RFC 8152, "CBOR Object Signing and Encryption (COSE)", July 2017Source of RFC: cose (sec)
Errata ID: 6597
Publication Format(s) : TEXT
Reported By: Anders Rundgren
Date Reported: 2021-06-03
Section 12.5.1. says:
The RFC is unclear to whether Concat KDF or HKDF is to be used: In table 20 there is an entry: ECDH-ES + -31 | HKDF - | yes | A256KW | ECDH ES w/ | | A256KW | | SHA-256 | | | Concat KDF | | | | | | | and AES Key | | | | | | | Wrap w/ | | | | | | | 256-bit key That is, the table talks both about Concat and HKDF. The IANA registry for this algorithm says Concat KDF Jim's sample code for algorithm -31 says HKDF.
It should say:
I have no corrected text to offer since I don't have the answer to the question raised. Concat is referred to once and without any external references. In JOSE, Concat denotes a NIST standard which is quite different to HKDF.
It is pretty vital for interoperability knowing if Concat KDF or HKDF is to be used.