RFC Errata
Found 2 records.
Status: Reported (2)
RFC 7520, "Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)", May 2015
Source of RFC: jose (sec)
Errata ID: 7680
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Filip Skokan
Date Reported: 2023-10-17
Section 5.9 says:
This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8. Note that whitespace is added for readability as described in Section 1.1.
It should say:
This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8. Note that DEFLATE [RFC1951] is not a deterministic algorithm; its implementations must properly round-trip but are not required to produce the same compressed data; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1.
Notes:
This added text is aligned with other non-deterministic algorithms in sections 4.2, 4.3, 5.1, 5.2, 5.13, and 6. It gives the reader a heads up that the results might not be replicable, e.g. when using a modern zlib deflate implementation which uses ANZAC++ hash in favour of hardware accelerated hashing function (i.e. CRC32) to insert symbols in the dictionary during compression.
Errata ID: 4802
Status: Reported
Type: Editorial
Publication Format(s) : TEXT
Reported By: Florent Morselli
Date Reported: 2016-09-13
Section 5.7.5 says:
The figure 150 is:
{
"protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
"encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
k",
"iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
"ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
xWU",
"tag": "NvBveHr_vonkvflfnUrmBQ"
}
But the protected header in the figure 145 is:
eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
And the figure 147 indicates the tag is "DKW7jrb4WaRSNfbXVPlT5g".
It should say:
The figure 150 should be:
The figure 150 is:
{
"protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM
1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5j
IjoiQTEyOENCQy1IUzI1NiJ9",
"encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
k",
"iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
"ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
xWU",
"tag": "DKW7jrb4WaRSNfbXVPlT5g"
}
Notes:
Wrong JSON Flattened Representation