CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC
RFC 9459

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-aes-ctr-and-cbc@ietf.org, michael.jones@microsoft.com, paul.wouters@aiven.io, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC' to Proposed Standard (draft-ietf-cose-aes-ctr-and-cbc-06.txt)

The IESG has approved the following document:
- 'CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC'
  (draft-ietf-cose-aes-ctr-and-cbc-06.txt) as Proposed Standard

This document is the product of the CBOR Object Signing and Encryption
Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-cose-aes-ctr-and-cbc/

Ballot Text

Technical Summary

   This document specifies the conventions for using AES-CTR and AES-CBC
   as Content Encryption algorithms with the CBOR Object Signing and
   Encryption (COSE) [RFC9052] syntax.  Encryption with COSE today uses
   Authenticated Encryption with Associated Data (AEAD) [RFC5116]
   algorithms, which provide both confidentiality and integrity
   protection.  However, there are situations where another mechanism,
   such as a digital signature, is used to provide integrity.  In these
   cases, an AEAD algorithm is not needed.  The software manifest being
   defined by the IETF SUIT WG [I-D.ietf-suit-manifest] is one example
   where a digital signature is always present.
Working Group Summary

Once explained, the WG reached broad concensus for this use of unauthenticated
encryption algorithms (easier to use for signed firmware images)

Document Quality

   The document is short and clear.
   
Personnel

   The Document Shepherd for this document is Michael B. Jones. The
   Responsible Area Director is Paul Wouters.

RFC Editor Note