#104: Section 4.1.2 "jku" (JKW Set URL) Header Parameter If a jku is being used to provide information about binding the signer identity and the key together, then it needs to be part of the protected header. Otherwise this value can be changed without breaking the signature making it appear as if a different signer identity was bound to the key.
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: json-web- | Version: signature | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/104> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
