RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (2)

RFC 7516, "JSON Web Encryption (JWE)", May 2015

Source of RFC: jose (sec)

Errata ID: 7719
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Jeffrey Yasskin
Date Reported: 2023-12-01

Section 6 says:

The key identification methods for this specification are the same as
those defined in Section 6 of [JWS], except that the key being
identified is the public key to which the JWE was encrypted.

It should say:

??? <I don't know the proper correction.>


Section 6 of [JWS] says "these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail."

I don't know if this is true for signature schemes (that is, RFC 7515 might have the same erratum), but this is only true for encryption schemes if the algorithm is key-committing. See https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-properties-02.html#name-key-commitment.

Errata ID: 6018
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Kinan Diraneyya
Date Reported: 2020-03-16

Throughout the document, when it says:

initialization vector

It should say:

initialization value


RFCs 7516 through 7520 (inclusive) all used the deprecated (as dictated by RFC 4949) term "initialization vector" in place of the newer term "initialization value".

Report New Errata

Advanced Search