On 20/04/18 01:03, Neil Madden wrote: > 2. Moving the “alg” and “enc” headers out of JWE/JWS and instead into JWK so > that is the key that determines the algorithm not the message. Developers letting the "alg" header alone drive JWS / JWE processing is the most glaring mistake I keep seeing. JOSE library maintainers can possibly help here, by hiding the "alg" header from developers :)
We took a similar measure with "alg":"none", by giving those JOSE objects a different class than JWS (for type safety) which cannot be validated. Vladimir _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
