[Openid-specs-ab] Issue #152: min RSA key size checks? (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Tue May 19 20:14:08 UTC 2015

New issue 152: min RSA key size checks?

Brian Campbell:

I'm thinking the certification tests should check that any RSA keys published at the JWKS endpoint meet the JWA required minimum size of 2048 bits. 

Well, strictly speaking there's nothing prohibiting smaller keys in the JWKS but all RSA algorithms in JWA say, "a key of size 2048 bits or larger MUST be used with these algorithms" so one can't, per spec, do anything in JOSE with a smaller key. So perhaps such a check would be more appropriate when doing whatever RSA based JWS/JWE operation. 


I'm raising this issue because the certification test are aimed at improving general interoperability.  And I was recently made aware of an interoperability issue with Google ([an OpenID Certified implementation](http://oixnet.org/openid-certifications/)) and someone using my [open source JOSE/JWT library](https://bitbucket.org/b_c/jose4j/wiki/Home).  

Google's using 1024 bit RSA keys while my library naively follows [the MUST from JWA](https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3.3) while checking the ID token signature and will reject the token. 

I suspect Google would say that their use of 1024 bit RSA keys is okay due to the frequency at which they are rotated. And I'm sympathetic to that. But a MUST is a MUST and not adhering to a MUST can cause interoperability problems for others whom expect the MUST to be followed. 

More information about the Openid-specs-ab mailing list