IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Murray Kucherawy's No Objection on draft-ietf-lamps-cms-kemri-08: (with COMMENT)

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 07 March 2024 15:12 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFEF4C180B7E; Thu, 7 Mar 2024 07:12:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a98RewRWZYa9; Thu, 7 Mar 2024 07:12:39 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEEB3C151532; Thu, 7 Mar 2024 07:12:35 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 427DfvKI028581; Thu, 7 Mar 2024 09:12:29 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=j4bPQhhKjfR8HzobWR77h2FC K4aL87rZbS+PJT8DhgE=; b=kQBQtUnpLwPe2QlFN9L7eYOm/zkjE8xsLUoeFGek bvXtT9H4QppCrXxX2X/Om/FtJNTOnO7yCquMBc/AYIcO0voMuxCkKKJvskgFIsZS uamHmYW2wwAVUYdkNHeP/ypfVY1x8tT2qHUf4zrj1aeKsKOecX439rmL2kd1c4Tm KdcMEEzG6PNW3RD+qddrhA+fdw4da5IXuMeZElj+l4CDrTyC1TXmZn4ls9wrKddi /dvEkwdaZhynEMdZXgjP6AQf/ANJmCiqP/ueF3Hf1TgtUCbh+RhWXaSwDh4OkqDn yom6mpXNC5i1uDGma1iA8U98wprHEPS6Tz3s4JWSGI+y8Q==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2041.outbound.protection.outlook.com [104.47.57.41]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3wkyyrj2v6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 07 Mar 2024 09:12:28 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTVw0Zng40I3ybKamaPgYgTLN413xb06WSnoWa2W01DC3ZsTXiCkkbD0ozzqeLOi6da0WrIVzT0KlLc6fn5cJ94EGciHpfGrhnYvJEH5+oXfFrq3SPjGP/jNVZuMdcDG2iEFOVlhc2ziXfsJA9z99m+1HC+K+HO04bqwD0Id8EybL+3YWA23CthUMlcFlQ9cTErqvMsJ6FDJ+Y6CxdMZQ8ZdHrYf+J401LwjbQFEtk2nSWWtzhmrdshgmqsDxQC0jz0ctm/hoxGXWjlduyDk4apxQmb2k1i2XHH/Lfe1TN10f1UvZkYfRf/SISa7M3uPbgSyP8GtQEttXEaDgLApcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pAkrbgRPF4SObEr+GSNGbf9z0mtZ5K0+jPpq1RuNiRg=; b=C2TcX1AzMMAH2S6n3MGjzWJRyo6OcMyvS3xUQJmu+4RWysy28q8QfsaXPpK8JotrVZ7hqIltMZl9jwUkDJxGpQnMfTgG1rmn5c9Vcu14yMXgGqwqsHgHTD/ljAC60/Aplt55D/Bub50t2ETiogMit9V165gw2SS8NXewy5nkYFJhooNHRhEqW4w6OpMVd0AndavpKpyId6v2D+/WClK8ZbbhmzVf3tWUhXmdVDTFqnLSBfEzpvTRySlgwO6OxyRxyY9wO/dlv4O9EP/pD21kOcX0xJg3tnae4E4p1af0JtjuCkM54maXWaEVoMHpBpGJs7CCyYljF5JcBnDSc9p60A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by SA0PR11MB4767.namprd11.prod.outlook.com (2603:10b6:806:97::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.9; Thu, 7 Mar 2024 15:12:24 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03%3]) with mapi id 15.20.7386.006; Thu, 7 Mar 2024 15:12:24 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>, Orie Steele <orie@transmute.industries>
