JOSE is at last using draft-mcgrew-aead-aes-cbc-hmac-sha2, but why is so much duplicated in JWA instead of referenced? JOSE should have 1 sentence saying:
The JOSE "alg" strings "A128CBC-HS256" and "A256CBC-HS512" correspond to the AEAD_AES_128_CBC_HMAC_SHA_256 and AEAD_AES_256_CBC_HMAC_SHA_512 algorithms defined in [I-D.mcgrew-aead-aes-cbc-hmac-sha2]. That should be enough. Drop the other 4 pages of JWA on this. If we really insist on breaking the RFC 5116 AEAD model, add 1 more paragraph. In [I-D.mcgrew-aead-aes-cbc-hmac-sha2] the ciphertext includes the CBC initialization vector as a prefix and the truncated HMAC as a suffix. In a JOSE these two fields are separated from the ciphertext and treated as the JWE Nonce and JWE Authentication Tag respectively. The JWE Ciphertext is the remaining ciphertext (ie minus the prefix and suffix). Why does JWA duplicate test cases for AES_CBC_HMAC_SHA2 (Appendix C) that will be in draft-mcgrew-aead-aes-cbc-hmac-sha2? The test cases are not even JOSE messages. I hope this is a temporary addition pending the publication of draft-mcgrew-aead-aes-cbc-hmac-sha2-02 (with the test cases). -- James Manger _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
