AFAICT, the X.509 fields in JWE are pretty useless. If you're using key transport (i.e., wrapping the symmetric key in a public key), then you would use the "jwk" or "jku" fields to reference the key pair you used to do the wrapping. The only function of the public key crypto fields in a JWE is to let the recipient know which private key to use for decryption. The recipient already needs to have the private key, since it obviously won't be in the message.
The question of how the encrypting party figures out which public key to use for a given recipient (and in particular, roll-over), is an application-layer question, not something that JWE would address. See the XMPP end-to-end security doc for an example; they use a separate exchange to associate a JWK with an XMPP ID. <http://tools.ietf.org/html/draft-miller-xmpp-e2e> --Richard On Jan 22, 2013, at 1:10 PM, Brian Campbell <[email protected]> wrote: > Is there a concrete use case for this that someone could explain to me? > > How does an encrypting party know what URL to use to get the key to encrypt? > I assume some out-of-band exchange. How would key rolling work then? An an > encrypting party would need to a priori know all potential x5u's of the > decrypting party? Which seems dubious. And how would the decrypting party > signal a desired change of keys? > > Am I missing something obvious here? > > > > > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
