John Mattsson wrote:
> New comment from Laurance on GitHub pointing out that
> proof-of-possesion is not enough. I think this point to that COSE
> integrity protection of the end-entity certificate needs to be MUST.
I think that the example is incorrect.
If we have to protect
I wouldn’t say MUST, just highly recommended. If there is consensus for MUST I
won’t object considering that the cost of protection is low for all the uses I
can imagine.
LL
> On Mar 11, 2021, at 11:35 PM, John Mattsson
> wrote:
>
> New comment from Laurance on GitHub pointing out that
Hi,
In the COSE WG today we discussed the allocations of COSE code points for
encryption without MAC, which is not supported by
https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis-struct-15.
As I understood from the meeting there is support for allocating such code
points, but a concern
Hi,
When I analysed an earlier version of Group OSCORE some years ago it had severe
security problems when used with CCM_8 + Countersignature. The attacks were
pretty bad. 64-bit offline complexity against source
authentication/availability from a different person in the group and something