CC: "draft-ietf-lamps-cms-kemri@ietf.org" <draft-ietf-lamps-cms-kemri@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "tim.hollebeek@digicert.com" <tim.hollebeek@digicert.com>, "corey.bonnell@digicert.com" <corey.bonnell@digicert.com>
Thread-Topic: [EXTERNAL] [lamps] Murray Kucherawy's No Objection on draft-ietf-lamps-cms-kemri-08: (with COMMENT)
Thread-Index: AQHacF9ucMJ9a3U8702ARUSTncP2e7EsXy/w
Date: Thu, 07 Mar 2024 15:12:24 +0000
Message-ID: <CH0PR11MB5739C6B07D229865D3072AC09F202@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <170979580187.63516.11101857365652932121@ietfa.amsl.com>
In-Reply-To: <170979580187.63516.11101857365652932121@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: orie@transmute.industries
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|SA0PR11MB4767:EE_
x-ms-office365-filtering-correlation-id: 89c86586-8067-4aa9-8165-08dc3eb8fe89
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: a970neQJAy6c9/HBz8mZoV89bOzz8x0kp17Osk6oMfuJD5PKIrCAEa+xQd6CUrsHm6j93VWtEabdcoNky9qEOrGBLWn9AYOxr4KDZXqgDeU5502R5kUWJBD4Kz2kFAaYTLr28Eu3Aw0wUUuwlXbHIttXm/gbvWCb75MdlOuzvyWjpbZ1AZyk7HJEI9NcGRvEURDMbQJ5S9tafueLARHvnPRd1H9ONE4toSyLsymMlln6X14Pr9fw7LDzXPpuxQ+dgRrAP5gQaf2fmUUlJFuXUh8vtc0iXpL6EtGYWxdT6PMM7jBXT8DbvZjFxFWzc0kzC3QfP8kRelDczCb+Bc7rOwFoUMyBRV4jVEvRVecQEDFAhXYpDJOxeKUtH1p9HncY8iXgtxUMkFlDHrI3jMvv9mejOr/wD54+m+S1ifu82oQpgk2XZA/E60c+Mi0Nr2S3XhSA4AlscGGesEvO1px3R+rHY1JJTy9e6XuwhIOsoLGqzw62dFBqm4AMDm0a/wBh/Xj7vhe5ZdjD4r1T2bVkZPhPp8dXyjJvnrSerMEmkqwDnMTyDpUQXturLsYjIlnmJUA8vxW2ovGIEsEkpKl9qV+yTm0DWa/a69JjswLi8oqvisEznOl4KedkjzIq9vxcm1GvMB0iHHRYs8V5OaIHbkhbfLahsgnvIU67kRUa3787z2qE6PrGOE9BCmg5vVEm
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zt9WFVM38GL94vBHYzyK5AnLcsHh6GSP7kKpKImT4GmJPFucsVC3rLgGPejUsrPFPcbxfC1di9JljrDZohFqNAFdVUkPK2k1OM1DYROHNaEo2w9pigdI/8AtcgbE5d83qjS2zAQWuJb5UW5o/Uered6oMFhp+Vz/CWgfp6fFO0fgaHsLCiNS03B0Gvb9SAnsF3sXPkzQpFSfTcNvqzxlxYBvq4zO4lsGKe1n+6HH0/sw4gMrMTcBjU9bEdSNmXzg5vOghDc1f3ocMDTUq0Mh9/i8m13th6a6oAismxxAn/URJRIfj4+Kn4/mpcrdZlcmMTiluwpbPIS7K/OKJNceLSL/3c25RCH7qsjJlb0lxsiARSYvr8i4LeuRMeAvifm8PG9w611fEl+L/q6SSahpa1edGxpXQdwNC30xKmml65QRYcq0vlc1yAIHCM9szon+x6rmmhRj2R3KJHo/HbFIPc0tZjKyFNK/zEKHBajZCvO9l/93oDktQ/v4D1l5hNRsu8U4n58n2yH9KHqYMHZ1tD0j5LRM+JF7QJewHt7w3GmhZqlh/wh2GqQEjRlfknafjtoZk3p7RkFmiQ96kYKCOtOKFjI9/e0GBf4BigTrDYjhTBT8QcPYf8smk/Pvp9SXCZL/CwsDcLjlofNgq+IHjl4Gk+Sg9KdZjCiSi0FkvVVlv1m/f7tNnDsFUd0y99nQOy452pzBF5MQj9j5B4+h5N7A9LoGD6ODVudElw6DIn9clxQks0zoFC5ZGlE9bNATN0Afp4ysl0mWRXXNsUfyNb+Kj0FmZpW1Qe+uoMflZK75WHmslrysjW7XrryodpscZGL01c98W/Ss5KnPlShwEbk9Vc2EkJbLTX0WhqzIjnUzdRFBLv5//tgrrUjT8XX/bYKyu3TTvKOtHQZqbOgC09noMHxX3tkkAHHe00AgFqczZTLMSANG2MEwzCAYwZ05qjrDJjmd+hVmfqDyxZe3lha7XLM13xy3Nnxp7b51k+fT8d/sXfAPM34xzOxScVhTOe+cHTxiqBLp2hI3gwklItRr3bQ+0Hd/xkQM86Pfx3GxJTI2r9ZpRfP/sonADegxi27GCUtKzujHBB0Thq1FFz1lp850/u+RNTPLMl7CHM5CgfjZTVr1KpFiemc5zdYgFakgS1tOvLCqEwWR3edyMpPn14n8Nu8kRIJ712/Dvn+dGd9jD49jOB6qvgyYqlNc7FfV3uGe4mrjZ/6LI5pjFn6nbZylqQk1TXWbgJL/5GJTw8giOwJjb/jnyAOILC5U8Bc1BJYUIk6JMOoq7dsg5T5ZIO0CLDwCZ1Iuew2pkHF+CaHGxxHdRMp8oyn8FPyW3Q6i6LvY/SMrXrELXHFtyn3yApPQwSQX6hs4Jp20KQ64mhrgemC+yMxbZqRzcBuWscMDGrkeQo64KIxySmoMKxgPQgrV7IWXMDltb4Ffj0stA9TMOWManAH8EIRCkpXzRSh4A57wxG3wU7QM11LLMeuYwdBIMHGavIZnwws/YgFhH/ltJobyKo01DzB8Z5SZGY7nwckrf03reC3DQqss3ZjG/+Vpvj/PUBbcSUgn4D2S3Q1KDUjJd4o4VVGMR7Sb
Content-Type: multipart/signed; micalg="2.16.840.1.101.3.4.2.1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0486_01DA706F.906686D0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 89c86586-8067-4aa9-8165-08dc3eb8fe89
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2024 15:12:24.4471 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0mbpSGM+wiVg7uJLu8ZgakBNNgopc+Tj+WxCXAGGds+3p2P2wI9AilZBSg4lLmLOYfOR7ZeyUCeCrczAPFr+kIHsOT+IL51Ein+WSkD5LDE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4767
X-Proofpoint-ORIG-GUID: owiat5JRC4ljhQyHM0TOvmDTIi2E9r-v
X-Proofpoint-GUID: owiat5JRC4ljhQyHM0TOvmDTIi2E9r-v
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-07_08,2024-03-06_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 mlxscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 adultscore=0 malwarescore=0 spamscore=0 clxscore=1011 priorityscore=1501 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2403070087
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/L7uw3Dd8jO4U_lP457CLRXepAZk>
Subject: Re: [lamps] [EXTERNAL] Murray Kucherawy's No Objection on draft-ietf-lamps-cms-kemri-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2024 15:12:43 -0000

