Closed selfissued closed 8 years ago
selfissued
commented
8 years ago As far as I can tell, there was no action taken in response to this issue and it was not discussed on the list. I therefore request that either the action taken be pointed out so that it can be reviewed or the issue be reopened. Thank you.
jimsch
commented
8 years ago s/supplied/identified/
selfissued
commented
8 years ago This change helps some. Things would still be much clearer if the text explicitly said something along the lines of "The direct key is known to the two parties and not transmitted as part of the message." Thanks.
selfissued
commented
8 years ago Update that text to "The direct encryption class algorithms share a secret between the sender and the recipient that is used either directly or after manipulation as the content key; the secret is not transmitted in the message." and I'm good.
jimsch
commented
8 years ago Not transmitting the shared secret is kind of the definition of a shared secret.
selfissued
commented
8 years ago All right. In the interest of moving forward, I'll drop this one, given the now-clear explanation being on record.
Please state whether direct keys, as defined in 12.1.1 (Direct Key), are sent in the clear as part of the COSE message or not. I couldn’t easily tell. If they are, please state what rules need to be followed to use them securely.