrap algorithms in COSE. > > > I agree. In the COSE-HPKE draft, we should stop supporting legacy > non-AEADs and offer the simplest and safest solution. > > > Even if the WG agrees to prohibit non-AEADs, I think we should get rid of > COSE_KDF_Context and should authenticate the algorithm ID across layers > with a new Enc_structure. > > LL > >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
