Open OR13 opened 7 months ago
The payload seems to be JSON only, but I might recommend to lock this down a bit further.
The nonce MUST be a JWT (JWE) or CWT (COSE Encrypt).
Implementations MUST support ECDH-ES+A256KW and MAY support any encryption algorithms that are not marked prohibited in:
ECDH-ES+A256KW
When CWT is used the nonce MUST be base64url encoded.
LGTM @OR13
peppelinux
commented
7 months ago peppelinux
commented
7 months ago
The payload seems to be JSON only, but I might recommend to lock this down a bit further.
The nonce MUST be a JWT (JWE) or CWT (COSE Encrypt).
Implementations MUST support
ECDH-ES+A256KWand MAY support any encryption algorithms that are not marked prohibited in:When CWT is used the nonce MUST be base64url encoded.