I agree. Neither draft has multiple messages.
The single message is plaintext or a content encryption key. Based on conventions: The context for the message should be bound via AAD and Enc Structure in COSE, and AAD and base64url encoded protected headers in JOSE. OS On Mon, Mar 4, 2024, 2:40 AM Ilari Liusvaara <[email protected]> wrote: > On Sun, Mar 03, 2024 at 06:42:41PM +0000, lgl island-resort.com wrote: > > > > If you read the paragraph before you get more context and more > > understanding why there’s both. Seems more like efficiency / economy > > trade-off. You don’t really need both. There’s no security reason > > for one or the other. > > With single message, it seems like a bad trade-off: > > - aad is faster, as it is polymac instead of full-blown hash function. > - aad is much easier to implement without allocations, as it is not > part of some larger structure. > - aad is trivially secure from definition of AEAD, but security of > info does not trivially follow. > > With multiple messages, there are reasons to use both, but I can not > come up with any actual reason to use info with a single message. > > > > > -Ilari > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
