On Wed, Oct 22, 2025 at 10:07:22AM -0600, Orie wrote: > If we assume AKP, and there is a desire to restrict a key to only > integrated encryption, then the algorithm identifiers would need to be > updated. > > I can buy the security argument that it should be possible to restrict a > key to only integrated encryption...
Assuming the whole mechanism is not flawed, there should not be any security reason to restrict key to only Integrated Encryption. > Especially because with key encryption a weaker recipient could be > attacked leading to disclosure. Not without a critical vulnerability in sender (failing to enforce policy on any used cryptographic algorithms for encryption). Any keys that can not meet the policy (would force use of a forbidden cryptographic algorithm) MUST be rejected, and any other algorithm choices MUST respect the policy. > Having a way to distinguish the supported algorithms also fits with > the spirit of fully specified algorithms. No, it is not. With encryption, there is just not enough information available, even with fully specified algorithms in JOSE. E.g., there is no way to signal supported bulk ciphers (and unsupported bulk cipher is a certain failure). -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
