<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";
color:#003366;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:923801747;
mso-list-type:hybrid;
mso-list-template-ids:-636083158 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1326668053;
mso-list-template-ids:-1431253252;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1438016165;
mso-list-template-ids:463247786;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1755933931;
mso-list-template-ids:1984882826;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:1811945904;
mso-list-type:hybrid;
mso-list-template-ids:1442207202 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5
{mso-list-id:1896155740;
mso-list-template-ids:648024362;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mike Jones
<br>
<b>Sent:</b> Saturday, May 12, 2012 5:09 PM<br>
<b>To:</b> jose@ietf.org<br>
<b>Subject:</b> Draft -02 of JSON Crypto Specs: JWS, JWE, JWK, JWA<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">New -02 versions of the <a href="http://datatracker.ietf.org/wg/jose/">
JSON Object Signing and Encryption (JOSE)</a> specifications are now available that incorporate working decisions made since the previous versions, including decisions made at IETF 83 in Paris and in follow-up discussions on the working group list. The drafts
contain numerous clarifications, refinements, and editorial improvements. They are:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>JSON Web Signature (JWS) – Digital signature/HMAC specification<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>JSON Web Encryption (JWE) – Encryption specification<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>JSON Web Key (JWK) – Public key specification<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>JSON Web Algorithms (JWA) – Algorithms and identifiers specification<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">These specifications are available at:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l4 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02</a>
<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l4 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02</a>
<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l4 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02</a>
<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l4 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02</a>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The document history entries (also in the specifications) are as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02</a>:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that it is an error when a
</span><span lang="EN" style="font-family:"Courier New";color:#003366">kid</span><span lang="EN" style="font-family:"Verdana","sans-serif""> value is included and no matching key is found.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed assumption that
</span><span lang="EN" style="font-family:"Courier New";color:#003366">kid</span><span lang="EN" style="font-family:"Verdana","sans-serif""> (key ID) can only refer to an asymmetric key.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that JWSs with duplicate Header Parameter Names MUST be rejected.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified the relationship between
</span><span lang="EN" style="font-family:"Courier New";color:#003366">typ</span><span lang="EN" style="font-family:"Verdana","sans-serif""> header parameter values and MIME types.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Registered application/jws MIME type and "JWS" typ header parameter value.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Simplified JWK terminology to get replace the "JWK Key Object" and "JWK Container Object" terms with simply "JSON Web Key (JWK)" and
"JSON Web Key Set (JWK Set)" and to eliminate potential confusion between single keys and sets of keys. As part of this change, the header parameter name for a public key value was changed from
</span><span lang="EN" style="font-family:"Courier New";color:#003366">jpk</span><span lang="EN" style="font-family:"Verdana","sans-serif""> (JSON Public Key) to
</span><span lang="EN" style="font-family:"Courier New";color:#003366">jwk</span><span lang="EN" style="font-family:"Verdana","sans-serif""> (JSON Web Key).
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added suggestion on defining additional header parameters such as
</span><span lang="EN" style="font-family:"Courier New";color:#003366">x5t#S256</span><span lang="EN" style="font-family:"Verdana","sans-serif""> in the future for certificate thumbprints using hash algorithms other than SHA-1.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Specify RFC 2818 server identity validation, rather than RFC 6125 (paralleling the same decision in the OAuth specs).
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs) unless
in a context specific to HMAC algorithms. <o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo3"><span lang="EN" style="font-family:"Verdana","sans-serif"">Reformatted to give each header parameter its own section heading.
<o:p></o:p></span></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02</a>:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">When using AEAD algorithms (such as AES GCM), use the "additional authenticated data" parameter to provide integrity for the header,
encrypted key, and ciphertext and use the resulting "authentication tag" value as the JWE Integrity Value.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Defined KDF output key sizes.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Generalized text to allow key agreement to be employed as an alternative to key wrapping or key encryption.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Changed compression algorithm from gzip to DEFLATE.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that it is an error when a
</span><span lang="EN" style="font-family:"Courier New";color:#003366">kid</span><span lang="EN" style="font-family:"Verdana","sans-serif""> value is included and no matching key is found.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that JWEs with duplicate Header Parameter Names MUST be rejected.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified the relationship between
</span><span lang="EN" style="font-family:"Courier New";color:#003366">typ</span><span lang="EN" style="font-family:"Verdana","sans-serif""> header parameter values and MIME types.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Registered application/jwe MIME type and "JWE" typ header parameter value.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Simplified JWK terminology to get replace the "JWK Key Object" and "JWK Container Object" terms with simply "JSON Web Key (JWK)" and
"JSON Web Key Set (JWK Set)" and to eliminate potential confusion between single keys and sets of keys. As part of this change, the header parameter name for a public key value was changed from
</span><span lang="EN" style="font-family:"Courier New";color:#003366">jpk</span><span lang="EN" style="font-family:"Verdana","sans-serif""> (JSON Public Key) to
</span><span lang="EN" style="font-family:"Courier New";color:#003366">jwk</span><span lang="EN" style="font-family:"Verdana","sans-serif""> (JSON Web Key).
