The following errata report has been submitted for RFC7516, "JSON Web Encryption (JWE)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7719 -------------------------------------- Type: Technical Reported by: Jeffrey Yasskin <[email protected]> Section: 6 Original Text ------------- The key identification methods for this specification are the same as those defined in Section 6 of [JWS], except that the key being identified is the public key to which the JWE was encrypted. Corrected Text -------------- ??? <I don't know the proper correction.> Notes ----- Section 6 of [JWS] says "these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail." I don't know if this is true for signature schemes (that is, RFC 7515 might have the same erratum), but this is only true for encryption schemes if the algorithm is key-committing. See https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-properties-02.html#name-key-commitment. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7516 (draft-ietf-jose-json-web-encryption-40) -------------------------------------- Title : JSON Web Encryption (JWE) Publication Date : May 2015 Author(s) : M. Jones, J. Hildebrand Category : PROPOSED STANDARD Source : Javascript Object Signing and Encryption Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
