On Tue, Jun 11, 2024 at 1:43 AM Neil Madden <[email protected]> wrote:
> > > On 10 Jun 2024, at 22:30, Orie Steele <[email protected]> wrote: > > > Brian wrote: > > > The 'dir" Key Management algorithm for JWE is defined in JWA as Direct > Encryption with a Shared Symmetric Key, which is not what's happening with > that HPKE Direct Encryption mode. > > > This section defines the specifics of directly performing symmetric > key encryption without performing a key wrapping step. In this case, > the shared symmetric key is used directly as the Content Encryption > Key (CEK) value for the "enc" algorithm. > > https://www.rfc-editor.org/rfc/rfc7518.html#section-4.5 > > It is true that when 7518 was written, "alg : dir" only had one meaning, > for example: > > https://datatracker.ietf.org/doc/html/rfc7520#section-5.6 > > In the case of "HPKE Direct Encryption", consider the single shot APIs: > > https://datatracker.ietf.org/doc/html/rfc9180#name-single-shot-apis > > Instead of seeing: > > { > "alg": "dir", > "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", > "enc": "A128GCM" > } > > You would see: > > { > "alg": "dir", > "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", > "enc": "HPKE-Base-P256-SHA256-A128GCM" > } > > > This is a total nonstarter. “Dir” with any “enc” value currently provides > symmetric *authenticated encryption*. You cannot just change this to > suddenly provide public key unauthenticated encryption. That is an enormous > change in security properties that will absolutely lead to vulnerabilities. > Completely agree that this is a nonstarter. My prior comment was about the inappropriate use of the "dir" alg just from a spec perspective. But Neil's point here shows that there are dangerous implications to that kind of inappropriate use too. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
