< draft-ietf-jose-json-web-encryption-39.txt   draft-ietf-jose-json-web-encryption-40.txt >
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Hildebrand Intended status: Standards Track J. Hildebrand
Expires: July 3, 2015 Cisco Expires: July 17, 2015 Cisco
December 30, 2014 January 13, 2015
JSON Web Encryption (JWE) JSON Web Encryption (JWE)
draft-ietf-jose-json-web-encryption-39 draft-ietf-jose-json-web-encryption-40
Abstract Abstract
JSON Web Encryption (JWE) represents encrypted content using JSON Web Encryption (JWE) represents encrypted content using
JavaScript Object Notation (JSON) based data structures. JavaScript Object Notation (JSON) based data structures.
Cryptographic algorithms and identifiers for use with this Cryptographic algorithms and identifiers for use with this
specification are described in the separate JSON Web Algorithms (JWA) specification are described in the separate JSON Web Algorithms (JWA)
specification and IANA registries defined by that specification. specification and IANA registries defined by that specification.
Related digital signature and MAC capabilities are described in the Related digital signature and MAC capabilities are described in the
separate JSON Web Signature (JWS) specification. separate JSON Web Signature (JWS) specification.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 3, 2015. This Internet-Draft will expire on July 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 8 3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 8
3.1. JWE Compact Serialization Overview . . . . . . . . . . . . 9 3.1. JWE Compact Serialization Overview . . . . . . . . . . . . 9
3.2. JWE JSON Serialization Overview . . . . . . . . . . . . . 9 3.2. JWE JSON Serialization Overview . . . . . . . . . . . . . 9
3.3. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 10 3.3. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 10
4. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . . . 11 4. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. Registered Header Parameter Names . . . . . . . . . . . . 11 4.1. Registered Header Parameter Names . . . . . . . . . . . . 12
4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 12 4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 12
4.1.2. "enc" (Encryption Algorithm) Header Parameter . . . . 12 4.1.2. "enc" (Encryption Algorithm) Header Parameter . . . . 12
4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 12 4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 13
4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 13 4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 13
4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 13 4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 13
4.1.6. "kid" (Key ID) Header Parameter . . . . . . . . . . . 13 4.1.6. "kid" (Key ID) Header Parameter . . . . . . . . . . . 13
4.1.7. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 13 4.1.7. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 13
4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 13 4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 14
4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header 4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header
Parameter . . . . . . . . . . . . . . . . . . . . . . 14 Parameter . . . . . . . . . . . . . . . . . . . . . . 14
4.1.10. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 4.1.10. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)
Header Parameter . . . . . . . . . . . . . . . . . . . 14 Header Parameter . . . . . . . . . . . . . . . . . . . 14
4.1.11. "typ" (Type) Header Parameter . . . . . . . . . . . . 14 4.1.11. "typ" (Type) Header Parameter . . . . . . . . . . . . 14
4.1.12. "cty" (Content Type) Header Parameter . . . . . . . . 14 4.1.12. "cty" (Content Type) Header Parameter . . . . . . . . 14
4.1.13. "crit" (Critical) Header Parameter . . . . . . . . . . 14 4.1.13. "crit" (Critical) Header Parameter . . . . . . . . . . 14
4.2. Public Header Parameter Names . . . . . . . . . . . . . . 14 4.2. Public Header Parameter Names . . . . . . . . . . . . . . 15
4.3. Private Header Parameter Names . . . . . . . . . . . . . . 15 4.3. Private Header Parameter Names . . . . . . . . . . . . . . 15
5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 15 5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 15
5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 15 5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 15
5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 17 5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 17
