Core - 15.14. Signing and Encryption Order

Issue #910 resolved
Nat Sakimura
created an issue

It may be worthwhile to point out that all JWE algorithms are integrity protecting as well.

Proposal:

Add the following as the second paragraph.

NOTE: All encryption algorithms used in JWE are AEAD algorithms that protects integrity so there is no need to oversign the encrypted payload separately.

Comments (2)

  1. Log in to comment