Dropping all the CC' except for the list. I agree with the proposed change.
OS On Thu, Jan 25, 2024 at 8:00 AM RFC Errata System <[email protected]> wrote: > The following errata report has been submitted for RFC7515, > "JSON Web Signature (JWS)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7767 > > -------------------------------------- > Type: Technical > Reported by: Jeffrey Yasskin <[email protected]> > > Section: 6 > > Original Text > ------------- > These Header Parameters MUST > be integrity protected if the information that they convey is to be > utilized in a trust decision; however, if the only information used > in the trust decision is a key, these parameters need not be > integrity protected, since changing them in a way that causes a > different key to be used will cause the validation to fail. > > Corrected Text > -------------- > These Header Parameters MUST > be integrity protected if the information that they convey is to be > utilized in a trust decision. > > Notes > ----- > See the discussion for https://www.rfc-editor.org/errata/eid7719 at > https://mailarchive.ietf.org/arch/msg/jose/I3_IuEfFSyiHWap7Pyn1BFAb4QM/. > The deleted text is incorrect for both signature schemes and encryption > schemes. > > You could consider adding text like "Note that some algorithms allow > multiple keys to validate or decrypt the same signature or encrypted data." > to prevent readers from making the same bad assumption as the original RFC > authors, but it doesn't seem necessary if doing so is contentious. > Similarly, it's probably ok to simply delete the whole "Original Text" if > that seems better to the reviewers. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC7515 (draft-ietf-jose-json-web-signature-41) > -------------------------------------- > Title : JSON Web Signature (JWS) > Publication Date : May 2015 > Author(s) : M. Jones, J. Bradley, N. Sakimura > Category : PROPOSED STANDARD > Source : Javascript Object Signing and Encryption > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
