Hi there,
In RFC 7516, page 23 at the end of section 7.2.2 (Flattened) it is written
:
"Note that when using the flattened syntax, just as when using the
general syntax, any unprotected Header Parameter values can reside in
either the "unprotected" member or the "header" member, or in both."
While page 17, in the 5.2 Section (Message decryption) it is written :
" 4. If using the JWE Compact Serialization, let the JOSE Header be
the JWE Protected Header. Otherwise, when using the JWE JSON
Serialization, let the JOSE Header be the union of the members
of the JWE Protected Header, the JWE Shared Unprotected Header
and the corresponding JWE Per-Recipient Unprotected Header, all
of which must be completely valid JSON objects. During this
step, verify that the resulting JOSE Header does not contain
duplicate Header Parameter names. When using the JWE JSON
Serialization, this restriction includes that the same Header
Parameter name also MUST NOT occur in distinct JSON object
values that together comprise the JOSE Header."
My problem is that if a Header Parameter is in "both" the "unprotected" and
the "header" member, it is therefore not unique.
Am I missing something?
Thanks in advance,
Philippe Leothaud
42 Crunch
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
