openid / connect / issues / #910 - Core - 15.14. Signing and Encryption Order — Bitbucket

Issue #910 resolved

Nat Sakimura created an issue 2013-12-02

It may be worthwhile to point out that all JWE algorithms are integrity protecting as well.

Proposal:

Add the following as the second paragraph.

NOTE: All encryption algorithms used in JWE are AEAD algorithms that protects integrity so there is no need to oversign the encrypted payload separately.

Comments (2)

Michael Jones
- changed milestone to Final
- changed component to Core
- assigned issue to
  
  Michael Jones
We will apply this editorial comment, making sure not to mislead people into believing they don't need to sign.
- 2013-12-02T23:52:45+00:00
Michael Jones
- changed status to resolved
Fixed ~~#910~~ - Added comment about JWE using only integrity protecting algorithms

→ <<cset 5bb9e8acb39c>>
- 2013-12-09T04:12:52+00:00
Log in to comment

Assignee: Michael Jones

Type: enhancement

Priority: trivial

Status: resolved

Component: Core

Milestone: Final

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!