[Openid-specs-ab] Issue #1732: Forbid MAC algorithms and `none` (openid/connect)
Richard Barnes
issues-reply at bitbucket.org
Fri Nov 18 22:23:15 UTC 2022
New issue 1732: Forbid MAC algorithms and `none`
https://bitbucket.org/openid/connect/issues/1732/forbid-mac-algorithms-and-none
Richard Barnes:
Right now Section 11.2.1 allows any algorithms in the JWA or LDP Cryptographic Suite registries to be used in the proof of possession provided by the client in a credential request. These registries include MAC algorithms as well as the infamous `none` algorithm. Neither of these types of algorithm are suitable for authenticating the Holder of a credential. This section should require that the algorithms indicated are digital signature algorithms, not MAC algorithms or `none`.
More information about the Openid-specs-ab
mailing list