I can see a value of allowing for the ability to set an IV for the GCM case if the uniqueness of the GCM key IV is being kept by the application rather than the crypto system. I am not sure that this is the way that I would go about doing this for JOSE. However this is the way it would be done for COSE so it might not be a completely bad thing to support.
Jim > -----Original Message----- > From: jose [mailto:[email protected]] On Behalf Of Vladimir Dzhuvinov > Sent: Tuesday, October 20, 2015 10:31 PM > To: [email protected] > Subject: [jose] Exotic use of JWE "iv" header > > Last night I saw a ticket from a developer who was trying to set the IV for the > JWE content encryption by passing the value through the "iv" > header parameter. > > My understanding is that this is not standard behavior, but still, is this is a > sensible method to allow developers to set the IV? (if set by the developer the > "iv" header parameter is to be removed before the JWE is created). This method > of course will have problems when AES/GCM key wrap is used, as then there will > be no way to set two nonces via the "iv" header. > > https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/158/jwe-iv-remains- > in-jwe-header > > Vladimir > > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
