I just noticed a couple of things in the JWE's x5c definition that struck me as maybe not right.
From http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.9 "The certificate containing the public key of the entity that encrypted the JWE MUST be the first certificate." - but it's not the public key of the entity that encrypted, is it? It's the public key of the entity that will decrypt. The other entity. "The recipient MUST verify the certificate chain according to [RFC5280] and reject the JWE if any validation failure occurs." - maybe I'm missing something but why would the recipient verify it's own certificate chain? And the first hyperlink in "See Appendix B<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#appendix-B>of [ JWS<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#ref-JWS>] for an example "x5c" value" takes you to Appendix B of JWE, which is Acknowledgements, rather than JWS as the text would suggest. So all those little nits could be fixed. But maybe it'd be better to just remove x5c from JWE all together? As Richard pointed out previously, http://www.ietf.org/mail-archive/web/jose/current/msg01434.html, there's really no point in sending a whole chain to help the recipient identify its own key.
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
