You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authenticated key agreement mechanisms, such as ECDH-SS or authenticated HPKE modes, mitigate the risk of misusing apu and apv by binding the derived key to the specific identities of the participants. This ensures that any alteration to apu or apv invalidates the derived key, preventing unintended use. However, in the base mode of HPKE, where no authentication is provided, the use of apu and apv does not offer any security guarantees and could be subject to misuse. Do we really need apu and apv in the Recipient Context and why is it not required for JWE Integrated Encryption ?
The text was updated successfully, but these errors were encountered:
Authenticated key agreement mechanisms, such as ECDH-SS or authenticated HPKE modes, mitigate the risk of misusing apu and apv by binding the derived key to the specific identities of the participants. This ensures that any alteration to apu or apv invalidates the derived key, preventing unintended use. However, in the base mode of HPKE, where no authentication is provided, the use of apu and apv does not offer any security guarantees and could be subject to misuse. Do we really need apu and apv in the Recipient Context and why is it not required for JWE Integrated Encryption ?
The text was updated successfully, but these errors were encountered: