On Mon, Jan 22, 2024 at 04:04:45PM -0600, Orie Steele wrote: > Here is the JSON approach you suggested: > > https://github.com/OR13/draft-jose-hpke-test-vectors/blob/main/src/json.ts > > The JSON approach has no protected headers, and makes no use of aad. > > It seems like it should behave the same as the compact approach. > > Why not treat the protected header as aad for seal in the JSON approach?
It is not possible to do so, because of the JWE message encryption procedure. And it is not possible to change that procedure for JSON serialization, since it acts as arbitration mechanism. (Compact serialization needs no arbitration, so the encryption procedure can be redefined with compact serialization.) > Seems that would be safer, and it would commit the JOSE ciphertext for > encrypted_key to the "alg" used in the HPKE suite. HPKE already internally does that. Or did you mean commit to "enc" used in JWE encryption? -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
