On Thu, Jun 20, 2024 at 02:47:33PM +0000, lgl island-resort.com wrote: > Here’s a response that takes a different tack. > > Now bring HPKE back to COSE and HPKE’s lack of multiple recipient > support. We have to add a bit more around HPKE to get support for > multiple recipients. We have to worry about the lamps attack.
Turns out RFC9052 does the most of the heavy lifting for multiple recipients. > Does that justify bringing in the info structure? I don’t think so. > We just need to securely bind in the next layer algorithm. That is > neatly accomplished with next_layer_alg in proposed > recipient_structure.<https://github.com/cose-wg/HPKE/pull/58/files> It is very bad idea for operation of algorithm to depend on what layer it is in. So next_layer_alg would be present even on layer 0, where there is no next layer. What value should one use in that case? nil would be the most logical, but is not allowed. -Ilari _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
