This document specifies the conventions for using AES-CTR and AES-CBC
as Content Encryption algorithms with the CBOR Object Signing and
Encryption (COSE) [RFC9052] syntax. Encryption with COSE today uses
Authenticated Encryption with Associated Data (AEAD) [RFC5116]
algorithms, which provide both confidentiality and integrity
protection. However, there are situations where another mechanism,
such as a digital signature, is used to provide integrity. In these
cases, an AEAD algorithm is not needed. The software manifest being
defined by the IETF SUIT WG [I-D.ietf-suit-manifest] is one example
where a digital signature is always present.
Working Group Summary
Once explained, the WG reached broad concensus for this use of unauthenticated
encryption algorithms (easier to use for signed firmware images)
The document is short and clear.
The Document Shepherd for this document is Michael B. Jones. The
Responsible Area Director is Paul Wouters.