**Session Date/Time:** 20 Mar 2025 02:30

# JOSE

## Summary

The JOSE working group meeting covered several draft specifications, including Fully Specified Algorithms, HPKE with JOSE, JSON Web Proofs, Deprecating Algorithms with Known Security Issues, Enhanced JWE with Detached AAD, and Web Cryptography API extension. Key discussion points revolved around algorithm identifier usage, integration of HPKE into JWE, parameter unification in JSON Web Proofs, and synchronization between IETF and W3C efforts regarding new cryptographic algorithms.

## Key Discussion Points

*   **Fully Specified Algorithms:** The draft is in good shape and nearing IES review. Appendix on ECDH was removed.
*   **HPKE with JOSE:**
    *   Concerns were raised about the use of the "DIR" algorithm identifier in the ENC header parameter, as it's already associated with a key management algorithm. It was decided that the authors will come back with a couple options which avoid breaking existing implementations, and the working group will work to come to an agreement. Using a new algorithm identifier (e.g., "INT") was also proposed.
    *   Discussion on whether to update the base JWE spec to reflect how the HPKE integrated encryption works. An action item was assigned to add text to update the base JWE spec and describe what is different with HPKE and JWE.
    *   There were suggestions to consider different serialization mechanisms instead of cramming HPKE into the existing JWE structure.
    *   The potential removal of the authenticated mode in HPKE was discussed, along with the need to coordinate with the potential new HPKE working group to maintain consistency.
*   **JSON Web Proofs:**
    *   The Seabor representation for the JSON Proof Token has been defined.
    *   Discussion on parameter unification, specifically whether to have separate registries for header parameters and claims, or a unified registry.
    *   Strong support for removing the JSON serialization due to limited added functionality.
    *   Discussion of how the new CFRG BBS extension drafts could be used and whether these capabilities and their use need to be understood for the JSON Web Proof representation.
    *   There was agreement that it should be understood if the JWP will be usable by other zero-knowledge proof techniques without contorting the JWP to accommodate them.
*   **Deprecating Algorithms with Known Security Issues:** A request was made for additional reviews before progressing to working group last call.
*   **Enhanced JWE with Detached AAD:** Concerns were raised about the need for this draft and whether it addresses a real problem, which also seemed to call into question it's suitability for the working group.
*   **Web Cryptography API Extension:**
    *   Presentation on how the Web Crypto API extension introduces new algorithms and how they interact with JSON Web Keys.
    *   Discussion about the need for JSON Web Algorithm definitions for new algorithms like MLDSA, ML-KEM, SLHDSA, ChaCha20-Poly1305, and various hash algorithms (SHA-3, SHAKE, K-MA).
    *   Discussion about OCB mode and the need to verify which version is used due to potential vulnerabilities.

## Decisions and Action Items

*   **HPKE with JOSE:**
    *   **Action Item:** Authors to propose alternative algorithm identifiers to "DIR" and present them to the mailing list.
    *   **Action Item:** Authors to write text appropriately updating the base jwe e spec to explain what is different with HPKE and JWE.
*   **JSON Web Proofs:**
    *   The working group will look to coordinate on other zero-knowledge proof techniques to ensure that the JWP format is usable by them without contorting the WJP format.
    *   It was agreed that a session at the next IIW should be had to explore the possibility of circuit-based zero-knowledge proofs with JWP.
*   **Deprecating Algorithms with Known Security Issues:**
    *   Request for additional reviews before working group last call.
    *   **Action Item:** Chairs to follow up with Neil after the meeting to arrange for an early review.
    *   **Action Item:** Chairs to follow up with those who volunteered for the review.

## Next Steps

*   Authors to revise the HPKE with JOSE draft based on feedback received, focusing on the algorithm identifier issue and updating the JWE base specification.
*   Authors to coordinate with the potential new HPKE working group to maintain consistency in standards.
*   Authors to continue refining the JSON Web Proofs draft, particularly focusing on seabor representation and interactions with BBS extensions and other zero-knowledge proof techniques, and will solicit additional feedback on the mailing list.
*   Chairs will schedule additional reviews for the "Deprecating Algorithms with Known Security Issues" draft.
*   The Chair will ask for additional support if there is interest in going forward with the Enhanced JWE with Detached AAD.
*   Philippe will provide Daniel with the feedback on integrating the new algorithms that were outlined in the Web Crypto API Extension draft with JSON Web Keys.