Axel,
> I moved my JOSE implementation out of my openinfocard project into a
> new repository:
> https://code.google.com/p/jsoncrypto/
It is good to see another JOSE implementation.
Does jsoncrypto implement the "MUST understand everything" rule?
[JWE-05, section 4]
Implementations MUST understand the entire contents of the
header; otherwise, the JWE MUST be rejected.
[JWE-05, section 6]
4. The resulting JWE Header MUST be validated to only include
parameters and values whose syntax and semantics are both
understood and supported.
Jsoncrypto does not appear to implement this rule. It appears to take the
obvious approach of looking in the header for the fields it needs -- and
ignoring anything else that might be there.
[Regardless of any possible merit in a "MUST understand everything" rule, the
fact that it will often not be implemented seems like a really good reason to
drop the rule so the spec reflects reality.]
--
James Manger
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
