On Thu, May 23, 2024 at 02:52:53PM +1000, Martin Thomson wrote: > > I do question the specification of two modes. I guess that is > consistent with the plethora of modes JOSE already supports, but when > you combine that with all the modes of HPKE, this ends up being very > complex.
It is going to be very complex even without combining with all the HPKE modes. The biggest reason for that is that one of the two modes is not among the 5 modes[1] that JWE defines (what the draft calls "Direct Encryption" is not what JWE means with Direct Encryption[2]). And JWE bakes assumption that there are 5 modes down and how those behave to the most fundamental stuff. Thus, adding a new mode would require monkeypatching the lowest level stuff in JWE. The analogous COSE assumption (any mode other than Direct Encryption and Direct Key Agreement can pull keys) turns out not to be a problem at all (HPKE pulls keys just fine). And then there are smaller issues, like having to either represent some stuff in different ways for two modes, or not being able to use HPKE oneshot API for one of the modes. [1] Direct Encryption, Key Wrapping, Direct Key Agreement, Key Agreement with Key Wrapping and Key Encryption. [2] JWE requires Direct Encryption to be symmetric AEAD, which HPKE is not (because it is asymmetric). -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
