I agree with Ilari, Solving for conveyance of multiple HPKE messages in JSON, would be better handled outside of typical "JWE".
If there is interest in defining that in JOSE / COSE... I would suggest tackling it in a separate document. It might also be worth looking at MLS, to see if it's a better starting point than vanilla HPKE. https://datatracker.ietf.org/wg/mls/about/ https://www.iana.org/assignments/mls/mls.xhtml#mls-wire-formats OS On Mon, Oct 28, 2024 at 10:55 AM Ilari Liusvaara <[email protected]> wrote: > On Mon, Oct 28, 2024 at 11:11:15AM -0400, Rene Leveille wrote: > > > > The flow in CXP is indeed a series or messages with a single recipient. > The > > key lifecycle is dictated by the protocol itself, the encapsulated keys > > will still be ephemeral but would be kept in memory for a short period of > > time. > > JWE is not suited for such flows. All JWE messages are assumed to be > self-standing. > > JWE is not suitable for the flow in CXP. > > > > I do see this being either an adapted integrated encryption mode or a > > similar but new mode. > > That would require major changes to JWE. To extent that the result would > be more like JWE2 than extended version of JWE. > > > > I am aware of COSE HPKE, however it does seem to follow the same use > > cases as JOSE HPKE. > > COSE_Encrypt also assumes messages are self-standing, so the flow would > also require major changes to COSE_Encrypt. So COSE_Encrypt is not > suitable for CXP either. > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
