#4: Impossible to separate wrapped key from encrypted data Because the integrity check includes the wrapped key, all header parameters must be repeated for each recipient. It is not possible to send ciphertext, then deliver wrapped keys (as in the XMPP use case), because the ciphertext must be different for each recipient (because the ICV is different). In addition, in these asynchronous use cases, the sender must cache the plaintext of the message, rather than just the key (for wrapping to new recipients). There has been no demonstrated security benefit to offset the added cost and risk.
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: encryption | Keywords: Severity: Active WG | Document | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/4> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
