[jose] [Technical Errata Reported] RFC7516 (7719)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 01 December 2023 17:11 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85EF5C14F5E6 for <jose@ietfa.amsl.com>; Fri, 1 Dec 2023 09:11:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.658
X-Spam-Level:
X-Spam-Status: No, score=-6.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWydjEvWHWTw for <jose@ietfa.amsl.com>; Fri, 1 Dec 2023 09:11:24 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F07C14F5EF for <jose@ietf.org>; Fri, 1 Dec 2023 09:10:01 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id D30A51976013; Fri, 1 Dec 2023 09:10:00 -0800 (PST)
To: mbj@microsoft.com, jhildebr@cisco.com, rdd@cert.org, paul.wouters@aiven.io, ve7jtb@ve7jtb.com, john.mattsson@ericsson.com, kodonog@pobox.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: jyasskin@google.com, jose@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20231201171000.D30A51976013@rfcpa.amsl.com>
Date: Fri, 01 Dec 2023 09:10:00 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/J5PQ3NUrnauxz9Ta-CYRd8PiJIM>
X-Mailman-Approved-At: Fri, 01 Dec 2023 13:20:46 -0800
Subject: [jose] [Technical Errata Reported] RFC7516 (7719)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2023 17:11:28 -0000
The following errata report has been submitted for RFC7516, "JSON Web Encryption (JWE)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7719 -------------------------------------- Type: Technical Reported by: Jeffrey Yasskin <jyasskin@google.com> Section: 6 Original Text ------------- The key identification methods for this specification are the same as those defined in Section 6 of [JWS], except that the key being identified is the public key to which the JWE was encrypted. Corrected Text -------------- ??? <I don't know the proper correction.> Notes ----- Section 6 of [JWS] says "these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail." I don't know if this is true for signature schemes (that is, RFC 7515 might have the same erratum), but this is only true for encryption schemes if the algorithm is key-committing. See https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-properties-02.html#name-key-commitment. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7516 (draft-ietf-jose-json-web-encryption-40) -------------------------------------- Title : JSON Web Encryption (JWE) Publication Date : May 2015 Author(s) : M. Jones, J. Hildebrand Category : PROPOSED STANDARD Source : Javascript Object Signing and Encryption Area : Security Stream : IETF Verifying Party : IESG
- [jose] [Technical Errata Reported] RFC7516 (7719) RFC Errata System
- Re: [jose] [Technical Errata Reported] RFC7516 (7… Jeffrey Yasskin