< draft-ietf-jose-json-web-encryption-18.txt   draft-ietf-jose-json-web-encryption-19.txt >
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track E. Rescorla Intended status: Standards Track E. Rescorla
Expires: May 16, 2014 RTFM Expires: July 2, 2014 RTFM
J. Hildebrand J. Hildebrand
Cisco Cisco
November 12, 2013 December 29, 2013
JSON Web Encryption (JWE) JSON Web Encryption (JWE)
draft-ietf-jose-json-web-encryption-18 draft-ietf-jose-json-web-encryption-19
Abstract Abstract
JSON Web Encryption (JWE) represents encrypted content using JSON Web Encryption (JWE) represents encrypted content using
JavaScript Object Notation (JSON) based data structures. JavaScript Object Notation (JSON) based data structures.
Cryptographic algorithms and identifiers for use with this Cryptographic algorithms and identifiers for use with this
specification are described in the separate JSON Web Algorithms (JWA) specification are described in the separate JSON Web Algorithms (JWA)
specification and IANA registries defined by that specification. specification and IANA registries defined by that specification.
Related digital signature and MAC capabilities are described in the Related digital signature and MAC capabilities are described in the
separate JSON Web Signature (JWS) specification. separate JSON Web Signature (JWS) specification.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 16, 2014. This Internet-Draft will expire on July 2, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 8 3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 8
3.1. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 10 3.1. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 10
4. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. Registered Header Parameter Names . . . . . . . . . . . . 12 4.1. Registered Header Parameter Names . . . . . . . . . . . . 12
4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 12 4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 12
4.1.2. "enc" (Encryption Method) Header Parameter . . . . . . 12 4.1.2. "enc" (Encryption Algorithm) Header Parameter . . . . 12
4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 13 4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 13
4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 13 4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 13
4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 13 4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 13
4.1.6. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 14 4.1.6. "kid" (Key ID) Header Parameter . . . . . . . . . . . 14
4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header 4.1.7. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 14
Parameter . . . . . . . . . . . . . . . . . . . . . . 14
4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 14 4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 14
4.1.9. "kid" (Key ID) Header Parameter . . . . . . . . . . . 14 4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header
Parameter . . . . . . . . . . . . . . . . . . . . . . 14
4.1.10. "typ" (Type) Header Parameter . . . . . . . . . . . . 14 4.1.10. "typ" (Type) Header Parameter . . . . . . . . . . . . 14
4.1.11. "cty" (Content Type) Header Parameter . . . . . . . . 14 4.1.11. "cty" (Content Type) Header Parameter . . . . . . . . 14
4.1.12. "crit" (Critical) Header Parameter . . . . . . . . . . 15 4.1.12. "crit" (Critical) Header Parameter . . . . . . . . . . 15
4.2. Public Header Parameter Names . . . . . . . . . . . . . . 15 4.2. Public Header Parameter Names . . . . . . . . . . . . . . 15
4.3. Private Header Parameter Names . . . . . . . . . . . . . . 15 4.3. Private Header Parameter Names . . . . . . . . . . . . . . 15
5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 15 5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 15
5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 15 5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 15
5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 17 5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 17
5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 20 5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 20
6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 20 6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 20
7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 20 7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 20
7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 20 7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 20
7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 21 7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 21
8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 24 8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 24
9. Distinguishing Between JWS and JWE Objects . . . . . . . . . . 24 9. Distinguishing between JWS and JWE Objects . . . . . . . . . . 24
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
10.1. JSON Web Signature and Encryption Header Parameters 10.1. JSON Web Signature and Encryption Header Parameters
Registration . . . . . . . . . . . . . . . . . . . . . . . 25 Registration . . . . . . . . . . . . . . . . . . . . . . . 25
10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 25 10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 25
11. Security Considerations . . . . . . . . . . . . . . . . . . . 26 11. Security Considerations . . . . . . . . . . . . . . . . . . . 26
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
12.1. Normative References . . . . . . . . . . . . . . . . . . . 27 12.1. Normative References . . . . . . . . . . . . . . . . . . . 27
12.2. Informative References . . . . . . . . . . . . . . . . . . 28 12.2. Informative References . . . . . . . . . . . . . . . . . . 28
Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 29 Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 29
A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 29 A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 29
skipping to change at page 11, line 43 skipping to change at page 11, line 43
Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV
mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8 mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8
1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi 1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi
6UklfCpIMfIjf7iGdXKHzg. 6UklfCpIMfIjf7iGdXKHzg.
48V1_ALb6US04U3b. 48V1_ALb6US04U3b.
5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji 5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji
SdiwkIr3ajwQzaBtQD_A. SdiwkIr3ajwQzaBtQD_A.
XFBoMYUZodetZdvTiFvSkQ XFBoMYUZodetZdvTiFvSkQ
See Appendix A.1 for the complete details of computing this JWE. See See Appendix A.1 for the complete details of computing this JWE. See
Appendix A for additional examples. other parts of Appendix A for additional examples.
4. JWE Header 4. JWE Header
The members of the JSON object(s) representing the JWE Header The members of the JSON object(s) representing the JWE Header
describe the encryption applied to the Plaintext and optionally describe the encryption applied to the Plaintext and optionally
additional properties of the JWE. The Header Parameter names within additional properties of the JWE. The Header Parameter names within
the JWE Header MUST be unique; recipients MUST either reject JWEs the JWE Header MUST be unique; recipients MUST either reject JWEs
with duplicate Header Parameter names or use a JSON parser that with duplicate Header Parameter names or use a JSON parser that
returns only the lexically last duplicate member name, as specified returns only the lexically last duplicate member name, as specified
in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
skipping to change at page 12, line 46 skipping to change at page 12, line 46
to encrypt or determine the value of the Content Encryption Key to encrypt or determine the value of the Content Encryption Key
(CEK). The encrypted content is not usable if the "alg" value does (CEK). The encrypted content is not usable if the "alg" value does
not represent a supported algorithm, or if the recipient does not not represent a supported algorithm, or if the recipient does not
have a key that can be used with that algorithm. have a key that can be used with that algorithm.
A list of defined "alg" values for this use can be found in the IANA A list of defined "alg" values for this use can be found in the IANA
JSON Web Signature and Encryption Algorithms registry defined in JSON Web Signature and Encryption Algorithms registry defined in
[JWA]; the initial contents of this registry are the values defined [JWA]; the initial contents of this registry are the values defined
in Section 4.1 of the JSON Web Algorithms (JWA) [JWA] specification. in Section 4.1 of the JSON Web Algorithms (JWA) [JWA] specification.
4.1.2. "enc" (Encryption Method) Header Parameter 4.1.2. "enc" (Encryption Algorithm) Header Parameter
The "enc" (encryption method) Header Parameter identifies the content The "enc" (encryption algorithm) Header Parameter identifies the
encryption algorithm used to encrypt the Plaintext to produce the content encryption algorithm used to encrypt the Plaintext to produce
Ciphertext. This algorithm MUST be an AEAD algorithm with a the Ciphertext. This algorithm MUST be an AEAD algorithm with a
specified key length. The recipient MUST reject the JWE if the "enc" specified key length. The recipient MUST reject the JWE if the "enc"
value does not represent a supported algorithm. "enc" values should value does not represent a supported algorithm. "enc" values should
either be registered in the IANA JSON Web Signature and Encryption either be registered in the IANA JSON Web Signature and Encryption
Algorithms registry defined in [JWA] or be a value that contains a Algorithms registry defined in [JWA] or be a value that contains a
Collision-Resistant Name. The "enc" value is a case-sensitive string Collision-Resistant Name. The "enc" value is a case-sensitive string
containing a StringOrURI value. This Header Parameter MUST be containing a StringOrURI value. This Header Parameter MUST be
present and MUST be understood and processed by implementations. present and MUST be understood and processed by implementations.