Hi  <mailto:orie@transmute.industries> @Orie Steele

 

I am intrigued by your comments, but I don't fully understand them.

 

My understanding:

CMS has some data payload to encrypt. The sender will generate a random CEK
or CAEK. It will encrypt the payload with AES-CBC or AES-GCM. So far this is
all basic CMS RFC5652 behaviour. The KEMRI draft adds the ability to protect
the CEK or CAEK for one or more recipients' KEM certificate - more than one
recipient is for things like email with more than one person in the TO:
field, so you encrypt the CEK / CAEK multiple times rather than encrypting
the entire payload multiple times.

 

So with that understanding, I don't think I follow your comments.

 

The payload will be encrypted once, with either AES-CBC or AES-GCM, with a
unique key per payload. I don't see where cross-mode attacks are introduced.

 

The CMS headers will specify both the KeyEncryptionAlgorithmIdentifier
(inside KEMRecipientInfo), and ContentEncryptionAlgorithmIdentifier (inside
EncryptedContentInfo). If those specify that, for example, the payload was
encrypted with ContentEncryptionAlgorithmIdentifier = AES-CBC, and the CEK
was encrypted with KeyEncryptionAlgorithmIdentifier = AES-GCM. I don't see
how you get an attack here.

 

---

Mike Ounsworth

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Murray Kucherawy via
Datatracker
Sent: Thursday, March 7, 2024 1:17 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-cms-kemri@ietf.org; lamps-chairs@ietf.org;
spasm@ietf.org; tim.hollebeek@digicert.com; corey.bonnell@digicert.com
Subject: [EXTERNAL] [lamps] Murray Kucherawy's No Objection on
draft-ietf-lamps-cms-kemri-08: (with COMMENT)

 

Murray Kucherawy has entered the following ballot position for
draft-ietf-lamps-cms-kemri-08: No Objection When responding, please keep the
subject line intact and reply to all email addresses included in the To and
CC lines. (Feel free to 



Murray Kucherawy has entered the following ballot position for
draft-ietf-lamps-cms-kemri-08: No Objection
 
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
 
 
Please refer to
https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statement
s/handling-ballot-positions/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_
giHweh7ipifWddvC5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxS-023Peg$
<https://urldefense.com/v3/__https:/www.ietf.org/about/groups/iesg/statement
s/handling-ballot-positions/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_
giHweh7ipifWddvC5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxS-023Peg$>  
for more information about how to handle DISCUSS and COMMENT positions.
 
 
The document, along with other ballot positions, can be found here:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-lamp
s-cms-kemri/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC
5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxSZn3FNhw$
<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamp
s-cms-kemri/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC
5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxSZn3FNhw$> 
 
 
 
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
 
===
 
>From Orie Steele, incoming ART Area Director:
 
Thanks to Sean Turner for the ARTART review, and the PR.
 
The security considerations mentions both AES-GCM and AES-CBC.
 
Is there a need to comment on binding the CEK or CAEK to a specific
symmetric
encryption algorithm, similar to:
 
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-housley-l
amps-cms-cek-hkdf-sha256/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giH
weh7ipifWddvC5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxQa702bBQ$
<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-housley-l
amps-cms-cek-hkdf-sha256/__;!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giH
weh7ipifWddvC5DjKdkJIAXTJgrkpABvkWWRp3eqGs7CAhvmxQa702bBQ$> 
 
Or the algorithm integrity protection comments in:
 
https://urldefense.com/v3/__https://www.rfc-editor.org/rfc/rfc9459.html*sect
ion-8__;Iw!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC5DjKd
kJIAXTJgrkpABvkWWRp3eqGs7CAhvmxQbrRdCPw$
<https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc9459.html*sect
ion-8__;Iw!!FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC5DjKd
kJIAXTJgrkpABvkWWRp3eqGs7CAhvmxQbrRdCPw$> 
 
I am concerned about how cross mode attacks are or are not mitigated by this
document, but I lack the CMS experience to be able to compare the security
properties to COSE.
 
"""
In this environment, security depends on three things. First, the KEM
algorithm
must be secure against adaptive chosen ciphertext attacks. Second, the
key-encryption algorithm must provide confidentiality and integrity
protection.
Third, the choices of the KDF and the key-encryption algorithm need to
provide
the same level of security as the KEM algorithm. """
 
It seems like there is possibly a missing criteria that assures that the
same
content encryption algorithm is used on both sides of the KEM interface,
after
the CEK or CAEK is decrypted?
 
 
 
_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!
FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC5DjKdkJIAXTJgrkpA
BvkWWRp3eqGs7CAhvmxT8KnKO4w$
<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!
FJ-Y8qCqXTj2!Y3B2eNStiUUjdo-t3e_Ujl1ugvxIR_giHweh7ipifWddvC5DjKdkJIAXTJgrkpA
BvkWWRp3eqGs7CAhvmxT8KnKO4w$>

v2.23.0 | Report a Bug | By Email