[jose] Re: draft-ietf-jose-hpke-encrypt-01

Mon, 08 Jul 2024 07:12:40 -0700 

On Mon, Jul 08, 2024 at 08:24:42AM -0500, Orie Steele wrote:
> Here is the current language on distinguishing "integrated encryption" from
> "key encryption".
> 
> https://datatracker.ietf.org/doc/html/draft-ietf-jose-hpke-encrypt-01#name-overview
> 
> > When "alg" and "enc" are both present in a protected header and when "iv"
> and "tag" are empty, the mode is HPKE JWE Integrated Encryption.
> > When "enc" is present in a protected header and "alg" is absent, the mode
> is HPKE JWE Key Encryption when a valid HPKE "alg" value is present in the
> unprotected headers.

JWE does allow "alg" and "enc" in protected headers. And it explicitly
specifies what to do with empty "iv" and "tag" (but not what to do with
empty ciphertext!), so presumably ordinary bulk encryption algorithms
can opt not to use those values.

 
> I think recipient structures should probably not have "enc": "A128GCM",
> like they do here:
> 
> "recipients": [
>     {
>       "encrypted_key": "S_y3YPaLfjiwGz5o65BHciu14AZv-0J4Kzgtp2s7p7Q",
>       "header": {
>         "alg": "HPKE-P256-SHA256-A128GCM",
>         "enc": "A128GCM", // <- lets remove this ?
>         "kid": "...8fUl1xxvZ-Krvc",
>         "psk_id": "our-pre-shared-key-id",
>         "auth_kid": "...xOA7V-uy8fUl1xxvZ-Krvc",
>         "ek": "...XxWhJyb4LCzMGOLc"
>       }
>     }
>   ]

Yeah, I consider putting "enc" in recipient headers as pretty insane
Unfortunately, JWE allows that (as long as every recipient has the
same value).

(I would rather not implement that unless Important Enough Application
is using it. And good material for BCP to say Don't Do That.)


> We could say when  "alg": "HPKE-P256-SHA256-A128GCM" and no "enc" in the
> recipient header, the mode is "HPKE JWE Key Encryption"
> When "alg": "HPKE-P256-SHA256-A128GCM" and "enc": "A128GCM" in the header
> the mode is HPKE JWE Integrated Encryption.

Unfortunately, JWE says that all protected or shared headers are
implicitly included in recipient headers, so that does not work.




-Ilari

_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to