Please add the following text to paragraph 3 of section 10 in the JWE draft.
Additionally, this type of attack can be prevented by the use of "key-tainting". This method restricts the use of a key to a limited set of algorithms, usually one. This means that if the key is marked internally as being for RSA-OAEP only, any attempt to decrypt a message using the RSA1_5 algorithm would fail immediately as an invalid use of the key. Jim
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
