A design team formed and met after the JOSE working group meeting at IETF 124 in Montreal to discuss possible next steps for the JOSE HPKE specification. As recorded in the PR applying the decisions made, the design team produced these recommendations:
- Not use
"enc"when performing Integrated Encryption. - Define one new Key Management Mode for Integrated Encryption.
- Integrate the new mode into the Message Encryption and Message Decryption instructions from RFC 7516 and replace them.
- Utilize distinct algorithm identifiers for the use of HPKE for Integrated Encryption and HPKE for Key Encryption.
- Only use the Recipient_structure when doing Key Encryption and not when doing Integrated Encryption.
Draft 15 has now been published, which incorporates these decisions. Note that the title of the specification has been changed to “Use of Hybrid Public Key Encryption (HPKE) with JSON Web Encryption (JWE)” to more precisely describe what it does.
Those attending the design team were Karen O’Donoghue, John Bradley, Hannes Tschofenig, Filip Skokan, Brian Campbell, Leif Johansson, Paul Bastian, and myself – with it all being kicked off by Deb Cooley.
Special thanks to Filip Skokan for creating the examples used in the specification.
Brian and I celebrated our deliberations together with a mostly failed attempt at ping pong, the design team meeting having been held in the Ping Pong room.
I believe the next steps are to apply the same decisions to the COSE HPKE specification and then hold another set of concurrent working group last calls (WGLCs) for both specifications.
Today the OpenID Connect Working Group started a two-week Working Group Last Call (WGLC) for the