Should decryption and verification operations mandate that footer matches an expected value?

[seh]

In the Paseto documentation, there are two conflicting stances on how one should use the token's footer:

• The PHP implementation mandates that decryption and verification operations match an expected footer against the token's actual footer.
• The documentation suggests that the footer can be used to specify facts to the receiver, such as a key ID (here and here).

In the former case, the receiver knows and will tolerate only one footer. In the latter case, the receiver only knows the schema of the footer, but can't know its value; rather, the receiver needs to read the value to know how to proceed.

This library doesn't take either approach to heart: neither the decryption nor verification functions accept an expected footer value to match, nor is there a means to extract a footer first to guide the rest of the decryption or verification process.

What is the author's take on the role of the token footer?

[o1egl]

There is ParseFooter function which extracts footer from the token.

[seh]

Ah, I had missed that function. Thank you for pointing it out.

With that in hand, it's possible that one could mandate that the header be present and match an expected value before proceeding with further decoding and verification.

I'm happy to close this issue, but I remain curious to hear your interpretation of the intended use of the footer.