5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 20 5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 20
6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 20 6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 20
7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 20 7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 20
7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 20 7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 20
7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 21 7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 21
7.2.1. General JWE JSON Serialization Syntax . . . . . . . . 21 7.2.1. General JWE JSON Serialization Syntax . . . . . . . . 21
7.2.2. Flattened JWE JSON Serialization Syntax . . . . . . . 24 7.2.2. Flattened JWE JSON Serialization Syntax . . . . . . . 24
8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 24 8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 24
9. Distinguishing between JWS and JWE Objects . . . . . . . . . . 24 9. Distinguishing between JWS and JWE Objects . . . . . . . . . . 25
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
10.1. JSON Web Signature and Encryption Header Parameters 10.1. JSON Web Signature and Encryption Header Parameters
Registration . . . . . . . . . . . . . . . . . . . . . . . 25 Registration . . . . . . . . . . . . . . . . . . . . . . . 25
10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 25 10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 25
11. Security Considerations . . . . . . . . . . . . . . . . . . . 27 11. Security Considerations . . . . . . . . . . . . . . . . . . . 27
11.1. Key Entropy and Random Values . . . . . . . . . . . . . . 27 11.1. Key Entropy and Random Values . . . . . . . . . . . . . . 27
11.2. Key Protection . . . . . . . . . . . . . . . . . . . . . . 28 11.2. Key Protection . . . . . . . . . . . . . . . . . . . . . . 28
11.3. Using Matching Algorithm Strengths . . . . . . . . . . . . 28 11.3. Using Matching Algorithm Strengths . . . . . . . . . . . . 28
11.4. Adaptive Chosen-Ciphertext Attacks . . . . . . . . . . . . 28 11.4. Adaptive Chosen-Ciphertext Attacks . . . . . . . . . . . . 28
11.5. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 28 11.5. Timing Attacks . . . . . . . . . . . . . . . . . . . . . . 29
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29
12.1. Normative References . . . . . . . . . . . . . . . . . . . 29 12.1. Normative References . . . . . . . . . . . . . . . . . . . 29
12.2. Informative References . . . . . . . . . . . . . . . . . . 29 12.2. Informative References . . . . . . . . . . . . . . . . . . 30
Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 30 Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 31
A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 31 A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 31
A.1.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 31 A.1.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 31
A.1.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 31 A.1.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 31
A.1.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 31 A.1.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 32
A.1.4. Initialization Vector . . . . . . . . . . . . . . . . 33 A.1.4. Initialization Vector . . . . . . . . . . . . . . . . 33
A.1.5. Additional Authenticated Data . . . . . . . . . . . . 33 A.1.5. Additional Authenticated Data . . . . . . . . . . . . 33
A.1.6. Content Encryption . . . . . . . . . . . . . . . . . . 33 A.1.6. Content Encryption . . . . . . . . . . . . . . . . . . 34
A.1.7. Complete Representation . . . . . . . . . . . . . . . 34 A.1.7. Complete Representation . . . . . . . . . . . . . . . 34
A.1.8. Validation . . . . . . . . . . . . . . . . . . . . . . 34 A.1.8. Validation . . . . . . . . . . . . . . . . . . . . . . 35
A.2. Example JWE using RSAES-PKCS1-V1_5 and A.2. Example JWE using RSAES-PKCS1-V1_5 and
AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 35 AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 35
A.2.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 35 A.2.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 35
A.2.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 35 A.2.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 36
A.2.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 35 A.2.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 36
A.2.4. Initialization Vector . . . . . . . . . . . . . . . . 37 A.2.4. Initialization Vector . . . . . . . . . . . . . . . . 38
