FYI: This problem already was in RFC 8152. Note that RFC 8152 (and thus RFC 9053) registers its AES-CBC-MAC variants under the name “AES-MAC”, which may be a contributor to some confusion in the text describing the examples in C.5.1 and C.6.1 (despite the note: [1] [2], and further fueled by the actual examples using the full conventional name AES-CBC-MAC-256/64 in a comment instead of the registered name AES-MAC 256/64).
[1]: https://www.rfc-editor.org/rfc/rfc9053.html#section-3.2-1 (Note that this is not the same algorithm as AES Cipher-Based Message Authentication Code (AES-CMAC) [RFC4493].) [2]: https://www.rfc-editor.org/rfc/rfc8152#section-9.2 (There is some work outstanding on cleaning up and updating MACs in the COSE registry…) Grüße, Carsten > On Oct 31, 2025, at 10:40, RFC Errata System <[email protected]> > wrote: > > The following errata report has been submitted for RFC9052, > "CBOR Object Signing and Encryption (COSE): Structures and Process". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid8623 > > -------------------------------------- > Type: Editorial > Reported by: Brian Sipos <[email protected]> > > Section: C.5.1 > > Original Text > ------------- > MAC: AES-CMAC, ... > > Corrected Text > -------------- > MAC: AES-CBC-MAC, ... > > Notes > ----- > The actual message diagnostic uses the correct algorithm name, but the > descriptive text calls it "AES-CMAC" which is a different algorithm (and one > not currently in the IANA registry). > > Section C.6.1 has an identical typo. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC9052 (draft-ietf-cose-rfc8152bis-struct-15) > -------------------------------------- > Title : CBOR Object Signing and Encryption (COSE): Structures > and Process > Publication Date : August 2022 > Author(s) : J. Schaad > Category : INTERNET STANDARD > Source : CBOR Object Signing and Encryption > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
