On Wed, Jun 12, 2024 at 09:00:02AM -0500, Orie Steele wrote: > I think the easiest solution to this would be to do a consensus call on if > single shot APIs need to be supported in JOSE and COSE, because not needing > to support them drastically simplifies the conversation.
I don't think it is possible to simplify things by using multishot instead of single-shot. In COSE, the easiest way is to use the unprotected bucket. In JOSE, the easiest way to support direct HPKE is to define algorithm "direct encryption" operation and then use that in a new mode. One needs new algorithm operation anway, because alg:ECDH-ES+A128KW, enc:dir is nonsense, and needs to be rejected somehow. In both cases, one might as well use single-shot because it is easier. The two modes do not even invoke the same algorithm operations in JOSE, so I don't think it is complicated to put the encrypted key into JWE Encrypted Key when performing direct HPKE. In contrast, the two are actually unified in COSE. > FWIW, I've been consistently on the "single shot APIs are not a requirement > camp", and I think Ilari has been in the other camp, but I will let him > answer for himself. BTW, the HPKE library I wrote actually has no single-shot API (to keep the API size down). And the COSE HPKE test code I wrote actually did hold to the HPKE context for significant length of time. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
