On Sat, Oct 11, 2025 at 7:59 AM Filip Skokan <[email protected]> wrote:
> That's an affordance that has not proven to be desired or needed in > practice, especially since you can have multiple keys in a JWKS, some for > "single" recipient cases, some for "multi" recipient cases. > > > The only potential footgun is specifying alg for ECDH keys, don't do > that. > > That's not a footgun, that's being descriptive and precise in specifying > what a JWK public key representation is for. > > As a side note, JOSE-HPKE having the same "alg" for both integrated > encryption and key encryption, in that you must take a look at the "enc" to > figure out what's what is barely acceptable, let alone to be used as an > argument. > As a side note about this side note, I will reiterate that I believe having the same "alg" value for both integrated encryption and key encryption is outright unacceptable. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