A list of defined "enc" values for this use can be found in the IANA A list of defined "enc" values for this use can be found in the IANA
JSON Web Signature and Encryption Algorithms registry defined in JSON Web Signature and Encryption Algorithms registry defined in
skipping to change at page 14, line 5 skipping to change at page 14, line 5
was encrypted; this can be used to determine the private key needed was encrypted; this can be used to determine the private key needed
to decrypt the JWE. to decrypt the JWE.
4.1.5. "jwk" (JSON Web Key) Header Parameter 4.1.5. "jwk" (JSON Web Key) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "jwk" Header Parameter defined in Section 4.1.3 of [JWS], except the "jwk" Header Parameter defined in Section 4.1.3 of [JWS], except
that the key is the public key to which the JWE was encrypted; this that the key is the public key to which the JWE was encrypted; this
can be used to determine the private key needed to decrypt the JWE. can be used to determine the private key needed to decrypt the JWE.
4.1.6. "x5u" (X.509 URL) Header Parameter 4.1.6. "kid" (Key ID) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "x5u" Header Parameter defined in Section 4.1.4 of [JWS], except the "kid" Header Parameter defined in Section 4.1.4 of [JWS], except
that the X.509 public key certificate or certificate chain [RFC5280] that the key hint references the public key to which the JWE was
contains the public key to which the JWE was encrypted; this can be encrypted; this can be used to determine the private key needed to
used to determine the private key needed to decrypt the JWE. decrypt the JWE. This parameter allows originators to explicitly
signal a change of key to JWE recipients.
4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter 4.1.7. "x5u" (X.509 URL) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "x5t" Header Parameter defined in Section 4.1.5 of [JWS], except the "x5u" Header Parameter defined in Section 4.1.5 of [JWS], except
that certificate referenced by the thumbprint contains the public key that the X.509 public key certificate or certificate chain [RFC5280]
to which the JWE was encrypted; this can be used to determine the contains the public key to which the JWE was encrypted; this can be
private key needed to decrypt the JWE. used to determine the private key needed to decrypt the JWE.
4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter 4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "x5c" Header Parameter defined in Section 4.1.6 of [JWS], except the "x5c" Header Parameter defined in Section 4.1.6 of [JWS], except
that the X.509 public key certificate or certificate chain [RFC5280] that the X.509 public key certificate or certificate chain [RFC5280]
contains the public key to which the JWE was encrypted; this can be contains the public key to which the JWE was encrypted; this can be
used to determine the private key needed to decrypt the JWE. used to determine the private key needed to decrypt the JWE.
See Appendix B of [JWS] for an example "x5c" value. See Appendix B of [JWS] for an example "x5c" value.
4.1.9. "kid" (Key ID) Header Parameter 4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "kid" Header Parameter defined in Section 4.1.7 of [JWS], except the "x5t" Header Parameter defined in Section 4.1.7 of [JWS], except
that the key hint references the public key to which the JWE was that certificate referenced by the thumbprint contains the public key
encrypted; this can be used to determine the private key needed to to which the JWE was encrypted; this can be used to determine the
decrypt the JWE. This parameter allows originators to explicitly private key needed to decrypt the JWE.
signal a change of key to JWE recipients.
4.1.10. "typ" (Type) Header Parameter 4.1.10. "typ" (Type) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
the "typ" Header Parameter defined in Section 4.1.8 of [JWS], except the "typ" Header Parameter defined in Section 4.1.8 of [JWS], except
that the type is of this complete JWE object. that the type is of this complete JWE object.
4.1.11. "cty" (Content Type) Header Parameter 4.1.11. "cty" (Content Type) Header Parameter
This parameter has the same meaning, syntax, and processing rules as This parameter has the same meaning, syntax, and processing rules as
skipping to change at page 19, line 37 skipping to change at page 19, line 37
receiver substitute a randomly generated CEK and proceed to the receiver substitute a randomly generated CEK and proceed to the
next step, to mitigate timing attacks. next step, to mitigate timing attacks.
