Sure. That seems like a good place to start in the adopted document. If someone raises a use case, we can discuss it.
Russ > On Jul 30, 2024, at 1:18 PM, Orie Steele <[email protected]> wrote: > > Thanks for pointing this out :) > > The document defines several headers which are hints regarding the payload. > > In the context of COSE_Encrypt, the payload would still be a hash, but some > of these headers (preimage content type and payload location) could leak > information about the payload. > > All of the use cases I've seen are for signing hashes that are already well > known and distributed or used in existing systems. > > I can't think of a reason to use this approach with encrypted payloads, but > from a practical standpoint, I am not sure exactly what the document should > say regarding these headers if they appear in COSE_Encrypt. > > Perhaps something to the effect of: > > The cose headers defined in this document SHOULD NOT be used in unprotected > or protected headers associated with COSE_Encrypt, unless the sender is > comfortable disclosing metadata regarding the encrypted payload. > > What do you think? > > Regards, > > OS > > > On Tue, Jul 30, 2024 at 12:07 PM Russ Housley <[email protected] > <mailto:[email protected]>> wrote: >> Section 3 says: Should we define this? >> >> Of course, things can change after adoption, but this seems like a fairly >> being open hole. >> >> I would like to see this document be adopted without Section 3. The COSE >> approach would be to use COSE_Encrypt is the payload needs confidentiality. >> >> Russ >> >> >>> On Jul 30, 2024, at 12:42 PM, Ivaylo Petrov >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Dear all, >>> >>> This message starts the call for adoption of the following draft as working >>> group item: >>> >>> * draft-steele-cose-hash-envelope: >>> - https://datatracker.ietf.org/doc/draft-steele-cose-hash-envelope/ >>> >>> As discussed during the last IETF, there seems to be interest in the >>> working group to work on that document. If you have read the draft, please >>> indicate whether you support its adoption as a working group item or not. >>> >>> We would also like to remind you that adoption does not mean a document is >>> finished, only that it is an acceptable starting point. >>> >>> This call will run for two weeks, ending on Aug 13nd. Please try to respond >>> before that date. >>> >>> Best regards, >>> - Ivaylo on behalf of the COSE Working Group Chairs >>> _______________________________________________ >>> COSE mailing list -- [email protected] <mailto:[email protected]> >>> To unsubscribe send an email to [email protected] >>> <mailto:[email protected]> >> >> _______________________________________________ >> COSE mailing list -- [email protected] <mailto:[email protected]> >> To unsubscribe send an email to [email protected] >> <mailto:[email protected]> > > > -- > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > <https://transmute.industries/>
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
