The authors have gone back and forth between having integrated encryption be specified in just alg (no enc), then alg, then enc. I agree with Richard that having it in alg would be better. I also agree with Brian that it would be violating the definition of "alg" as much as "int" in "enc" does at the moment (and that's still better than re-using "dir" for that purpose). But being the least bad of 4 bad options doesn't make it any less bad as shown by the other reviews.
-- https://www.ietf.org/archive/id/draft-ietf-jose-hpke-encrypt-09.html#section-5.2 This example should exhibit Integrated Encryption but doesn't. -- https://www.ietf.org/archive/id/draft-ietf-jose-hpke-encrypt-09.html#name-mapping-hpke-keys-to-jwk-fo The ASCII table is not aligned properly. --- > Given HPKE’s current and growing importance across IETF work and beyond, a > JOSE-style container for HPKE deserves thoughtful, responsible, and secure > design. Unfortunately, the current draft does not meet that standard of > rigor or seriousness. This 100% (Bring on the squigglies /s) --- I do not support publication in the current state. While its implementation is certainly possible (but unlikely in a wider javascript ecosystem without bundling wasm/pure js dependencies due to lack of Web API support for HPKE), Integrated Encryption alg/enc values do not fit the current JWE Header Parameter definitions amongst the other issues brought forth by Neil and Richard. S pozdravem, *Filip Skokan* On Wed, 4 Jun 2025 at 22:26, Karen ODonoghue <kodo...@pobox.com> wrote: > jose working group, > > > This starts a two-week Working Group Last Call (WGLC) for the Use of > Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption > (JOSE) specification > https://www.ietf.org/archive/id/draft-ietf-jose-hpke-encrypt-08.html. > The WGLC will run for two weeks, ending on Friday, June 20, 2025. > > > > Please review and send any comments or feedback to the JOSE working group > at jose@ietf.org. Even if your feedback is “this is ready for > publication”, please let us know so that we can accurately document > consensus. > > > > Note that this WGLC is intentionally running concurrently with a COSE WGLC > for https://www.ietf.org/archive/id/draft-ietf-cose-hpke-13.html because > the drafts are closely related and their functionality is intended to be > aligned. Please reply to the COSE WGLC on the c...@ietf.org mailing list. > > > > Thanks, > > Karen, John, and John (jose wg chairs) > > > _______________________________________________ > jose mailing list -- jose@ietf.org > To unsubscribe send an email to jose-le...@ietf.org >
_______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-le...@ietf.org
