Hi all, We have published a new draft https://datatracker.ietf.org/doc/draft-reddy-jose-detached-aad/ that introduces a mechanism to support detached AAD in JWE. This allows the AAD to be derived from context-specific information instead of being transmitted in-band. The mechanism is particularly useful in scenarios such as OpenID for Verifiable Credentials (OID4VC), where a verifier must validate context information without relying on in-band AAD.
Comments and suggestions are welcome. Cheers, -Tiru & Hannes ---------- Forwarded message --------- From: <[email protected]> Date: Mon, 3 Feb 2025 at 12:23 Subject: New Version Notification for draft-reddy-jose-detached-aad-00.txt To: Tirumaleswar Reddy.K <[email protected]>, Hannes Tschofenig < [email protected]> A new version of Internet-Draft draft-reddy-jose-detached-aad-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-jose-detached-aad Revision: 00 Title: Enhanced JWE Security with Detached Additional Authenticated Data (AAD) Date: 2025-02-03 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/archive/id/draft-reddy-jose-detached-aad-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-jose-detached-aad/ HTML: https://www.ietf.org/archive/id/draft-reddy-jose-detached-aad-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-reddy-jose-detached-aad Abstract: This draft introduces a mechanism to support detached Additional Authenticated Data (AAD) in JWE (JSON Web Encryption), allowing the AAD to be derived from context-specific information, such as session identifiers, algorithm identifiers, and identifiers of communication endpoints, rather than being transmitted in-band. This mechanism strengthens security by mitigating risk against unknown-key-share attacks and/or other exploitation techniques that depend on some type of confusion over the role played by each party. The document explains how to integrate this functionality into JWE, covering both JWE JSON Serialization and JWE Compact Serialization. The IETF Secretariat
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
