[Openid-specs-ab] Issue #1681: [Federation] FAPI prohibits RS256 (openid/connect)
Takahiko Kawasaki
issues-reply at bitbucket.org
Mon Oct 17 17:08:22 UTC 2022
New issue 1681: [Federation] FAPI prohibits RS256
https://bitbucket.org/openid/connect/issues/1681/federation-fapi-prohibits-rs256
Takahiko Kawasaki:
The OIDC Federation specification requires that entities support RS256 as a signing algorithm for entity statements. However, [Section 8.6. Algorithm considerations](https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#algorithm-considerations) of [FAPI 1 Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0-final.html) prohibits the algorithm for security reasons. It is better to modify descriptions about RS256 in the OIDC Federation specification so that the specification can be used with FAPI without conflicts.
History: [Section 3.1](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1) of [RFC 7518](https://www.rfc-editor.org/rfc/rfc7518.html) \(JWA\) \(published in 2015\) recommends RS256 and some descriptions of client metadata in [OIDC Dynamic Client Registartion 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) \(published in 2014\) refer to RS256 as the default algorithm or should-support algorithm. However, the algorithm lacks [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), so the algorithm is not recommended these days. TLS 1.3 has removed algorithms that lack forward secrecy.
More information about the Openid-specs-ab
mailing list