All, In reviewing the current registered COSE algorithms for conformance to CNSA 1.0 and 2.0 (the two releases of CNNSP 15 [1]) restrictions I've come across an interesting problem. All of the ECDH + KW algorithms currently registered by RFC 9053 [2] have a series of increasing AES key lengths but all use SHA-256 within the KDF. This is different than the increasing hash strengths for the direct ECDH algorithms registered by RFC 9053 [3].
Was this an intentional design? For equivalence of security strength, would it be more consistent to escalate somewhat like: ECDH + HKDF-256 + A128KW ECDH + HKDF-384 + A192KW ECDH + HKDF-512 + A256KW Or is there something I'm missing and technically the KDF hash function does not affect overall security strength? But then why do the direct ECDH use escalating hash strengths? Thanks for any insight about this, Brian S. [1] https://www.cnss.gov/CNSS/issuances/Policies.cfm [2] https://www.rfc-editor.org/rfc/rfc9053.html#section-6.4.1 [3] https://www.rfc-editor.org/rfc/rfc9053.html#section-6.3.1
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
