[Openid-specs-fapi] Issue #209: Ciphers (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Thu Jan 10 11:56:19 UTC 2019

New issue 209: Ciphers

Dave Tonge:

There is a relevant discussion here: https://github.com/ConsumerDataStandardsAustralia/infosec/issues/1

I suggest that we make the guidance clearer in FAPI around length of keys, eg. from BCP195:

> With a key exchange based on modular exponential (MODP) Diffie-
Hellman groups ("DHE" cipher suites), DH key lengths of at least 2048

This has been misunderstood by a few people

More information about the Openid-specs-fapi mailing list