Mike’s proposal for supporting multiple recipients by joining multiple
base64url-encoded JOSE fields with a "~" character is cute
[draft-ietf-jose-json-web-encryption-10; section 5.1; step 15]. However, it is
not the approach we should take.
JOSE is about using JSON, except where binary quantities (such as ciphertext)
would be too inefficient in JSON. Details for all recipients should be combined
in a single JSON header.
Proposal: Change JWE to have a recipient array.
For example (eliding base64url encoding):
{
"o":{ ..details of originator key.. },
"r":[
{ ..details of key exchange for 1st recipient.. },
{ ..details of key exchange for 2nd recipient.. },
...
]
}
.<binary blob associated with originator>
.<binary blob associated with 1st recipient>
.<binary blob associated with 2nd recipient>
.<rest of JOSE message>
--
James Manger
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
