On Sat, Mar 22, 2025 at 07:10:30AM +0700, tirumal reddy wrote: > Agree on 1) and 2). However, issue 3, mixing HPKE Sender and Recipient > Roles is not specific to HPKE; it is a broader issue that also applies to > JWE with ECDH-ES.
ECDH-ES does not have sender role (for the same reason as HPKE base and psk modes do not have sender role). ECDH-SS does have sender role, but JWE does not have any registered algorithms for it. COSE_Encrypt does have some algorithms for it. Sender role also appears in some double-ECDH constructions like the one used for HPKE auth and authpsk modes. Neither JWE nor COSE_Encrypt have any registered algorithms like that. However, JWE allows vendor algorithms (COSE_Encrypt does not), and there is no visibility on what those algorithms are doing. But that is not a problem for the WG. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
