On Tue, 11 Jun 2024 at 13:32, Ilari Liusvaara <[email protected]> wrote:
> On Tue, Jun 11, 2024 at 12:46:58PM +0530, tirumal reddy wrote: > > On Tue, 11 Jun 2024 at 03:00, Orie Steele <[email protected]> > wrote: > > > > > Perhaps the working group might consider the following alternatives > more > > > intuitive: > > > > > > { alg: HPKE-Base-P256-SHA256-A128GCM, enc: dir } > > > or > > > { alg: HPKE-Base-P256-SHA256-A128GCM, enc: A128GCM } > > > or > > > { alg: HPKE-Base-P256-SHA256-A128GCM } (enc implied to be A128GCM) > > > > > > > I see that the JOSE specifications expect both parameters to be provided. > > Despite the redundancy, the second option seems like the preferred > choice. > > The second option is not possible for direct HPKE. It already has very > specific meaning in JOSE: Use "HPKE-Base-P256-SHA256-A128GCM" (which is > presumably Key Encryption) to decrypt the key for "A128GCM", which is > not direct HPKE. > > The first and third options are at least currently illegal in JOSE (the > first because "dir" is not AEAD, and the third because "enc" is > mandatory), so would be technically possible for direct HPKE (but > that requires extending JWE). > Got it, Thanks for the clarification. I suggest the following alternative extension for direct HPKE: { "alg": "HPKE", "enc": "HPKE-Base-P256-SHA256-A128GCM" } In this alternative, the "alg" parameter is set to "HPKE" to indicate the use of Hybrid Public Key Encryption, and the "enc" parameter specifies the detailed algorithm suite used by HPKE, combining the key exchange and content encryption algorithm. -Tiru > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
