I do not support adoption, for several reasons: 1. HPKE is an informational RFC, not a standard. I don’t think this meets any of the criteria described in RFC 3967/BCP 97. 2. The authenticated modes of HPKE are insecure for use in a multi-recipient standard like JOSE due to the lack of Insider-Auth Security. 3. The algorithms registered by this draft entirely duplicate existing algorithms for no benefit whatsoever.
If people want to use HPKE with JOSE, I think that should be done as an Informational RFC not a standard. — Neil > On 23 May 2024, at 04:41, Karen ODonoghue <[email protected]> wrote: > > JOSE working group, > > The following individual submission: > https://datatracker.ietf.org/doc/draft-rha-jose-hpke-encrypt/ > <https://datatracker.ietf.org/doc/draft-rha-jose-hpke-encrypt/> > has received a fair amount of comment and discussion. > > This email starts a two week call for adoption. Please review the document, > provide feedback, and indicate whether you think this is a document for the > working group to pursue. Please reply by 5 June keeping the subject line > intact. In addition to any feedback, please be clear about your position on > adoption. > > Regards, > JOSE working group chairs. > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
