This draft was handled in the JOSE WG, but makes a change to COSE: https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-03.html. It defines alg ID -52 that would kind of replace -29. Fully-specified seems the way of the future here in the halls of the IETF.
After looking at Ken’s nice diagram, it seems to me that most of the content key distribution methods for encryption defined in RFC 9053 section 6<https://www.rfc-editor.org/rfc/rfc9053.html#name-content-key-distribution-me> are subject to the cross mode attack (the one presented in Lamps in Prague). Both the Recipient_structure fix I proposed or the KDF fix that Hannes proposed are applicable to content key distribution methods and will require a new algorithm ID. It seems like we should do one set of new algorithm IDs that addresses both. For example -52, would be fully specified and would have a fix for the cross-mode attack. This is a lot of work. We probably should continue to focus on COSE-HPKE first, but keep the rest in mind as coming next. LL
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
