The following errata report has been submitted for RFC9053, "CBOR Object Signing and Encryption (COSE): Initial Algorithms".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8061 -------------------------------------- Type: Technical Reported by: Laurence Lundblade <[email protected]> Section: 4 Original Text ------------- (This is an addition to the beginning of section 4) Corrected Text -------------- While this document defines no IDs for non-AEAD ciphers, they are permitted in COSE. When considering support for a non-AEAD cipher, the security considerations in [RFC9459] should be thoroughly reviewed. Additionally, consideration should be given to the AEAD downgrade attack described in [AEAD-Downgrade] which is applicable to COSE and can be avoided by never performing decryption with a non-AEAD cipher. [AEAD-Downgrade] Falko Strenzke and Johannes Roth, “Legacy Encryption Downgrade Attacks against LibrePGP and CMS”, Cryptology ePrint Archive, 2024 <https://eprint.iacr.org/2024/1110> [RFC9459] Housley, R. and H. Tschofenig, "CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC", RFC 9459, DOI 10.17487/RFC9459, September 2023, <https://www.rfc-editor.org/rfc/rfc9459>. Notes ----- This is basically a vulnerability disclosure. The AEAD downgrade attack was not known at the time of publication. RFC 9459 was not published. This does not change the meaning of RFC 9053, just warns about some use of it. Given the weight we usually put on security considerations (for example, those in RFC9459), it seems disclosing this is something that should be done. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9053 (draft-ietf-cose-rfc8152bis-algs-12) -------------------------------------- Title : CBOR Object Signing and Encryption (COSE): Initial Algorithms Publication Date : August 2022 Author(s) : J. Schaad Category : INFORMATIONAL Source : CBOR Object Signing and Encryption Stream : IETF Verifying Party : IESG _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
