The following errata report has been submitted for RFC7516, "JSON Web Encryption (JWE)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8676 -------------------------------------- Type: Technical Reported by: Burak Can Kus <[email protected]> Section: 5.2 Original Text ------------- 14. Compute the Encoded Protected Header value BASE64URL(UTF8(JWE Protected Header)). If the JWE Protected Header is not present (which can only happen when using the JWE JSON Serialization and no "protected" member is present), let this value be the empty string. Corrected Text -------------- 14. Compute the Encoded Protected Header value BASE64URL(UTF8(JWE Protected Header)). If the JWE Protected Header is not present (which can only happen when using the JWE JSON Serialization and no "protected" member is present), let this value be the empty string. Instead of serializing the JWE Protected Header JSON object, use the Base64url decoded representation of JWE Protected Header. Notes ----- Step 3 says: 3. Verify that the octet sequence resulting from decoding the encoded JWE Protected Header is a UTF-8-encoded representation of a completely valid JSON object conforming to RFC 7159 [RFC7159]; let the JWE Protected Header be this JSON object. Since JWE Protected Header is the JSON object, the serialized value might often end up different than the Base64url representation of the input value, this is because JSON is not canonical. So in step 14, instead of serializing the JSON object of the JWE Protected Header, the Base64url decoded value must be used to obtain the same value. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7516 (draft-ietf-jose-json-web-encryption-40) -------------------------------------- Title : JSON Web Encryption (JWE) Publication Date : May 2015 Author(s) : M. Jones, J. Hildebrand Category : PROPOSED STANDARD Source : Javascript Object Signing and Encryption Stream : IETF Verifying Party : IESG _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
