[Openid-specs-ab] Issue #910: Core - 15.14. Signing and Encryption Order (openid/connect)
issues-reply at bitbucket.org
Mon Dec 2 17:42:25 UTC 2013
New issue 910: Core - 15.14. Signing and Encryption Order
It may be worthwhile to point out that all JWE algorithms are integrity protecting as well.
Add the following as the second paragraph.
NOTE: All encryption algorithms used in JWE are AEAD algorithms that protects integrity so there is no need to oversign the encrypted payload separately.
More information about the Openid-specs-ab