All the JWE block encryption algorithms we're using require an Initialization Vector. I'd originally put the IV in the JWE header because I thought it would be optional, but in practice, it's not. As a result, we're always double base64url encoding required content.
I did an investigation and we could save 15 characters in the GCM example at http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04#section-3.1 and 17 characters in the CBC example at http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04#section-3.2 if we were to represent the IV as another dot-separated element rather than putting it in the header and double base64url encoding it. Since size matters a lot in some use cases, we should consider whether to do this. I'll add it to the open issues list for us to discuss in Vancouver. -- Mike
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
