oauth-wg · yaronf · Aug 31, 2025 · Aug 31, 2025
diff --git a/draft-ietf-oauth-rfc8725bis.md b/draft-ietf-oauth-rfc8725bis.md
@@ -783,6 +783,20 @@ for their reviews.
 
 --- back
 
+# Changes from RFC 8725 {#changes-from-rfc8725}
+
+This document obsoletes RFC 8725 and provides several significant improvements and additions:
+
+1. Encryption-Signature Confusion: Added mitigation for attacks where verifiers don't distinguish between successful decryption and successful signature validation.
+
+2. PBES2 Count Limits: Added requirements to reject unreasonably large `p2c` (PBES2 Count) values to prevent DoS attacks.
+
+3. Algorithm Verification: Added defensive checking to address incorrect reading of `alg` values as being case-insensitive.
+
+4. Compression DoS: Added mitigation for DoS attacks resulting from abuse of compression in JWE.
+
+5. JWT Format Confusion: Added mitigation for JWT serialization format confusion attacks.
+
 # Document History
 
 [[Note to RFC Editor: please remove before publication.]]