[Openid-specs-fapi] Question regarding JWS alg in FAPI part 2, read and write security profile
Philippe Leothaud
philippe.leothaud at 42crunch.com
Thu Jul 20 07:05:41 UTC 2017
Hi Sascha,
I guess this is due to potential problems with RSASSA-PKCS1-v1_5, see
https://tools.ietf.org/html/rfc7518#section-8.3
Thanks,
Philippe
On Thu, Jul 20, 2017 at 8:20 AM, Preibisch, Sascha H via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> Hi all!
>
> I just read through the spec. and in section 8.6
> (http://openid.net/specs/openid-financial-api-part-2.
> html#jws-algorithm-con
> siderations) we recommend to use PS256 or ES256 as signing algorithms.
>
> Here
> "https://tools.ietf.org/html/draft-ietf-jose-json-web-
> algorithms-14#section
> -3.1" PS256 is marked as OPTIONAL.
>
> I would like to understand why we recommend PS256 rather than RS256, which
> is RECOMMENDED and widely used.
>
> I saw that issue #92 spoke about this topic but I did not really
> understood it I believe.
>
>
> Thanks,
> Sascha
>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170720/be6ce997/attachment.html>
More information about the Openid-specs-fapi
mailing list