RFC Errata
Found 2 records.
Status: Reported (2)
RFC 7516, "JSON Web Encryption (JWE)", May 2015
Source of RFC: jose (sec)
Errata ID: 7719
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Jeffrey Yasskin
Date Reported: 2023-12-01
Section 6 says:
The key identification methods for this specification are the same as those defined in Section 6 of [JWS], except that the key being identified is the public key to which the JWE was encrypted.
It should say:
??? <I don't know the proper correction.>
Notes:
Section 6 of [JWS] says "these parameters need not be integrity protected, since changing them in a way that causes a different key to be used will cause the validation to fail."
I don't know if this is true for signature schemes (that is, RFC 7515 might have the same erratum), but this is only true for encryption schemes if the algorithm is key-committing. See https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-properties-02.html#name-key-commitment.
Errata ID: 6018
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Kinan Diraneyya
Date Reported: 2020-03-16
Throughout the document, when it says:
initialization vector
It should say:
initialization value
Notes:
RFCs 7516 through 7520 (inclusive) all used the deprecated (as dictated by RFC 4949) term "initialization vector" in place of the newer term "initialization value".