What is the mime type to use for JSON Web Encryption

Question

Looking at RFC 7515 and RFC 7516, I was trying to understand what the proper mime type for the JWE should be. It looks like JWE and JWS share the JOSE header information, and JWS defines its mime type as application/jose. JWE has no explicit media type information. But since the name is "jose" and both use JOSE header, I assume both should use the same mime type (also because JOSE stands for ... Signing and Encryption).

In this case, how do I differentiate between signed and/or encrypted messages? By value of the alg property? Or by presence/value of enc property?

To summarize:

1. Is "application/jose" a mime type to use for JWE? If not, then what should it be?
2. If yes, how to reliably tell between JWE and JWS messages?

Answer 1

If I only paid more attention to the original RFC, I would have noticed that there is a section for this particular purpose (section 9).

In short, the code should examine presence of payload, ciphertext or enc properties, or by checking the value of alg. Alternatively, count period separators if compact serialization is used.

This also implies that the mime type for both is the same.