On Tue, Jun 11, 2024 at 12:46:58PM +0530, tirumal reddy wrote: > On Tue, 11 Jun 2024 at 03:00, Orie Steele <[email protected]> wrote: > > > Perhaps the working group might consider the following alternatives more > > intuitive: > > > > { alg: HPKE-Base-P256-SHA256-A128GCM, enc: dir } > > or > > { alg: HPKE-Base-P256-SHA256-A128GCM, enc: A128GCM } > > or > > { alg: HPKE-Base-P256-SHA256-A128GCM } (enc implied to be A128GCM) > > > > I see that the JOSE specifications expect both parameters to be provided. > Despite the redundancy, the second option seems like the preferred choice.
The second option is not possible for direct HPKE. It already has very specific meaning in JOSE: Use "HPKE-Base-P256-SHA256-A128GCM" (which is presumably Key Encryption) to decrypt the key for "A128GCM", which is not direct HPKE. The first and third options are at least currently illegal in JOSE (the first because "dir" is not AEAD, and the third because "enc" is mandatory), so would be technically possible for direct HPKE (but that requires extending JWE). -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