A.2.5. Additional Authenticated Data . . . . . . . . . . . . 37 A.2.5. Additional Authenticated Data . . . . . . . . . . . . 38
A.2.6. Content Encryption . . . . . . . . . . . . . . . . . . 37 A.2.6. Content Encryption . . . . . . . . . . . . . . . . . . 38
A.2.7. Complete Representation . . . . . . . . . . . . . . . 38 A.2.7. Complete Representation . . . . . . . . . . . . . . . 39
A.2.8. Validation . . . . . . . . . . . . . . . . . . . . . . 38 A.2.8. Validation . . . . . . . . . . . . . . . . . . . . . . 39
A.3. Example JWE using AES Key Wrap and A.3. Example JWE using AES Key Wrap and
AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 39 AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 40
A.3.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 39 A.3.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . 40
A.3.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 39 A.3.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 40
A.3.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 39 A.3.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 40
A.3.4. Initialization Vector . . . . . . . . . . . . . . . . 40 A.3.4. Initialization Vector . . . . . . . . . . . . . . . . 41
A.3.5. Additional Authenticated Data . . . . . . . . . . . . 40 A.3.5. Additional Authenticated Data . . . . . . . . . . . . 41
A.3.6. Content Encryption . . . . . . . . . . . . . . . . . . 40 A.3.6. Content Encryption . . . . . . . . . . . . . . . . . . 41
A.3.7. Complete Representation . . . . . . . . . . . . . . . 41 A.3.7. Complete Representation . . . . . . . . . . . . . . . 42
A.3.8. Validation . . . . . . . . . . . . . . . . . . . . . . 41 A.3.8. Validation . . . . . . . . . . . . . . . . . . . . . . 42
A.4. Example JWE using General JWE JSON Serialization . . . . . 42 A.4. Example JWE using General JWE JSON Serialization . . . . . 43
A.4.1. JWE Per-Recipient Unprotected Headers . . . . . . . . 42 A.4.1. JWE Per-Recipient Unprotected Headers . . . . . . . . 43
A.4.2. JWE Protected Header . . . . . . . . . . . . . . . . . 42 A.4.2. JWE Protected Header . . . . . . . . . . . . . . . . . 43
A.4.3. JWE Unprotected Header . . . . . . . . . . . . . . . . 43 A.4.3. JWE Unprotected Header . . . . . . . . . . . . . . . . 44
A.4.4. Complete JOSE Header Values . . . . . . . . . . . . . 43 A.4.4. Complete JOSE Header Values . . . . . . . . . . . . . 44
A.4.5. Additional Authenticated Data . . . . . . . . . . . . 43 A.4.5. Additional Authenticated Data . . . . . . . . . . . . 44
A.4.6. Content Encryption . . . . . . . . . . . . . . . . . . 43 A.4.6. Content Encryption . . . . . . . . . . . . . . . . . . 44
A.4.7. Complete JWE JSON Serialization Representation . . . . 44 A.4.7. Complete JWE JSON Serialization Representation . . . . 45
A.5. Example JWE using Flattened JWE JSON Serialization . . . . 45 A.5. Example JWE using Flattened JWE JSON Serialization . . . . 46
Appendix B. Example AES_128_CBC_HMAC_SHA_256 Computation . . . . 45 Appendix B. Example AES_128_CBC_HMAC_SHA_256 Computation . . . . 46
B.1. Extract MAC_KEY and ENC_KEY from Key . . . . . . . . . . . 45 B.1. Extract MAC_KEY and ENC_KEY from Key . . . . . . . . . . . 46
B.2. Encrypt Plaintext to Create Ciphertext . . . . . . . . . . 46 B.2. Encrypt Plaintext to Create Ciphertext . . . . . . . . . . 47
B.3. 64 Bit Big Endian Representation of AAD Length . . . . . . 46 B.3. 64 Bit Big Endian Representation of AAD Length . . . . . . 47
B.4. Initialization Vector Value . . . . . . . . . . . . . . . 47 B.4. Initialization Vector Value . . . . . . . . . . . . . . . 48
B.5. Create Input to HMAC Computation . . . . . . . . . . . . . 47 B.5. Create Input to HMAC Computation . . . . . . . . . . . . . 48
B.6. Compute HMAC Value . . . . . . . . . . . . . . . . . . . . 47 B.6. Compute HMAC Value . . . . . . . . . . . . . . . . . . . . 48
B.7. Truncate HMAC Value to Create Authentication Tag . . . . . 47 B.7. Truncate HMAC Value to Create Authentication Tag . . . . . 48
Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 47 Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 48
Appendix D. Document History . . . . . . . . . . . . . . . . . . 48 Appendix D. Document History . . . . . . . . . . . . . . . . . . 49
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 61
1. Introduction 1. Introduction
JSON Web Encryption (JWE) represents encrypted content using JSON Web Encryption (JWE) represents encrypted content using
JavaScript Object Notation (JSON) [RFC7159] based data structures. JavaScript Object Notation (JSON) [RFC7159] based data structures.