11. When Direct Key Agreement or Direct Encryption are employed, 11. When Direct Key Agreement or Direct Encryption are employed,
verify that the JWE Encrypted Key value is empty octet sequence. verify that the JWE Encrypted Key value is empty octet sequence.
12. When Direct Encryption is employed, let the Content Encryption 12. When Direct Encryption is employed, let the Content Encryption
Key (CEK) be the shared symmetric key. Key (CEK) be the shared symmetric key.
13. If the JWE JSON Serialization is being used, repeat this process 13. If the JWE JSON Serialization is being used, repeat this process
(steps 1-12) for each recipient contained in the representation (steps 4-12) for each recipient contained in the representation
until the CEK value has been determined. until the CEK value has been determined.
14. Compute the Encoded Protected Header value BASE64URL(UTF8(JWE 14. Compute the Encoded Protected Header value BASE64URL(UTF8(JWE
Protected Header)). If the JWE Protected Header is not present Protected Header)). If the JWE Protected Header is not present
(which can only happen when using the JWE JSON Serialization and (which can only happen when using the JWE JSON Serialization and
no "protected" member is present), let this value be the empty no "protected" member is present), let this value be the empty
string. string.
15. Let the Additional Authenticated Data encryption parameter be 15. Let the Additional Authenticated Data encryption parameter be
ASCII(Encoded Protected Header). However if a JWE AAD value is ASCII(Encoded Protected Header). However if a JWE AAD value is
present (which can only be the case when using the JWE JSON present (which can only be the case when using the JWE JSON
Serialization), instead let the Additional Authenticated Data Serialization), instead let the Additional Authenticated Data
encryption parameter be ASCII(Encoded Protected Header || '.' || encryption parameter be ASCII(Encoded Protected Header || '.' ||
BASE64URL(JWE AAD)). BASE64URL(JWE AAD)).
16. Decrypt the JWE Ciphertext using the CEK, the JWE Initialization 16. Decrypt the JWE Ciphertext using the CEK, the JWE Initialization
Vector, the Additional Authenticated Data value, and the JWE Vector, the Additional Authenticated Data value, and the JWE
Authentication Tag (which is the Authentication Tag input to the Authentication Tag (which is the Authentication Tag input to the
calculation) using the specified content encryption algorithm, calculation) using the specified content encryption algorithm,
returning the decrypted plaintext and verifying the JWE returning the decrypted plaintext and validating the JWE
Authentication Tag in the manner specified for the algorithm, Authentication Tag in the manner specified for the algorithm,
rejecting the input without emitting any decrypted output if the rejecting the input without emitting any decrypted output if the
JWE Authentication Tag is incorrect. JWE Authentication Tag is incorrect.
17. If a "zip" parameter was included, uncompress the decrypted 17. If a "zip" parameter was included, uncompress the decrypted
plaintext using the specified compression algorithm. plaintext using the specified compression algorithm.
18. If all the previous steps succeeded, output the resulting 18. If all the previous steps succeeded, output the resulting
Plaintext. Plaintext.
skipping to change at page 24, line 8 skipping to change at page 24, line 8
Authentication Tag values match those produced for the JWE Compact Authentication Tag values match those produced for the JWE Compact
Serialization, provided that the JWE Protected Header value (which Serialization, provided that the JWE Protected Header value (which
represents the integrity-protected Header Parameter values) matches represents the integrity-protected Header Parameter values) matches
that used in the JWE Compact Serialization. that used in the JWE Compact Serialization.
All recipients use the same JWE Protected Header, JWE Initialization All recipients use the same JWE Protected Header, JWE Initialization
Vector, JWE Ciphertext, and JWE Authentication Tag values, resulting Vector, JWE Ciphertext, and JWE Authentication Tag values, resulting
in potentially significant space savings if the message is large. in potentially significant space savings if the message is large.
