Opened 9 years ago

Last modified 9 years ago

#165 new defect

Section 2. Terminology

Reported by: ietf@… Owned by: draft-ietf-jose-json-web-encryption@…
Priority: Editorial Milestone:
Component: json-web-encryption Version:
Severity: - Keywords:

Description (last modified by ietf@…)

  1. JSON Web Encryption - Not suer that this needs to be defined as this is what the document is about. However the current text in sentence one says data structure not serialization. In sentence two describing a compact data model and not a json data model.
  1. AEAD - saying two inputs makes the assumption of the model where the IV go into the cipher text. It is not clear that the algorithm inputs/outputs needs to be done here.
  1. Plaintext - data can be encrypted or result of decryption. s/can contain/is/
  1. Authentication tag - How an absent tag is processed does not belong here but in the processing world. It could be that the tag field is absent for the JSON encoding.
  1. JSON Text Object - this appears to be a definition of what JSON is rather than what a JSON Text Object is.
  1. JWE Header - I have a hard time following this. Should be described in the data model and not here.
  1. JWE * - Why include the string JWE here? Is there a difference between a JWE Encrypted Key and an Encrypted Key.
  1. JWE Encrypted Key - The second sentence can be removed - it should be discussed elsewhere or not at all
  1. See similar list of comments for JWS
  1. Direct Key Agreement - Uses both key agreement and key derivation function
  1. Key Agreement w/ Key Wrapping - also uses KDF function

Change History (1)

comment:1 Changed 9 years ago by ietf@…

  • Description modified (diff)
Note: See TracTickets for help on using tickets.