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Added suggestion on defining additional header parameters such as
</span><span lang="EN" style="font-family:"Courier New";color:#003366">x5t#S256</span><span lang="EN" style="font-family:"Verdana","sans-serif""> in the future for certificate thumbprints using hash algorithms other than SHA-1.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Specify RFC 2818 server identity validation, rather than RFC 6125 (paralleling the same decision in the OAuth specs).
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs) unless
in a context specific to HMAC algorithms. <o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l5 level1 lfo4"><span lang="EN" style="font-family:"Verdana","sans-serif"">Reformatted to give each header parameter its own section heading.
<o:p></o:p></span></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02</a>:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Simplified JWK terminology to get replace the "JWK Key Object" and "JWK Container Object" terms with simply "JSON Web Key (JWK)" and
"JSON Web Key Set (JWK Set)" and to eliminate potential confusion between single keys and sets of keys. As part of this change, the top-level member name for a set of keys was changed from
</span><span lang="EN" style="font-family:"Courier New";color:#003366">jwk</span><span lang="EN" style="font-family:"Verdana","sans-serif""> to
</span><span lang="EN" style="font-family:"Courier New";color:#003366">keys</span><span lang="EN" style="font-family:"Verdana","sans-serif"">.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that values with duplicate member names MUST be rejected.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Established JSON Web Key Set Parameters registry.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Explicitly listed non-goals in the introduction.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Moved algorithm-specific definitions from JWK to JWA.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l3 level1 lfo5"><span lang="EN" style="font-family:"Verdana","sans-serif"">Reformatted to give each member definition its own section heading.
<o:p></o:p></span></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02">http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02</a>:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">For AES GCM, use the "additional authenticated data" parameter to provide integrity for the header, encrypted key, and ciphertext and
use the resulting "authentication tag" value as the JWE Integrity Value. <o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Defined minimum required key sizes for algorithms without specified key sizes.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Defined KDF output key sizes.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Specified the use of PKCS #5 padding with AES-CBC.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Generalized text to allow key agreement to be employed as an alternative to key wrapping or key encryption.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified that ECDH-ES is a key agreement algorithm.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Required implementation of AES-128-KW and AES-256-KW.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed the use of
</span><span lang="EN" style="font-family:"Courier New";color:#003366">A128GCM</span><span lang="EN" style="font-family:"Verdana","sans-serif""> and
</span><span lang="EN" style="font-family:"Courier New";color:#003366">A256GCM</span><span lang="EN" style="font-family:"Verdana","sans-serif""> for key wrapping.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Removed
</span><span lang="EN" style="font-family:"Courier New";color:#003366">A512KW</span><span lang="EN" style="font-family:"Verdana","sans-serif""> since it turns out that it's not a standard algorithm.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Clarified the relationship between
</span><span lang="EN" style="font-family:"Courier New";color:#003366">typ</span><span lang="EN" style="font-family:"Verdana","sans-serif""> header parameter values and MIME types.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Generalized language to refer to Message Authentication Codes (MACs) rather than Hash-based Message Authentication Codes (HMACs) unless
in a context specific to HMAC algorithms. <o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Established registries: JSON Web Signature and Encryption Header Parameters, JSON Web Signature and Encryption Algorithms, JSON Web
Signature and Encryption "typ" Values, JSON Web Key Parameters, and JSON Web Key Algorithm Families.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Moved algorithm-specific definitions from JWK to JWA.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo6"><span lang="EN" style="font-family:"Verdana","sans-serif"">Reformatted to give each member definition its own section heading.
<o:p></o:p></span></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>