Therefore, all Header Parameters that specify the treatment of the Therefore, all Header Parameters that specify the treatment of the
Plaintext value MUST be the same for all recipients. This primarily Plaintext value MUST be the same for all recipients. This primarily
means that the "enc" (encryption method) Header Parameter value in means that the "enc" (encryption algorithm) Header Parameter value in
the JWE Header for each recipient and any parameters of that the JWE Header for each recipient and any parameters of that
algorithm MUST be the same. algorithm MUST be the same.
See Appendix A.4 for an example of computing a JWE using the JWE JSON See Appendix A.4 for an example of computing a JWE using the JWE JSON
Serialization. Serialization.
8. TLS Requirements 8. TLS Requirements
The TLS requirements for this specification are the same as those The TLS requirements for this specification are the same as those
defined in Section 8 of [JWS]. defined in Section 8 of [JWS].
9. Distinguishing Between JWS and JWE Objects 9. Distinguishing between JWS and JWE Objects
There are several ways of distinguishing whether an object is a JWS There are several ways of distinguishing whether an object is a JWS
or JWE object. All these methods will yield the same result for all or JWE object. All these methods will yield the same result for all
legal input values; they may yield different results for malformed legal input values; they may yield different results for malformed
inputs. inputs.
o If the object is using the JWS Compact Serialization or the JWE o If the object is using the JWS Compact Serialization or the JWE
Compact Serialization, the number of base64url encoded segments Compact Serialization, the number of base64url encoded segments
separated by period ('.') characters differs for JWSs and JWEs. separated by period ('.') characters differs for JWSs and JWEs.
JWSs have three segments separated by two period ('.') characters. JWSs have three segments separated by two period ('.') characters.
skipping to change at page 25, line 6 skipping to change at page 25, line 6
represents a digital signature or MAC algorithm, or is the value represents a digital signature or MAC algorithm, or is the value
"none", it is for a JWS; if it represents a Key Encryption, Key "none", it is for a JWS; if it represents a Key Encryption, Key
Wrapping, Direct Key Agreement, Key Agreement with Key Wrapping, Wrapping, Direct Key Agreement, Key Agreement with Key Wrapping,
or Direct Encryption algorithm, it is for a JWE. (Extracting the or Direct Encryption algorithm, it is for a JWE. (Extracting the
"alg" value to examine is straightforward when using the JWS "alg" value to examine is straightforward when using the JWS
Compact Serialization or the JWE Compact Serialization and may be Compact Serialization or the JWE Compact Serialization and may be
more difficult when using the JWS JSON Serialization or the JWE more difficult when using the JWS JSON Serialization or the JWE
JSON Serialization.) JSON Serialization.)
o A JWS Header can also be distinguished from a JWE header by o A JWS Header can also be distinguished from a JWE header by
determining whether an "enc" (encryption method) member exists. determining whether an "enc" (encryption algorithm) member exists.
If the "enc" member exists, it is a JWE; otherwise, it is a JWS. If the "enc" member exists, it is a JWE; otherwise, it is a JWS.
10. IANA Considerations 10. IANA Considerations
10.1. JSON Web Signature and Encryption Header Parameters Registration 10.1. JSON Web Signature and Encryption Header Parameters Registration
This specification registers the Header Parameter names defined in This specification registers the Header Parameter names defined in
Section 4.1 in the IANA JSON Web Signature and Encryption Header Section 4.1 in the IANA JSON Web Signature and Encryption Header
Parameters registry defined in [JWS]. Parameters registry defined in [JWS].
