Based upon working group feedback on the -09 drafts, I’ve released an update to the JSON Object Signing and Encryption (JOSE) specifications that changes the processing rules for JWEs encrypted to multiple recipients. The new processing rules enable using AES GCM for multiple-recipient JWE objects. This update makes no changes to the single-recipient case.
The updated specification versions are:
- http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-10
- http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-10
- http://tools.ietf.org/html/draft-ietf-jose-json-web-key-10
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-10
HTML formatted versions are also available at: