#129: Section 3.2 MAC with HMAC SHA-2 Functions
Old description: > A. Change title "HMAC with SHA-2" > > B. The last sentence in paragraph 1 should be placed in the JWS document > and not here. This may not be a true statement in the future if JWS is > revised to include key management logic. > > C. JWS MUST be rejected belongs in the JWS document not here Instead it > should say that an error is returned for the MAC validation. > > D. Where are the security properties of MAC vs. Signature stated and > referred to from this section? New description: A. Change title "HMAC with SHA-2" * FIXED B. The last sentence in paragraph 1 should be placed in the JWS document and not here. This may not be a true statement in the future if JWS is revised to include key management logic. * FIXED C. JWS MUST be rejected belongs in the JWS document not here Instead it should say that an error is returned for the MAC validation. * FIXED D. Where are the security properties of MAC vs. Signature stated and referred to from this section? -- Comment (by [email protected]): A, B and C are FIXED. D can be a one sentence pointer to Security Considerations on difference between signature and MAC for security prosperities. Major difference is that you cannot prove origination to a third party with a MAC and can only do so to yourself if you make specific assumptions. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-jose-json-web- [email protected] | [email protected] Type: defect | Status: new Priority: Editorial | Milestone: Component: json-web- | Version: algorithms | Resolution: Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/129#comment:1> jose <http://tools.ietf.org/jose/> _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
