HPKE adoption in various standard protocols demonstrates its practical utility and relevance. The intent is to leverage HPKE's well-defined cryptographic primitives and framework to enhance JOSE's capabilities, even if it is not classified as a standard.
HPKE is already utilized by several other protocols, such as ECH in TLS 1.3, COSE HPKE, Oblivious HTTP, and MLS. All these specifications are on the standards track (e.g., see RFC 9420 and RFC 9458). Moreover, its inclusion can set a precedent for future standardization efforts, such as the construction of a PQ/T Hybrid Key Encapsulation Mechanism (KEM) in HPKE for integration with JOSE and COSE. The document specifies all the modes of HPKE for completeness but only registers algorithms in the Base mode for the JSON registry (similar to COSE HPKE draft). It will be up to future specifications to determine whether there is a need to support HPKE in authenticated mode within JOSE/COSE and address the potential threats. -Tiru On Thu, 23 May 2024 at 15:02, Neil Madden <[email protected]> wrote: > I do not support adoption, for several reasons: > > 1. HPKE is an informational RFC, not a standard. I don’t think this meets > any of the criteria described in RFC 3967/BCP 97. > 2. The authenticated modes of HPKE are insecure for use in a > multi-recipient standard like JOSE due to the lack of Insider-Auth Security. > 3. The algorithms registered by this draft entirely duplicate existing > algorithms for no benefit whatsoever. > > If people want to use HPKE with JOSE, I think that should be done as an > Informational RFC not a standard. > > — Neil > > On 23 May 2024, at 04:41, Karen ODonoghue <[email protected]> wrote: > > JOSE working group, > > The following individual submission: > https://datatracker.ietf.org/doc/draft-rha-jose-hpke-encrypt/ > has received a fair amount of comment and discussion. > > This email starts a two week call for adoption. Please review the > document, provide feedback, and indicate whether you think this is a > document for the working group to pursue. Please reply by 5 June keeping > the subject line intact. In addition to any feedback, please be clear about > your position on adoption. > > Regards, > JOSE working group chairs. > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
