Hello ACE-EDHOC authors, On Thu, Dec 12, 2024 at 11:45:58AM +0100, Christian Amsüss wrote: > The "maybe a subject claim" is critical here: If a COSE_Key were used > raw, the recipient would have no way of knowing whether or not a subject > key, let alone with which value, should be in the KCCS that gets used as > EDHOC input.
To some extent I stand corrected: The implementer in question has pointed to bullet 4 of section 3.5.2 of RFC9528[1], which *does* say that a naked COSE_Key is a credential that can be used by wrapping it in the trivial CCS. Thus, as long as the cnf used in the ACE profile says that it contains a COSE_Key, it may be fine to use it -- but then the profile should point to that conversion. As a whole, this is probably the state: Those a108a101 prefixes would thus actually never be sent, because the RS can send its message 2 with a KID, the C can reconstruct the full credential even though it only got the COSE_Key, and the client sends a token whose ciphertext may also contain the COSE_Key (again, with the prefix added before AAD'ing it as a CRED_I). BR c [1]: https://www.rfc-editor.org/rfc/rfc9528.html#name-authentication-credentials -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
