On Mon, Oct 28, 2024 at 11:11:15AM -0400, Rene Leveille wrote: > > The flow in CXP is indeed a series or messages with a single recipient. The > key lifecycle is dictated by the protocol itself, the encapsulated keys > will still be ephemeral but would be kept in memory for a short period of > time.
JWE is not suited for such flows. All JWE messages are assumed to be self-standing. JWE is not suitable for the flow in CXP. > I do see this being either an adapted integrated encryption mode or a > similar but new mode. That would require major changes to JWE. To extent that the result would be more like JWE2 than extended version of JWE. > I am aware of COSE HPKE, however it does seem to follow the same use > cases as JOSE HPKE. COSE_Encrypt also assumes messages are self-standing, so the flow would also require major changes to COSE_Encrypt. So COSE_Encrypt is not suitable for CXP either. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
