Skip to content

Add note about implementations that removed support for "zip" #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
selfissued wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add note about implementations that removed support for "zip" #33

selfissued wants to merge 1 commit into from

Conversation

@selfissued
Copy link
Collaborator

@selfissued selfissued commented Dec 20, 2025

Fixes #31

yaronf
yaronf requested changes Dec 21, 2025
View reviewed changes
Copy link
Collaborator

@yaronf yaronf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree with the premise here: the BCP formally Updates 7519 (and would Update 7516 if we asked for it), and so I don't think we are committed to retain every last feature if we believe it raises security issues.

We are pointing out a security problem with systems and libraries, and I don't think the position "SHOULD NOT compress but still MUST support zip" is consistent.

@selfissued
Copy link
Collaborator Author

selfissued commented Dec 21, 2025
edited
Loading

Actually, the BCP doesn't update JWE [RFC 7516]. It's not within our remit to make breaking changes to a spec in another working group. That would need to be done by new spec work in the JOSE working group, with consensus of that working group. It is within our scope to recommend that problematic features not be used.

@dickhardt
Copy link
Collaborator

dickhardt commented Jan 7, 2026

Checking in on where we are at on this. The updates look good to me. @bc-pi now is the time to make any additional suggestions!

@selfissued selfissued mentioned this pull request Jan 7, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yaronf yaronf yaronf requested changes

@dickhardt dickhardt dickhardt approved these changes

@bc-pi bc-pi Awaiting requested review from bc-pi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Brian's WGLC comment - compression

4 participants

@selfissued @dickhardt @yaronf