Make the IV a prefix of the ciphertext and you save another couple of bytes. Plus the IV length would no longer be defined twice (firstly by the alg definition; secondly by the length of the IV field in the message), which avoids a potential inconsistency.
While we are doing that, may as well make the AEAD authentication tag a suffix of the ciphertext. -- James Manger From: [email protected] [mailto:[email protected]] On Behalf Of Mike Jones Sent: Saturday, 28 July 2012 8:49 AM To: [email protected] Subject: [jose] Open Issue: Representing the JWE IV as a dot-separated element All the JWE block encryption algorithms we’re using require an Initialization Vector. I’d originally put the IV in the JWE header because I thought it would be optional, but in practice, it’s not. As a result, we’re always double base64url encoding required content. I did an investigation and we could save 15 characters in the GCM example at http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04#section-3.1 and 17 characters in the CBC example at http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-04#section-3.2 if we were to represent the IV as another dot-separated element rather than putting it in the header and double base64url encoding it. Since size matters a lot in some use cases, we should consider whether to do this. I’ll add it to the open issues list for us to discuss in Vancouver. -- Mike
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
