You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, it doesn’t seem so strongly stated in 9052 that we couldn’t consider an alternative. If I understand correctly Illari recently suggested that external_aad be an empty bstr in COSE_Recipients.
I see some implementation benefits to this. The Externally Supplied AAD would only be processed at layer 0 and wouldn't have to be passed to COSE_Recipient creation saving some code. Theoretically, Externally Supplied AAD can be large which means you have to either have a buffer to hold the entire Enc_structure. While you can’t avoid this at layer 0 it might be nice to avoid it at layer 1.
I don’t see a security issue here. The Externally Supplied AAD is covered just fine at layer 0.
We could specify this only for HPKE.
I don’t think this is a big deal either way and what’s in the -04 draft is OK, but thought I’d bring up the alternative.
Also, It seems like there should be Errata for 9052 here. It could say either it is always Externally Supplied AAD, always an empty bstr or it varies with the key distribution method.
The text was updated successfully, but these errors were encountered:
Laurence wrote:
The text was updated successfully, but these errors were encountered: