<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";
color:#003366;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:202181977;
mso-list-template-ids:2019352142;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:233202512;
mso-list-template-ids:-2014821794;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1225291468;
mso-list-template-ids:-1916765348;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1273443125;
mso-list-template-ids:1823772006;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:1400708831;
mso-list-template-ids:627752512;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5
{mso-list-id:1458528259;
mso-list-template-ids:1412046842;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6
{mso-list-id:1870993508;
mso-list-template-ids:-1303072164;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">The attached preliminary JOSE and JWT spec versions contain all the normative changes agreed to at the last IETF meeting and in the subsequent polls. I wanted to give people a chance to look at these changes and discuss them before I submit
IETF drafts.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>Please plan on discussing any feedback you’d like to give me during the Artifact Binding spec call about 15 1/2 hours from now</b> (4pm US Pacific Time). While there are still a few editorial cleanups I plan to make, I believe these
spec versions are otherwise ready to go.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Changelog entries (which I believe list all normative changes) follow.<o:p></o:p></p>
<p class="MsoNormal">JWS:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l1 level1 lfo1">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">x5c</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (X.509 Certificate Chain) representation from being a single string to
being an array of strings, each containing a single base64 encoded DER certificate value, representing elements of the certificate chain.
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWE:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Removed the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">int</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">kdf</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> parameters and defined the new composite AEAD algorithms
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">A128CBC+HS256</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">A256CBC+HS512</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> to replace the former uses of AES CBC, which required the use
of separate integrity and key derivation functions. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Included additional values in the Concat KDF calculation -- the desired output size and the algorithm value, and optionally PartyUInfo and
PartyVInfo values. Added the optional header parameters </span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">apu</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (agreement PartyUInfo),
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">apv</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (agreement PartyVInfo),
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">epu</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (encryption PartyUInfo), and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">epv</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (encryption PartyVInfo). Updated the KDF examples accordingly.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Promoted Initialization Vector from being a header parameter to being a top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the Initialization Vector out of the header also avoids repeating this shared value in the JSON serialization.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">x5c</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (X.509 Certificate Chain) representation from being a single string to
being an array of strings, each containing a single base64 encoded DER certificate value, representing elements of the certificate chain.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Added an AES Key Wrap example.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Reordered the encryption steps so CMK creation is first, when required.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Correct statements in examples about which algorithms produce reproducible results.
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWK:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l2 level1 lfo3">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed the name of the JWK RSA exponent parameter from
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> to
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">xpo</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> so as to allow the potential use of the name
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> for a future extension that might define an expiration parameter for keys.
(The </span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> name is already used for this purpose in the JWT specification.)
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l2 level1 lfo3">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Clarify that the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">alg</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (algorithm family) member is REQUIRED.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l2 level1 lfo3">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Correct an instance of "JWK" that should have been "JWK Set".
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWA:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l6 level1 lfo4">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Removed the
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">int</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">kdf</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> parameters and defined the new composite AEAD algorithms
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">A128CBC+HS256</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">A256CBC+HS512</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> to replace the former uses of AES CBC, which required the use
of separate integrity and key derivation functions. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l6 level1 lfo4">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Included additional values in the Concat KDF calculation -- the desired output size and the algorithm value, and optionally PartyUInfo and
PartyVInfo values. Added the optional header parameters </span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">apu</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (agreement PartyUInfo),
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">apv</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (agreement PartyVInfo),
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">epu</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (encryption PartyUInfo), and
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">epv</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> (encryption PartyVInfo).
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l6 level1 lfo4">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed the name of the JWK RSA exponent parameter from
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> to
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">xpo</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> so as to allow the potential use of the name
</span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> for a future extension that might define an expiration parameter for keys.
(The </span><span lang="EN" style="font-size:12.0pt;font-family:"Courier New";color:#003366">exp</span><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black"> name is already used for this purpose in the JWT specification.)
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWT:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l3 level1 lfo5">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Promoted Initialization Vector from being a header parameter to being a top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the Initialization Vector out of the header also avoids repeating this shared value in the JSON serialization.
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWS-JS:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l0 level1 lfo6">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed to use an array of structures for per-recipient values, rather than a set of parallel arrays.
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">JWE-JS:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l4 level1 lfo7">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Changed to use an array of structures for per-recipient values, rather than a set of parallel arrays.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:48.0pt;mso-margin-bottom-alt:auto;margin-left:84.0pt;text-indent:-.25in;mso-list:l4 level1 lfo7">
<![if !supportLists]><span lang="EN" style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN" style="font-size:12.0pt;font-family:"Verdana","sans-serif";color:black">Promoted Initialization Vector from being a header parameter to being a top-level JWE element. This saves approximately 16 bytes in the compact
serialization, which is a significant savings for some use cases. Promoting the Initialization Vector out of the header also avoids repeating this shared value in the JSON serialization.
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Thanks all,<o:p></o:p></p>
<p class="MsoNormal"> -- Mike<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>