Re: [jose] issues with x5c in JWE

John Bradley <> Wed, 30 January 2013 03:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 573CD21F886F for <>; Tue, 29 Jan 2013 19:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sT4TNm5Mp5O1 for <>; Tue, 29 Jan 2013 19:04:21 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 487D521F886A for <>; Tue, 29 Jan 2013 19:04:21 -0800 (PST)
Received: by with SMTP id j8so2015709qah.20 for <>; Tue, 29 Jan 2013 19:04:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=QoyqUOz9FxuHxi2bZtNv58PVER8zyU6wmP8Uw+ZGmj0=; b=QiGtSAh9cSpl9AqsLEhlxcOqJVsxIJQU1HZSYC+YLKuVzO4/Bhyy4K3YAkK5hxYBQA 2PMY4yDue3jMoRkwGmSoAMSt+0ln1+E8QZZi9oZotUmVcfAlUgjBQnBALUpq+3YazWfC pulS0gFqg0SMCma9IhnOMm8K/dICR0xcumCMoVYZgJMhf+8IwUv7so6bIAI1P6I1yDNH L9xIsVNnnMl0nbmZT+k4Cd6iqRfDe6rcujFwLE+46jYXalQLVVGkfB+hR9cfZcOJs8sS 5Z4EqMKifkV2qLBvdaTgjV5FGynZUCcmS5+3X2lVjE7pLwu9Tb9I6N7ffCjq802gMqZ1 rSQg==
X-Received: by with SMTP id f2mr3842931qew.43.1359515060315; Tue, 29 Jan 2013 19:04:20 -0800 (PST)
Received: from [] ( []) by with ESMTPS id u8sm44010qeu.2.2013. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 29 Jan 2013 19:04:19 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_ABDEC8A6-12EE-48FB-93A0-3A3469229449"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: John Bradley <>
In-Reply-To: <>
Date: Wed, 30 Jan 2013 00:04:09 -0300
Message-Id: <>
References: <>
To: Brian Campbell <>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlZHpTtnOJTYF4MDKxMM53j4DAgDynQdZNiDCkLcpOEnA1kr1Dqe1ohUO8oGOcVmvxFbZev
Cc: "" <>
Subject: Re: [jose] issues with x5c in JWE
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Jan 2013 03:04:22 -0000

Yes for encryption (Leaving ECDH-SS aside ) the recipoient decrypts with a secret.  I would expect a kid in the header.  

I suppose they if the recipient published a x5c that the sender used to encrypt with then you could include the x5c as a reference though a thumbprint would be simpler as the recipient is probably keeping its private keys in a key-store of some sort.

In any event we would minimally want to change that to 
> "The certificate containing the public key of the entity that is to decrypt the JWE MUST be the first certificate."

Thanks Brian

John B.

On 2013-01-29, at 11:08 PM, Brian Campbell <> wrote:

> I just noticed a couple of things in the JWE's x5c definition that struck me as maybe not right.
> From
> "The certificate containing the public key of the entity that encrypted the JWE MUST be the first certificate." - but it's not the public key of the entity that encrypted, is it? It's the public key of the entity that will decrypt. The other entity.
> "The recipient MUST verify the certificate chain according to [RFC5280] and reject the JWE if any validation failure occurs." - maybe I'm missing something but why would the recipient verify it's own certificate chain?
> And the first hyperlink in "See Appendix B of [JWS] for an example "x5c" value" takes you to Appendix B of JWE, which is Acknowledgements, rather than JWS as the text would suggest.
> So all those little nits could be fixed. But maybe it'd be better to just remove x5c from JWE all together? As Richard pointed out previously,, there's really no point in sending a whole chain to help the recipient identify its own key.
> _______________________________________________
> jose mailing list