In trying to go through the issues with the WebCrypto group and the JOSE WG
dealing with the content of the use field. I ended up with a problem that I
had not recognized as being an issue when talking to John in Berlin. I want
to bring this issue up and see if anybody other myself is worried about it.
Consider the JWK
{'typ':'oct', 'use':'enc',"k":"GawgguFyGrWKav7AX4VKUg" }
We have stated that the value of 'enc' in this case can only be correctly
interpreted in the content of an algorithm restriction in the JWK as well.
In this case it is not possible for an importing function to change the
external 'enc' value to either 'encryption' or 'key-wrapping'. This means
that an implementation that imports the key and does not keep it in a JWK
formation will potentially reject the key as being mal-formed. Note that
this would not be an issue if we had both 'enc' and 'wrap' as key usages
because it would be unambigious.
Jim
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