10.1.1. Registry Contents 10.1.1. Registry Contents
o Header Parameter Name: "alg" o Header Parameter Name: "alg"
o Header Parameter Description: Algorithm o Header Parameter Description: Algorithm
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.1 of [[ this document ]] o Specification Document(s): Section 4.1.1 of [[ this document ]]
o Header Parameter Name: "enc" o Header Parameter Name: "enc"
o Header Parameter Description: Encryption Method o Header Parameter Description: Encryption Algorithm
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.2 of [[ this document ]] o Specification Document(s): Section 4.1.2 of [[ this document ]]
o Header Parameter Name: "zip" o Header Parameter Name: "zip"
o Header Parameter Description: Compression Algorithm o Header Parameter Description: Compression Algorithm
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.3 of [[ this document ]] o Specification Document(s): Section 4.1.3 of [[ this document ]]
skipping to change at page 25, line 49 skipping to change at page 25, line 49
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.4 of [[ this document ]] o Specification Document(s): Section 4.1.4 of [[ this document ]]
o Header Parameter Name: "jwk" o Header Parameter Name: "jwk"
o Header Parameter Description: JSON Web Key o Header Parameter Description: JSON Web Key
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification document(s): Section 4.1.5 of [[ this document ]] o Specification document(s): Section 4.1.5 of [[ this document ]]
o Header Parameter Name: "x5u" o Header Parameter Name: "kid"
o Header Parameter Description: X.509 URL o Header Parameter Description: Key ID
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.6 of [[ this document ]] o Specification Document(s): Section 4.1.6 of [[ this document ]]
o Header Parameter Name: "x5t" o Header Parameter Name: "x5u"
o Header Parameter Description: X.509 Certificate SHA-1 Thumbprint o Header Parameter Description: X.509 URL
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.7 of [[ this document ]] o Specification Document(s): Section 4.1.7 of [[ this document ]]
o Header Parameter Name: "x5c" o Header Parameter Name: "x5c"
o Header Parameter Description: X.509 Certificate Chain o Header Parameter Description: X.509 Certificate Chain
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.8 of [[ this document ]] o Specification Document(s): Section 4.1.8 of [[ this document ]]
o Header Parameter Name: "kid" o Header Parameter Name: "x5t"
o Header Parameter Description: Key ID o Header Parameter Description: X.509 Certificate SHA-1 Thumbprint
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.9 of [[ this document ]] o Specification Document(s): Section 4.1.9 of [[ this document ]]
o Header Parameter Name: "typ" o Header Parameter Name: "typ"
o Header Parameter Description: Type o Header Parameter Description: Type
o Header Parameter Usage Location(s): JWE o Header Parameter Usage Location(s): JWE
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1.10 of [[ this document ]] o Specification Document(s): Section 4.1.10 of [[ this document ]]
skipping to change at page 27, line 40 skipping to change at page 27, line 40
12. References 12. References
12.1. Normative References 12.1. Normative References
[ECMAScript] [ECMAScript]
Ecma International, "ECMAScript Language Specification, Ecma International, "ECMAScript Language Specification,
5.1 Edition", ECMA 262, June 2011. 5.1 Edition", ECMA 262, June 2011.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
November 2013. December 2013.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)",
draft-ietf-jose-json-web-key (work in progress), draft-ietf-jose-json-web-key (work in progress),
November 2013. December 2013.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), November 2013. in progress), December 2013.
[RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification
version 1.3", RFC 1951, May 1996. version 1.3", RFC 1951, May 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
skipping to change at page 45, line 26 skipping to change at page 45, line 26
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix D. Document History Appendix D. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-19
o Reordered the key selection parameters.
-18 -18
o Updated the mandatory-to-implement (MTI) language to say that o Updated the mandatory-to-implement (MTI) language to say that
applications using this specification need to specify what applications using this specification need to specify what
serialization and serialization features are used for that serialization and serialization features are used for that
application, addressing issue #176. application, addressing issue #176.
o Changes to address editorial and minor issues #89, #135, #165, o Changes to address editorial and minor issues #89, #135, #165,
#174, #175, #177, #179, and #180. #174, #175, #177, #179, and #180.
 End of changes. 30 change blocks. 
46 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/