The following errata report has been submitted for RFC7515, "JSON Web Signature (JWS)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7767 -------------------------------------- Type: Technical Reported by: Jeffrey Yasskin <[email protected]> Section: 6 Original Text ------------- These Header Parameters MUST be integrity protected if the information that they convey is to be utilized in a trust decision; however, if the only information used in the trust decision is a key, these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail. Corrected Text -------------- These Header Parameters MUST be integrity protected if the information that they convey is to be utilized in a trust decision. Notes ----- See the discussion for https://www.rfc-editor.org/errata/eid7719 at https://mailarchive.ietf.org/arch/msg/jose/I3_IuEfFSyiHWap7Pyn1BFAb4QM/. The deleted text is incorrect for both signature schemes and encryption schemes. You could consider adding text like "Note that some algorithms allow multiple keys to validate or decrypt the same signature or encrypted data." to prevent readers from making the same bad assumption as the original RFC authors, but it doesn't seem necessary if doing so is contentious. Similarly, it's probably ok to simply delete the whole "Original Text" if that seems better to the reviewers. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7515 (draft-ietf-jose-json-web-signature-41) -------------------------------------- Title : JSON Web Signature (JWS) Publication Date : May 2015 Author(s) : M. Jones, J. Bradley, N. Sakimura Category : PROPOSED STANDARD Source : Javascript Object Signing and Encryption Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
