On Thu, Dec 12, 2024 at 10:52:03AM -0600, Orie Steele wrote: > +1 to your point Neil, and that is an option in COSE. > > https://datatracker.ietf.org/doc/html/rfc9052#section-3.1-6 (although not > obvious, alg is an optional header in COSE). > > Sadly it would be a breaking change to JOSE to do that: > > https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1
Funkily enough, COSE-HPKE seemingly allows omitting alg for recipient encryption (can't find any requirement) but not direct content encryption: "The sender MUST set the alg parameter in the protected header, which indicates the use of HPKE." -Ilari _______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