The JWE cryptographic mechanisms encrypt and provide integrity The JWE cryptographic mechanisms encrypt and provide integrity
protection for an arbitrary sequence of octets. protection for an arbitrary sequence of octets.
Two closely related serializations for JWEs are defined. The JWE Two closely related serializations for JWEs are defined. The JWE
Compact Serialization is a compact, URL-safe representation intended Compact Serialization is a compact, URL-safe representation intended
skipping to change at page 5, line 42 skipping to change at page 5, line 42
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2 of [JWS]. Section 2 of [JWS].
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING, where STRING is a sequence of zero or more Unicode
[UNICODE] characters.
ASCII(STRING) denotes the octets of the ASCII [RFC20] representation ASCII(STRING) denotes the octets of the ASCII [RFC20] representation
of STRING. of STRING, where STRING is a sequence of zero or more ASCII
characters.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms defined by the JSON Web Signature (JWS) [JWS] These terms defined by the JSON Web Signature (JWS) [JWS]
specification are incorporated into this specification: "JSON Web specification are incorporated into this specification: "JSON Web
Signature (JWS)", "Base64url Encoding", "Collision-Resistant Name", Signature (JWS)", "Base64url Encoding", "Collision-Resistant Name",
"Header Parameter", "JOSE Header", and "StringOrURI". "Header Parameter", "JOSE Header", and "StringOrURI".
skipping to change at page 29, line 13 skipping to change at page 29, line 20
of receiving an improperly formatted key, that the recipient of receiving an improperly formatted key, that the recipient
substitute a randomly generated CEK and proceed to the next step, to substitute a randomly generated CEK and proceed to the next step, to
mitigate timing attacks. mitigate timing attacks.
12. References 12. References
12.1. Normative References 12.1. Normative References
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
December 2014. January 2015.
[JWK] Jones, M., "JSON Web Key (JWK)", [JWK] Jones, M., "JSON Web Key (JWK)",
draft-ietf-jose-json-web-key (work in progress), draft-ietf-jose-json-web-key (work in progress),
December 2014. January 2015.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), December 2014. in progress), January 2015.
[RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification
version 1.3", RFC 1951, May 1996. version 1.3", RFC 1951, May 1996.
[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,
October 1969. October 1969.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 29, line 46 skipping to change at page 30, line 5
RFC 4949, August 2007. RFC 4949, August 2007.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-,
<http://www.unicode.org/versions/latest/>.
12.2. Informative References 12.2. Informative References
[AES] National Institute of Standards and Technology (NIST), [AES] National Institute of Standards and Technology (NIST),
"Advanced Encryption Standard (AES)", FIPS PUB 197, "Advanced Encryption Standard (AES)", FIPS PUB 197,
November 2001. November 2001.
[I-D.mcgrew-aead-aes-cbc-hmac-sha2] [I-D.mcgrew-aead-aes-cbc-hmac-sha2]
McGrew, D., Foley, J., and K. Paterson, "Authenticated McGrew, D., Foley, J., and K. Paterson, "Authenticated
Encryption with AES-CBC and HMAC-SHA", Encryption with AES-CBC and HMAC-SHA",
draft-mcgrew-aead-aes-cbc-hmac-sha2-05 (work in progress), draft-mcgrew-aead-aes-cbc-hmac-sha2-05 (work in progress),
skipping to change at page 48, line 34 skipping to change at page 49, line 34
Sakimura, Jim Schaad, Hannes Tschofenig, and Sean Turner. Sakimura, Jim Schaad, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix D. Document History Appendix D. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-40
o Clarified the definitions of UTF8(STRING) and ASCII(STRING).
-39 -39
o No changes were made, other than to the version number and date. o No changes were made, other than to the version number and date.
-38 -38
o Replaced uses of the phrases "JWS object" and "JWE object" with o Replaced uses of the phrases "JWS object" and "JWE object" with
"JWS" and "JWE". "JWS" and "JWE".
o Added member names to the JWE JSON Serialization Overview. o Added member names to the JWE JSON Serialization Overview.
 End of changes. 25 change blocks. 
58 lines changed or deleted 67 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/