Unclear how to handle empty messages

paseto-standard / paseto-spec

Specification for Platform Agnostic SEcurity TOkens (PASETO)

165 stars 9 forks source link

Unclear how to handle empty messages #17

Closed brycx closed 2 years ago

brycx commented 2 years ago

Before the new test-vectors repository was created (which is very nice to have btw), I think I remember some tests in the reference PHP implementation, that dealt with tokens that were created where message m was empty.

I haven't been able to find a related test-vector or a clarification in the spec on whether m can be empty or not. What is expected here? If it can be empty, perhaps this is worthwhile as a test for the test-vectors collection.

paragonie-security commented 2 years ago

That's a good point.

paragonie-security commented 2 years ago

This is resolved by #17; empty payloads are spelled out as invalid.