[jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01

[Michael Jones <michael_b_jones@hotmail.com>]

So Brian, its it then your position that JWE should support HPKE key encryption mode (which would use the AEAD algorithm specified by “enc”) but not HPKE integrated encryption mode, which operates directly on the plaintext without a separate content encryption key (CEK) – a mode for which there is no corresponding representation in RFC 7516 (hence some of the difficulties in this whole discussion)?

                                                                -- Mike

From: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Sent: Friday, July 12, 2024 3:11 PM
To: Orie Steele <orie@transmute.industries>
Cc: JOSE WG <jose@ietf.org>; jose-chairs@ietf.org
Subject: [jose] Re: Strawperson consensus call for changes to draft-ietf-jose-hpke-encrypt-01



On Wed, Jul 10, 2024 at 9:45 AM Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>> wrote:

### For HPKE JWE Integrated Encryption Mode:

The "enc" value SHALL be "dir".
The working group SHALL draft text explaining what "enc:dir" means, and how it related to "alg".

This doesn't work with RFC7516/JWE's definition of the "enc" header<https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2>, which states that the `enc` "(encryption algorithm) Header Parameter identifies the content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext and the Authentication Tag. This algorithm MUST be an AEAD algorithm with a specified key length."





CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.