RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 7516, "JSON Web Encryption (JWE)", May 2015

Source of RFC: jose (sec)

Errata ID: 7719
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Jeffrey Yasskin
Date Reported: 2023-12-01

Section 6 says:

The key identification methods for this specification are the same as
those defined in Section 6 of [JWS], except that the key being
identified is the public key to which the JWE was encrypted.

It should say:

??? <I don't know the proper correction.>


Section 6 of [JWS] says "these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail."

I don't know if this is true for signature schemes (that is, RFC 7515 might have the same erratum), but this is only true for encryption schemes if the algorithm is key-committing. See https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-properties-02.html#name-key-commitment.

Report New Errata

Advanced Search