Ilari, I've pulled your suggestion from the other thread here: https://mailarchive.ietf.org/arch/msg/jose/LNE_SZNXXxxpxsdnQr1YjmlQqLc/
And updated the original proposals: ## draft-ietf-jose-hpke-encrypt-01 call topic number 1 (Yes / No): ### For HPKE JWE Integrated Encryption Mode: The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". The "enc" value SHALL be "dir". The working group SHALL draft text explaining what "enc:dir" means, and how it related to "alg". The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". *The hpke-aad SHALL from JWE Section 5.1 step 14.The hpke-info SHALL be empty.* ## draft-ietf-jose-hpke-encrypt-01 call topic number 2 (Yes / No): ### For HPKE JWE Key Encryption Mode: The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". The "enc" value SHALL be any registered AEAD here - https://www.iana.org/assignments/jose/jose.xhtml, per section of RFC7518. *The hpke-aad SHALL be ECDH-ES FixedInfo (citation needed)The hpke-info SHALL be empty.* Changes are in bold. Any other suggestions? Regards, OS On Thu, Jul 11, 2024 at 8:33 AM Orie Steele <[email protected]> wrote: > Ilari's how would you modify the 2 proposals? > > Tiru, let's stick to the 2 I've outlined here. > > There's been a lot of discussion, we've shown this list every possible > angle... We need to start eliminating variables not adding new ones. > > We want this thread to focus on concrete refinements to these proposals, > if you object to text please offer a resolution, which could include simply > to remove the sentence from the proposal for now. > > Our goal is to make sure that -02 has new text that the working group > agrees with. > > Let's not argue over what is in JWE, let's argue over the text that will > go into the next draft version. > > > On Thu, Jul 11, 2024, 7:59 AM Ilari Liusvaara <[email protected]> > wrote: > >> On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote: >> > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <[email protected] >> > >> > wrote: >> > >> > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote: >> > > > >> > > > >> > > > I would like add another option proposed below for HPKE JWE >> Integrated >> > > > Encryption Mode: >> > > > >> > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256". >> > > > The "enc" value SHALL be " A128GCM". >> > > > The hpke-aad SHALL be of the form "protected (.aad)", as described >> in >> > > Step >> > > > 15 of RFC7516. >> > > > The hpke-info SHALL be the same as is provided to concatKDF info for >> > > > ECDH-ES, as described in >> > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2 >> > > >> > > JWE does not allow doing that. >> > > >> > >> > Why does not JWE allow use of {"alg" : "HPKE-P256-SHA256", "enc": >> > A128GCM"} in case of direct key agreement mode ? >> >> That would preclude bulk encryption using HPKE and require using HPKE >> secret export (SendExport* and ReceiveExport*) for generating CEK for >> performing standard JOSE bulk encryption. More complicated to implement, >> but does not need JWE extensions. >> >> When it comes to JWE modes, stuff either is or is not, there is no >> "similar". >> >> >> >> >> -Ilari >> >> _______________________________________________ >> jose mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
