I don’t currently have a use for MAC algorithms in COSE, so I don’t have a strong preference regarding tag length. COSE previously settled on 128- and 64-bit tags for CBC-MAC, but it may be better to standardize on a single option to keep things simple.
If AES-CMAC is invoked multiple times with the same key, full-length (untruncated) tags are quite problematic: they create a false sense of high security while consuming unnecessary bandwidth. In contrast, a truncated tag of t bits provides t-bit security for each message (up to some value q), whereas a full-length (untruncated) tag does not at all give 128-bit integrity. Correct me if I’m wrong, my understanding of COSE is that AES-CMAC can be used either with a fixed key across many messages or with a fresh key for each message. Cheers, John Preuß Mattsson From: Brian Sipos <[email protected]> Date: Tuesday, 24 March 2026 at 13:25 To: Russ Housley <[email protected]> Cc: [email protected] <[email protected]> Subject: [COSE] Re: New Version Notification for draft-sipos-cose-cmac-01.txt Russ, I have no need or desire for the truncated tags. I added them only because it was suggested by John M for IoT cases and the existing MAC alg registrations use 64 bit tags. I'm open to any WG consensus about which fully specified parameters are most appropriate. Brian S. On Mon, Mar 23, 2026, 16:49 Russ Housley <[email protected]<mailto:[email protected]>> wrote: Brian: Why do you think 64 bit authentication tags are desirable? I would be much more comfortable with 96 bits. Russ On Mar 23, 2026, at 10:47 AM, Brian Sipos <[email protected]<mailto:brian.sipos%[email protected]>> wrote: COSE WG, I have updated the individual draft referenced below based on the feedback so far. For the explanatory updates I think the new text is more clear about what is meant and about which sections some statements belong in. Part of this update adds truncated MAC tags, as suggested, which align with the strengths of existing registered MAC algorithms. With these changes, and from comments received so far, I think this draft is ready for an adoption call. Thanks for the support so far! Brian S. ---------- Forwarded message --------- From: <[email protected]<mailto:[email protected]>> Date: Mon, Mar 23, 2026 at 10:30 AM Subject: New Version Notification for draft-sipos-cose-cmac-01.txt To: Brian Sipos <[email protected]<mailto:brian.sipos%[email protected]>> A new version of Internet-Draft draft-sipos-cose-cmac-01.txt has been successfully submitted by Brian Sipos and posted to the IETF repository. Name: draft-sipos-cose-cmac Revision: 01 Title: AES-CMAC for COSE Date: 2026-03-23 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-sipos-cose-cmac-01.txt Status: https://datatracker.ietf.org/doc/draft-sipos-cose-cmac/ HTML: https://www.ietf.org/archive/id/draft-sipos-cose-cmac-01.html HTMLized: https://datatracker.ietf.org/doc/html/draft-sipos-cose-cmac Diff: https://author-tools.ietf.org/iddiff?url2=draft-sipos-cose-cmac-01 Abstract: This document registers code points for using the Advanced Encryption Standard (AES) block cipher in Cipher-based Message Authentication Code (CMAC) mode within CBOR Object Signing and Encryption (COSE) messages. Specifically, these uses are for computing authentication tag values with no additional parameters. The IETF Secretariat _______________________________________________ COSE mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
