[Openid-specs-fapi] Issue #92: Put cipher suite recommendations in the security considerations (openid/fapi)

Nat Sakimura issues-reply at bitbucket.org
Sat May 6 18:59:03 UTC 2017


New issue 92: Put cipher suite recommendations in the security considerations
https://bitbucket.org/openid/fapi/issues/92/put-cipher-suite-recommendations-in-the

Nat Sakimura:

For TLS versions and cipher suites to be used, BCP195 should be consulted. We IETFers tend to assume it, but it is a good idea to explicitly write it in the security consideration.
 
Also, pointing to the additional TLS requirements that are in 16.17. TLS Requirements of OIDC would be good. 
 
For JWS, for now, PS256 or ES256 should be sufficient. It should avoid
RS256 as it is a backward compatible mode and alg=none is banned.
Perhaps we should add this to the security considerations as well.




More information about the Openid-specs-fapi mailing list