Open kdenhartog opened 4 years ago
TelegramSam
commented
4 years ago I think I understand your goal, but this application is inconsistent. If we are to indicate it is a JWS when signed, then it should be a JWE when encrypted. Whatever we do here should be consistent across the various packaging forms of a JWM.
kdenhartog
commented
4 years ago The CTY should be pointing the format of the inner payload was the general principle I was after. That way, when processing the outside format, I can strongly type the inner format before returning the payload.
dhh1128
commented
3 years ago This spec is the wrong place to require behavior. Because a JWM is intended to be specialized with different profiles, we explicitly (and correctly) say in the JWM spec that most of the fields are optional, and it's up to specific profiles to get more prescriptive.
I think at the level of the JWM spec, we should be saying something like, "use of the cty header is strongly recommended, with a value that identifies the content as a JWM. What that value might be could depend on how a profile specializes the JWM, but if which profile of JWM is unimportant, the generic value "JWM" is strongly preferred."
Then, at the level of the DIDComm profile of JWM, we should be requiring cty with a specific value -- but the value should be one that identifies DIDComm (and therefore JWM by implication), rather than generic "JWM."
tplooker
commented
3 years ago +1 I agree with @dhh1128
The text currently states:
I'd propose we change it to be:
In the normal case in which nested signing or encryption operations are not employed, the use of this Header Parameter SHOULD be "JWM". In the case that nested signing or encryption is employed, this Header Parameter MUST be present; in this case, the value MUST be "JWS" to indicate the payload follows a standard JWS structure. The internal JWS header SHOULD also indicate "JWM".
Open aspects of consideration around this: