Updated JOSE and JWT drafts have been released that incorporate additional wording improvements in places suggested by Kathleen Moriarty. Most of the changes were rewording and reorganization of the Security Considerations sections. An explanation of when applications typically would and would not use the typ and cty header parameters was added. The one normative change was to specify the use of PKCS #7 padding with AES CBC, rather than PKCS #5 — a correction pointed out by Shaun Cooley. (PKCS #7 is a superset of PKCS #5, and is appropriate for the 16 octet blocks used by AES CBC.) No breaking changes were made.
The specifications are available at:
- http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-28
- http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-28
- http://tools.ietf.org/html/draft-ietf-jose-json-web-key-28
- http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-28
- http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-22
HTML formatted versions are available at:
- https://self-issued.info/docs/draft-ietf-jose-json-web-signature-28.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-encryption-28.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-key-28.html
- https://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-28.html
- https://self-issued.info/docs/draft-ietf-oauth-json-web-token-22.html
Leave a Reply
You must be logged in to post a comment.