WG, In doing some background research for a minimalist COSE profile I ran into the case that the existing registered AES-MAC algorithm family is not on the US NIST FIPS 140 approved list [1] but the AES-CMAC family is approved. I saw some COSE discussion on this going back to 2015 [2] and 2018 [3] with the conclusion there that AES-CBC-MAC was more widely supported in constrained environments. Since that time, it appears that CMAC has been more solidified as the preferred cipher-based MAC technique.
Is there any COSE WG appetite for registering a FIPS-approved AES-CMAC algorithm family? This would be a relatively small addition, probably two code points, and because this is not a technical or security limitation of the existing AES-MAC registrations I think they would be left in-place and not deprecated. I can bring this up at next week's IETF if there is any interest. Thanks for any feedback, Brian S. [1] https://csrc.nist.gov/projects/cryptographic-module-validation-program/sp-80 0-140-series-supplemental-information/sp800-140c [2] https://mailarchive.ietf.org/arch/msg/cose/GwP_6EgbzTkzXGh36WhX0nomhT8/ [3] https://mailarchive.ietf.org/arch/msg/cose/yiLtOdsw6RXC-iHdNHJKGWgfUEs/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
