Ilari's how would you modify the 2 proposals? Tiru, let's stick to the 2 I've outlined here.
There's been a lot of discussion, we've shown this list every possible angle... We need to start eliminating variables not adding new ones. We want this thread to focus on concrete refinements to these proposals, if you object to text please offer a resolution, which could include simply to remove the sentence from the proposal for now. Our goal is to make sure that -02 has new text that the working group agrees with. Let's not argue over what is in JWE, let's argue over the text that will go into the next draft version. On Thu, Jul 11, 2024, 7:59 AM Ilari Liusvaara <[email protected]> wrote: > On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote: > > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <[email protected]> > > wrote: > > > > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote: > > > > > > > > > > > > I would like add another option proposed below for HPKE JWE > Integrated > > > > Encryption Mode: > > > > > > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256". > > > > The "enc" value SHALL be " A128GCM". > > > > The hpke-aad SHALL be of the form "protected (.aad)", as described in > > > Step > > > > 15 of RFC7516. > > > > The hpke-info SHALL be the same as is provided to concatKDF info for > > > > ECDH-ES, as described in > > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2 > > > > > > JWE does not allow doing that. > > > > > > > Why does not JWE allow use of {"alg" : "HPKE-P256-SHA256", "enc": > > A128GCM"} in case of direct key agreement mode ? > > That would preclude bulk encryption using HPKE and require using HPKE > secret export (SendExport* and ReceiveExport*) for generating CEK for > performing standard JOSE bulk encryption. More complicated to implement, > but does not need JWE extensions. > > When it comes to JWE modes, stuff either is or is not, there is no > "similar". > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
