Can we take debate of "HPKE secret export" to a new thread? AFAIK it has not been proposed to be used in either JOSE or COSE.
I'm adjusting the current proposals to match the comment from Matt Chandra on the other thread: ## draft-ietf-jose-hpke-encrypt-01 call topic number 1 (Yes / No): ### For HPKE JWE Integrated Encryption Mode: The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". The "enc" value SHALL be "dir". The working group SHALL draft text explaining what "enc:dir" means, and how it related to "alg". The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". The hpke-aad SHALL from JWE Section 5.1 step 14. *The hpke-info SHOULD be empty.* ## draft-ietf-jose-hpke-encrypt-01 call topic number 2 (Yes / No): ### For HPKE JWE Key Encryption Mode: The algorithm name SHALL be of the form "HPKE-P256-SHA256-A128GCM". The "enc" value SHALL be any registered AEAD here - https://www.iana.org/assignments/jose/jose.xhtml, per section of RFC7518. The hpke-aad SHALL be ECDH-ES FixedInfo *(citation needed @ilari can you provide a reference here please?) * *The hpke-info SHOULD be empty.* Changes are in bold. There is also an issue to track applying this update https://github.com/OR13/draft-ietf-jose-hpke-encrypt/issues/2 Regards, OS On Thu, Jul 11, 2024 at 9:22 AM tirumal reddy <[email protected]> wrote: > On Thu, 11 Jul 2024 at 18:29, Ilari Liusvaara <[email protected]> > wrote: > >> On Thu, Jul 11, 2024 at 02:18:23PM +0530, tirumal reddy wrote: >> > On Thu, 11 Jul 2024 at 13:12, Ilari Liusvaara <[email protected] >> > >> > wrote: >> > >> > > On Thu, Jul 11, 2024 at 11:19:19AM +0530, tirumal reddy wrote: >> > > > >> > > > >> > > > I would like add another option proposed below for HPKE JWE >> Integrated >> > > > Encryption Mode: >> > > > >> > > > The algorithm name SHALL be of the form "HPKE-P256-SHA256". >> > > > The "enc" value SHALL be " A128GCM". >> > > > The hpke-aad SHALL be of the form "protected (.aad)", as described >> in >> > > Step >> > > > 15 of RFC7516. >> > > > The hpke-info SHALL be the same as is provided to concatKDF info for >> > > > ECDH-ES, as described in >> > > > https://datatracker.ietf.org/doc/html/rfc7518#section-4.6.2 >> > > >> > > JWE does not allow doing that. >> > > >> > >> > Why does not JWE allow use of {"alg" : "HPKE-P256-SHA256", "enc": >> > A128GCM"} in case of direct key agreement mode ? >> >> That would preclude bulk encryption using HPKE and require using HPKE >> secret export (SendExport* and ReceiveExport*) for generating CEK for >> performing standard JOSE bulk encryption. More complicated to implement, >> but does not need JWE extensions. >> > > I don't get the complication, HPKE secret export is already used by > protocols like OHAI. > > -Tiru > > >> >> When it comes to JWE modes, stuff either is or is not, there is no >> "similar". >> >> >> >> >> -Ilari >> >> _______________________________________________ >> jose mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
