On Thu, Oct 12, 2023 at 05:30:06PM +0200, Hannes Tschofenig wrote: > Hi all, > > As you may know, we have been working for quite a while on the > COSE-HPKE specification, see > https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/. After a lot > of discussions we managed to make fundamental design decisions > recently. During those discussions we also talked about the mapping > of HPKE to JOSE and we learned (off-list) about implementation work. > > I believe it is good to have a JOSE-based version of HPKE that aligns > with the work done in COSE. (It is a -00 version and details will > change.) I could imagine that many of you will agree with me.
One trap is that while JOSE can align with the two-layer COSE construction, it can not align with the one-layer COSE construction. In COSE, the two are linked by duality, but no analogous duality exists in JWE. Instead, JOSE requires different mechanism, using HPKE secret export, which is very similar to how ECDH direct key agreement works in JOSE. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
