hannestschofenig
commented
1 year ago The abstract talks about this. This should be good enough
Closed laurencelundblade closed 1 year ago
hannestschofenig
commented
1 year ago The abstract talks about this. This should be good enough
laurencelundblade
commented
1 year ago I would prefer it in the title, but if not in the title at least be clear that auth mode is not supported in the text and maybe that it should be supported in future work.
To go a bit further, I'm surprised auth mode is not of more interest. While I understand why it's not good for SUIT, it seems like it will:
(Neither sign-then-encrypt vs encrypt-then-sign issue are fool-proof against all attacks in all use cases. It's not a problem for most use cases, but it's also nice to have fool-proof solutions).
hannestschofenig
commented
1 year ago Maybe we can leave it as an open issuer for now and discuss it at the meeting
Since we're not defining how to integrate HPKE auth and other modes in this document is shouldn't be titled as if it were the full HPKE integration into COSE.