Skip to content

Deb Cooley's review #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marco-tiloca-sics merged 14 commits into from
Dec 23, 2025
Merged

Deb Cooley's review #124

marco-tiloca-sics merged 14 commits into from
Dec 23, 2025

Conversation

@marco-tiloca-sics
Copy link
Collaborator

@marco-tiloca-sics marco-tiloca-sics commented Dec 4, 2025

This PR addresses the review from Deb Cooley archived at https://mailarchive.ietf.org/arch/msg/core/hewfpUmkcxXq0uKDqe93yIzzsVs/

rikard-sics
rikard-sics reviewed Dec 9, 2025
View reviewed changes
rikard-sics
rikard-sics reviewed Dec 9, 2025
View reviewed changes
rikard-sics
rikard-sics approved these changes Dec 9, 2025
View reviewed changes
Copy link
Member

@rikard-sics rikard-sics left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I left one final comment.

Not sure if the part about AES-CTR can be simplified somehow, but currently it feels like the more details the better

@rikard-sics
Copy link
Member

rikard-sics commented Dec 10, 2025

Building on John's comments. I'd propose the following for the main part about AES-CTR:

A non-authenticated algorithm MUST NOT be used as Group Encryption Algorithm if it is not possible to ensure uniqueness of the (key, IV) pairs, or intermediate values used in the algorithm, e.g., for algorithms that increment the IV internally.

Examples of non-authenticated algorithms that can be used as Group Encryption Algorithm are A128CTR, A192CTR, and A256CTR (see {{Section 4 of RFC9459}}). When either of those three algorithms is used, the following applies:

  • The 12-byte nonce MUST be computed as defined in {{sec-cose-object-aead-nonce}} of this document. The Initialization Vector (IV) used in {{Section 4 of RFC9459}} is equivalent to this nonce (12 bytes) concatenated with 0x00000000 (4 bytes), in this order.

  • The algorithm MUST NOT be used to encrypt a plaintext or decrypt a ciphertext whose length is larger than 64 GB (i.e., 236 bytes).

Future specifications can admit alternative non-authenticated algorithms that can be used as Group Encryption Algorithm. When doing so, it MUST be defined how to compose the IV in a secure manner, building on the nonce computed as defined in {{sec-cose-object-aead-nonce}} of this document. Absent such a specification, alternative non-authenticated algorithms MUST NOT be used as Group Encryption Algorithm.

Or even more brief:

Examples of non-authenticated algorithms that can be used as Group Encryption Algorithm are A128CTR, A192CTR, and A256CTR (see {{Section 4 of RFC9459}}). When either of those three algorithms is used, the following applies:

  • The 12-byte nonce MUST be computed as defined in {{sec-cose-object-aead-nonce}} of this document. The Initialization Vector (IV) used in {{Section 4 of RFC9459}} is equivalent to this nonce (12 bytes) concatenated with 0x00000000 (4 bytes), in this order.

  • The algorithm MUST NOT be used to encrypt a plaintext or decrypt a ciphertext whose length is larger than 64 GB (i.e., 236 bytes).

@marco-tiloca-sics marco-tiloca-sics merged commit 3a1fc64 into master Dec 23, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gselander gselander Awaiting requested review from gselander

1 more reviewer

@rikard-sics rikard-sics rikard-sics approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marco-tiloca-sics @rikard-sics @emanjon