Including the JWE Per-Recipient Unprotected Header does not seem to provide a real security benefit. Adding unprotected header attributes to the HPKE "info" parameter enables tamper detection through decryption failure, but it does not authenticate those attributes. We need a clear security justification for including it in the HPKE "info".
-Tiru On Tue, 28 Oct 2025 at 04:13, Orie <[email protected]> wrote: > It also seems like there was desire to create some kind of per recipient > protected header in JOSE to mirror what exists in COSE? > > If that is the goal than base64 url encoding JSON should be enough to get > something that works with kdf info or aead_aad. > > You can preserve those attributes via concatenation as well, similar to > how JOSE handles AAD. > > But the processing logic would be significantly different to support that, > and involve some trickery with unprotected headers no matter what. > > OS > > > On Mon, Oct 27, 2025, 2:30 PM Brian Campbell <bcampbell= > [email protected]> wrote: > >> Thanks Ilari, that seems very much like the right direction. >> >> On Mon, Oct 27, 2025 at 1:09 PM Ilari Liusvaara <[email protected]> >> wrote: >> >>> On Mon, Oct 27, 2025 at 04:37:51PM +0530, tirumal reddy wrote: >>> > Thanks, Orie, for the detailed explanation. I’ve updated PR #76 >>> > <https://github.com/ietf-wg-jose/draft-ietf-jose-hpke-encrypt/pull/76> >>> to >>> > address these points. The recipient_protected_header has been removed, >>> and >>> > the next_layer_alg field has been made mandatory, along with added >>> > rationale for its inclusion. >>> >>> I think binary encoding would be better here, as it would be much >>> simpler and much more compact (space is at premium here, as the maximum >>> portable info size is 64 bytes). E.g.: >>> >>> "JOSE-HPKE >>> rcpt"+BYTE(255)+ASCII(next_layer_alg)+BYTE(255)+recipient_extra_info >>> >>> >>> (Substitute ASCII->UTF8 to encode illegal algorithm names, or >>> ASCII->WTF8 to encode even more illegal ones.) >>> >>> >>> E.g., A256GCM without extra info gives: >>> >>> "JOSE-HPKE rcpt\xffA256GCM\xff" (23 bytes) >>> >>> >>> >>> >>> -Ilari >>> >>> _______________________________________________ >>> jose mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.*_______________________________________________ >> jose mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
